Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lost services Trojan and Virus found


  • Please log in to reply

#1
OneBadDonzi

OneBadDonzi

    New Member

  • Member
  • Pip
  • 5 posts
Hello! I did all of the preliminary requirements beforehand. My computer has been running extremely slow lately and the scans found a virus. Please check out the logs. Thanks so much!!


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4617

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/14/2010 7:47:24 PM
mbam-log-2010-09-14 (19-47-24).txt

Scan type: Quick scan
Objects scanned: 161941
Time elapsed: 18 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER log:



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-14 22:52:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\NewUser\LOCALS~1\Temp\kweiikoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB3D081DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xB3D087AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xB3D0A1EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xB3D09B9C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xB3D07950]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB3D0BB7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xB3D085AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xB3D07D92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xB3D07F92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xB3D09EAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xB3D0C084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xB3D080A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xB3D08110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xB3D09D5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xB3D0B620]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xB3D099F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xB3D07AB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xB3D083B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xB3D0BBA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xB3D082FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xB3D08178]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xB3D07E7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xB3D07C5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xB3D0B888]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xB3D075D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xB3D0AA74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xB3D07734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xB3D0BF56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xB3D073D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xB3D0A08C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xB3D086AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xB3D0B71A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xB3D0BBD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xB3D07B08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xB3D0BCB4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xB3D0BDE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xB3D0B54C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xB3D0847E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xB3D084F0]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9FA0 5 Bytes JMP B3D1F626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE87E 5 Bytes JMP B3D1F9E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2400 80501C38 4 Bytes JMP 48B3D0A1
.text ntkrnlpa.exe!ZwCallbackReturn + 2778 80501FB0 12 Bytes [B4, BC, D0, B3, E0, BD, D0, ...]
? PxHelp20.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[260] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[260] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2472] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2472] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!socket 71AB4211 5 Bytes JMP 46CB354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!send 71AB4C27 5 Bytes JMP 46CB3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!recv 71AB676F 5 Bytes JMP 46CB4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [828] 0x01260000
Library C:\Program (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [3440] 0x02800000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d3aa3402b
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000d3aa3402b (not active ControlSet)

---- EOF - GMER 1.0.15 ----


OTL logs:


OTL logfile created on: 9/14/2010 10:54:25 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\NewUser\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 75.95 Gb Free Space | 81.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LATD610-094BF97
Current User Name: NewUser
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/14 22:52:28 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NewUser\Desktop\OTL.exe
PRC - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/02/28 16:09:04 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/12 11:02:08 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/24 07:17:26 | 000,748,840 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:26:32 | 000,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/02/27 07:22:10 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:40:52 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/05/04 11:16:18 | 002,629,632 | ---- | M] (http://www.pbus-167.com) -- C:\Program Files\Notebook Hardware Control\nhc.exe
PRC - [2006/06/27 10:30:30 | 000,339,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 16:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2004/04/01 18:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\BAsfIpM.exe


========== Modules (SafeList) ==========

MOD - [2010/09/14 22:52:28 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NewUser\Desktop\OTL.exe
MOD - [2008/11/11 21:00:02 | 000,011,016 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
MOD - [2008/11/11 20:59:38 | 000,083,208 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/02/19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/21 05:05:26 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/02/27 07:26:32 | 000,348,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/03/28 19:42:42 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2004/04/01 18:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\system32\BAsfIpM.exe -- (BAsfIpM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\MOZILL~1\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | Disabled | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2010/09/14 20:21:51 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nhcDriver.sys -- (nhcDriverDevice)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/24 06:03:08 | 000,007,808 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/05 08:10:25 | 000,226,832 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/02/05 08:10:25 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/21 18:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/04/30 18:06:48 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008/03/13 19:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2008/01/07 14:36:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/06 22:02:18 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2003/04/24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BASFND.sys -- (BASFND)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co...en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/22 10:00:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/28 16:09:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/23 13:41:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2008/12/24 22:24:24 | 000,000,000 | ---D | M]

[2008/10/23 15:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NewUser\Application Data\Mozilla\Extensions
[2010/09/14 21:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NewUser\Application Data\Mozilla\Firefox\Profiles\73kzby9a.default\extensions
[2009/07/29 10:49:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\NewUser\Application Data\Mozilla\Firefox\Profiles\73kzby9a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/09 15:28:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\NewUser\Application Data\Mozilla\Firefox\Profiles\73kzby9a.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/09/14 21:13:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/21 10:14:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/23 13:43:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/09/05 14:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NotebookHardwareControl] C:\Program Files\Notebook Hardware Control\nhc.exe (http://www.pbus-167.com)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - Startup: C:\Documents and Settings\NewUser\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\NewUser\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinn...rabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinn...ems/zengems.cab (ZenGems Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://files.member....s/sbc/yinst.cab (YInstStarter Class)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab (Bejeweled Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1192801397765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1198518196609 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinn...jo/wordmojo.cab (WordMojo Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinn...cubis/cubis.cab (Cubis Control)
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinn...v46/sol/sol.cab (Sol Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinn...luxor/luxor.cab (WwLuxor Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Hangman Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinn...es/wwspades.cab (WWSpades Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\NewUser\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NewUser\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/19 04:45:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a92b4117-9415-11df-8168-00166f51ac25}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{a92b4117-9415-11df-8168-00166f51ac25}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (60812205720862720)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/14 22:52:28 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NewUser\Desktop\OTL.exe
[2010/09/14 21:17:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/14 21:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/14 19:55:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NewUser\Desktop\TFC.exe
[2010/09/14 19:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NewUser\Application Data\Malwarebytes
[2010/09/14 15:47:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/14 15:47:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/14 15:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/14 15:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/17 12:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NewUser\Desktop\7616 Red Oak pics
[2010/07/24 23:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010/07/24 23:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/07/21 10:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/07/21 10:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/07/21 10:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer

========== Files - Modified Within 90 Days ==========

[2010/09/14 22:52:28 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NewUser\Desktop\OTL.exe
[2010/09/14 21:17:43 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\NewUser\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/14 21:17:38 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\NewUser\Desktop\NTREGOPT.lnk
[2010/09/14 21:17:38 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\NewUser\Desktop\ERUNT.lnk
[2010/09/14 20:53:39 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\NewUser\Desktop\Revo Uninstaller.lnk
[2010/09/14 20:24:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/14 20:21:51 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) -- C:\WINDOWS\System32\drivers\nhcDriver.sys
[2010/09/14 20:21:02 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/09/14 20:20:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/14 20:20:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/14 20:18:47 | 002,709,536 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/09/14 20:18:47 | 000,712,736 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/09/14 20:18:47 | 000,022,248 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/09/14 20:18:47 | 000,003,516 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/09/14 20:18:36 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\NewUser\NTUSER.DAT
[2010/09/14 20:18:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\NewUser\ntuser.ini
[2010/09/14 19:55:48 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\NewUser\Desktop\gmer.zip
[2010/09/14 19:55:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NewUser\Desktop\TFC.exe
[2010/09/14 19:16:23 | 000,116,579 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2010/09/14 19:15:49 | 000,000,787 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/14 19:08:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/14 19:08:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/09/14 15:47:06 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/14 15:36:28 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/14 15:04:14 | 000,001,083 | ---- | M] () -- C:\WINDOWS\System32\%LocalXml%
[2010/09/12 22:19:09 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/12 22:19:09 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/09/11 12:19:31 | 000,012,601 | ---- | M] () -- C:\Documents and Settings\NewUser\My Documents\File worksheet.docx
[2010/09/11 11:00:43 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\NewUser\Desktop\Microsoft Office Word 2007.lnk
[2010/09/10 17:24:45 | 000,012,616 | ---- | M] () -- C:\Documents and Settings\NewUser\My Documents\REPAIR LIST FOR 741 SPRING VALLEY HURST TX 76054.docx
[2010/09/10 17:23:56 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/09/07 12:49:49 | 000,157,696 | ---- | M] () -- C:\Documents and Settings\NewUser\My Documents\7616 red oak flyer.pub
[2010/09/06 10:00:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/04 17:22:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/23 13:41:06 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/11 10:34:52 | 001,626,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 10:13:53 | 000,505,746 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 10:13:53 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 10:13:53 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/24 23:06:36 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\NewUser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/24 23:06:22 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2010/07/24 23:05:20 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/07/20 10:41:54 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2010/09/14 21:19:03 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\NewUser\Desktop\gmer.exe
[2010/09/14 21:17:43 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\NewUser\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/14 21:17:38 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\NewUser\Desktop\NTREGOPT.lnk
[2010/09/14 21:17:38 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\NewUser\Desktop\ERUNT.lnk
[2010/09/14 19:55:45 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\NewUser\Desktop\gmer.zip
[2010/09/14 19:08:12 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\NewUser\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/09/14 15:47:06 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/14 15:04:14 | 000,001,083 | ---- | C] () -- C:\WINDOWS\System32\%LocalXml%
[2010/09/10 17:24:44 | 000,012,616 | ---- | C] () -- C:\Documents and Settings\NewUser\My Documents\REPAIR LIST FOR 741 SPRING VALLEY HURST TX 76054.docx
[2010/09/09 12:35:16 | 000,012,601 | ---- | C] () -- C:\Documents and Settings\NewUser\My Documents\File worksheet.docx
[2010/08/17 18:55:54 | 000,157,696 | ---- | C] () -- C:\Documents and Settings\NewUser\My Documents\7616 red oak flyer.pub
[2010/07/24 23:06:36 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\NewUser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/24 23:06:22 | 000,001,015 | R--- | C] () -- C:\logFile.xsl
[2010/07/24 23:05:20 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/15 14:31:43 | 000,000,695 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/10/17 10:33:07 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\NewUser\Local Settings\Application Data\fusioncache.dat
[2008/10/17 10:19:10 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/10/17 10:18:45 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/10/17 10:13:19 | 000,004,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/07/22 15:07:31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2008/07/22 15:07:28 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\ZFExt.dll
[2008/07/21 12:10:34 | 000,036,608 | ---- | C] () -- C:\Documents and Settings\NewUser\Application Data\Comma Separated Values (Windows).ADR
[2008/03/29 10:24:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/03/29 00:19:36 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/03/29 00:19:36 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/03/29 00:19:09 | 000,000,227 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/03/29 00:19:09 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/03/29 00:18:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/03/29 00:16:43 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/11/12 23:05:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/28 09:12:39 | 000,000,050 | ---- | C] () -- C:\WINDOWS\winzipme.ini
[2007/10/26 18:13:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/10/19 08:07:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/08/29 19:57:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\addurl41.DLL
[2001/07/10 14:43:16 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\winwatch.DLL
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/12/08 19:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T U-verse Media Share Wizard
[2010/07/24 23:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/02/21 19:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2008/03/29 00:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/10/28 11:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/03/13 19:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/10/05 10:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/30 10:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/03/09 16:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NewUser\Application Data\Auslogics
[2009/04/01 19:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NewUser\Application Data\TeamViewer
[2007/10/28 11:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NewUser\Application Data\TuneUp Software
[2010/09/10 17:23:56 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010/09/14 20:21:02 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/10/19 04:45:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/14 19:08:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2007/10/19 04:45:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/07/18 00:29:03 | 000,032,224 | ---- | M] () -- C:\drwtsn32.log
[2009/04/27 11:18:11 | 002,551,020 | ---- | M] () -- C:\DTLog.txt
[2010/07/24 23:41:58 | 000,000,000 | ---- | M] () -- C:\foo.txt
[2008/07/22 15:12:36 | 000,000,213 | ---- | M] () -- C:\INSTALL.LOG
[2007/10/19 04:45:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/24 23:06:22 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2008/08/20 18:32:39 | 000,008,872 | ---- | M] () -- C:\MP4debug.log
[2007/10/19 04:45:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/10 22:17:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/14 20:20:43 | 2147,483,648 | -HS- | M] () -- C:\pagefile.sys
[2010/09/14 20:54:21 | 000,000,836 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/10/18 22:59:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/10/18 22:59:49 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/10/18 22:59:48 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-11 15:17:37
< End of report >




Extras Log:

OTL Extras logfile created on: 9/14/2010 10:54:25 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\NewUser\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 75.95 Gb Free Space | 81.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LATD610-094BF97
Current User Name: NewUser
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"D:\setup\HPZnet01.exe" = D:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found
"D:\setup\hponicifs01.exe" = D:\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}" = c5100_Help
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 21
"{26D3E377-1DCA-4043-9410-B4A9BACF1033}" = Nero 7 Essentials
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"{66468F4D-BC4E-470C-9093-B3B6A1BB378C}" = MSN Toolbar Platform
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3B9BC18-2A09-4728-9B46-12E85FF3F628}" = C5100
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C05AE5C3-39B0-489C-BCD5-09D21D65CE11}" = AT&T U-verse Media Share Wizard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel® PROSet/Wireless WiFi Software
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Branding" =
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Connection Manager" =
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield Uninstall Information" =
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"Nero - Burning Rom!UninstallKey" =
"NeroBackItUp!UninstallKey" =
"NeroMediaHome!UninstallKey" =
"NeroRecode!UninstallKey" =
"NeroShowTime!UninstallKey" =
"NeroVision!UninstallKey" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
"PCHealth" =
"ProInst" = Intel PROSet Wireless
"Revo Uninstaller" = Revo Uninstaller 1.89
"Secunia PSI" = Secunia PSI
"SystemRequirementsLab" = System Requirements Lab
"Wdf01000" =
"Wdf01001" =
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WinAVI iPod" =
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" =
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YInstHelper" = Yahoo! Install Manager
"ZipForm Desktop" = ZipForm Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/12/2010 10:55:28 PM | Computer Name = LATD610-094BF97 | Source = Application Hang | ID = 1002
Description = Hanging application KIS2010.exe, version 8.0.0.506, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/14/2010 8:19:34 PM | Computer Name = LATD610-094BF97 | Source = MsiInstaller | ID = 11706
Description = Product: DocumentViewer -- Error 1706. An installation package for
the product DocumentViewer cannot be found. Try the installation again using a
valid copy of the installation package 'DocumentViewer.msi'.

Error - 9/14/2010 9:07:42 PM | Computer Name = LATD610-094BF97 | Source = Application Hang | ID = 1002
Description = Hanging application hpqste08.exe, version 70.0.170.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/14/2010 9:08:22 PM | Computer Name = LATD610-094BF97 | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706. An installation package for the
product PhotoGallery cannot be found. Try the installation again using a valid
copy of the installation package 'PhotoGallery.msi'.

Error - 9/14/2010 9:52:58 PM | Computer Name = LATD610-094BF97 | Source = MsiInstaller | ID = 11706
Description = Product: DocumentViewer -- Error 1706. An installation package for
the product DocumentViewer cannot be found. Try the installation again using a
valid copy of the installation package 'DocumentViewer.msi'.

Error - 9/14/2010 9:53:11 PM | Computer Name = LATD610-094BF97 | Source = MsiInstaller | ID = 11706
Description = Product: DocumentViewer -- Error 1706. An installation package for
the product DocumentViewer cannot be found. Try the installation again using a
valid copy of the installation package 'DocumentViewer.msi'.

Error - 9/14/2010 10:02:26 PM | Computer Name = LATD610-094BF97 | Source = MsiInstaller | ID = 11905
Description = Product: HPProductAssistant -- Error 1905. Module C:\Program Files\Hewlett-Packard\eSupportDiags\InternetUtil.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 9/14/2010 10:02:26 PM | Computer Name = LATD610-094BF97 | Source = MsiInstaller | ID = 11905
Description = Product: HPProductAssistant -- Error 1905. Module C:\Program Files\Hewlett-Packard\eSupportDiags\HPeSupport.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 9/14/2010 10:02:26 PM | Computer Name = LATD610-094BF97 | Source = MsiInstaller | ID = 11905
Description = Product: HPProductAssistant -- Error 1905. Module C:\Program Files\Hewlett-Packard\eSupportDiags\RulesEngine.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 9/14/2010 10:02:26 PM | Computer Name = LATD610-094BF97 | Source = MsiInstaller | ID = 11905
Description = Product: HPProductAssistant -- Error 1905. Module C:\Program Files\Hewlett-Packard\eSupportDiags\HPeDiag.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.

[ System Events ]
Error - 9/14/2010 9:18:25 PM | Computer Name = LATD610-094BF97 | Source = Service Control Manager | ID = 7034
Description = The FlipShare Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/14/2010 9:18:25 PM | Computer Name = LATD610-094BF97 | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/14/2010 9:18:25 PM | Computer Name = LATD610-094BF97 | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 9/14/2010 9:18:25 PM | Computer Name = LATD610-094BF97 | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless SSO Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/14/2010 9:18:25 PM | Computer Name = LATD610-094BF97 | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 9/14/2010 9:18:25 PM | Computer Name = LATD610-094BF97 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 9/14/2010 9:18:25 PM | Computer Name = LATD610-094BF97 | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.

Error - 9/14/2010 9:21:19 PM | Computer Name = LATD610-094BF97 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 9/14/2010 9:21:19 PM | Computer Name = LATD610-094BF97 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 9/14/2010 9:21:19 PM | Computer Name = LATD610-094BF97 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it. Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. What do you see in the top 5 and what percentage does each use. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Double click on TDSSKiller.exe
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
OneBadDonzi

OneBadDonzi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the ComboFix Log:

ComboFix 10-09-21.01 - NewUser 09/22/2010 0:40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1394 [GMT -5:00]
Running from: c:\documents and settings\NewUser\Desktop\george.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\fad.sys

.
((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))
.

2010-09-15 02:17 . 2010-09-15 02:17 -------- d-----w- c:\program files\ERUNT
2010-09-15 00:04 . 2010-09-15 00:04 -------- d-----w- c:\documents and settings\NewUser\Application Data\Malwarebytes
2010-09-14 20:47 . 2010-09-14 20:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-14 20:47 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-14 20:47 . 2010-09-14 20:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 20:47 . 2010-09-14 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-14 20:47 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
1601-01-01 00:00 . 1601-01-01 00:00 -------- d-----w- c:\windows\LastGood.Tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 05:48 . 2008-12-25 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-09-22 05:47 . 2007-10-31 06:03 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-09-22 05:45 . 2008-12-25 03:23 729120 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-09-22 05:45 . 2008-12-25 03:23 3572 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-09-22 05:45 . 2008-12-25 03:23 2709536 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-09-22 05:45 . 2008-12-25 03:23 22248 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-09-15 06:08 . 2007-10-26 20:28 631360 ----a-w- c:\documents and settings\NewUser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-15 02:02 . 2008-10-17 15:20 -------- d-----w- c:\program files\Hewlett-Packard
2010-09-15 01:56 . 2008-10-17 15:23 -------- d-----w- c:\program files\Common Files\HP
2010-09-15 01:55 . 2008-10-17 15:15 -------- d-----w- c:\program files\HP
2010-09-15 00:16 . 2008-10-17 15:13 116579 ----a-w- c:\windows\hpoins11.dat
2010-09-13 03:19 . 2008-12-25 03:24 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-09-13 03:19 . 2008-12-25 03:24 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-09-13 02:58 . 2007-10-26 20:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-13 02:57 . 2008-12-14 23:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-13 02:55 . 2008-12-25 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-08-23 18:43 . 2007-10-28 13:40 -------- d-----w- c:\program files\Common Files\Java
2010-08-23 18:42 . 2009-10-05 15:24 -------- d-----w- c:\program files\Java
2010-08-11 15:15 . 2007-10-29 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-10 13:46 . 2010-08-10 13:46 503808 ----a-w- c:\documents and settings\NewUser\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42108ea9-n\msvcp71.dll
2010-08-10 13:46 . 2010-08-10 13:46 499712 ----a-w- c:\documents and settings\NewUser\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42108ea9-n\jmc.dll
2010-08-10 13:46 . 2010-08-10 13:46 348160 ----a-w- c:\documents and settings\NewUser\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42108ea9-n\msvcr71.dll
2010-08-10 13:46 . 2010-08-10 13:46 61440 ----a-w- c:\documents and settings\NewUser\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1557a9f5-n\decora-sse.dll
2010-08-10 13:46 . 2010-08-10 13:46 12800 ----a-w- c:\documents and settings\NewUser\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1557a9f5-n\decora-d3d.dll
2010-07-25 04:05 . 2010-07-25 04:05 -------- d-----w- c:\program files\Flip Video
2010-07-25 04:05 . 2010-07-25 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video
2010-07-21 15:14 . 2010-07-21 15:14 503808 ----a-w- c:\documents and settings\NewUser\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2e361763-n\msvcp71.dll
2010-07-21 15:14 . 2010-07-21 15:14 499712 ----a-w- c:\documents and settings\NewUser\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2e361763-n\jmc.dll
2010-07-21 15:14 . 2010-07-21 15:14 348160 ----a-w- c:\documents and settings\NewUser\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2e361763-n\msvcr71.dll
2010-07-21 15:14 . 2010-07-21 15:14 61440 ----a-w- c:\documents and settings\NewUser\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-34b4aa02-n\decora-sse.dll
2010-07-21 15:14 . 2010-07-21 15:14 12800 ----a-w- c:\documents and settings\NewUser\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-34b4aa02-n\decora-d3d.dll
2010-07-17 10:00 . 2010-07-21 15:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-02-27 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 1202448]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-07 344064]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]

c:\documents and settings\NewUser\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 33808]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [10/19/2007 8:18 AM 88192]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 24592]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [12/10/2008 9:17 AM 7808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 02:51]

2010-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\NewUser\Application Data\Mozilla\Firefox\Profiles\73kzby9a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 00:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xBA0E8000]<< >>UNKNOWN [0xBA0D8000]<< >>UNKNOWN [0xB9F13000]<< >>UNKNOWN [0x806D0000]<< >>UNKNOWN [0xBA5AC000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0xba0ecf28
\Driver\ACPI -> 0xb9f7fcb8
\Driver\atapi -> 0xb9f19852
IoDeviceObjectType -> DeleteProcedure -> 0x80579014
ParseProcedure -> 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> 0x80579014
ParseProcedure -> 0x80577c76
NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> 0xb9e0dbb0
PacketIndicateHandler -> 0xb9dfca0d
SendHandler -> 0xb9e10b40
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1332)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(1380)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\basfipm.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-22 00:55:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-22 05:55

Pre-Run: 81,181,904,896 bytes free
Post-Run: 81,077,530,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6E6ADF27CFD0C8CAE9E28583250A8873


Procexp Log:



Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 96.87 0 K 28 K
wmiprvse.exe 4052 1.56 4,088 K 7,668 K WMI Microsoft Corporation
procexp.exe 2480 1.56 12,792 K 17,596 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
ZCfgSvc.exe 3648 10,632 K 15,808 K Intel® PROSet/Wireless Zero Config Service Intel® Corporation
wmiprvse.exe 3148 1,884 K 5,276 K WMI Microsoft Corporation
wmiprvse.exe 3292 3,768 K 7,348 K WMI Microsoft Corporation
WLKEEPER.exe 480 7,188 K 12,028 K Intel® WLANKeeper SSO Service Intel® Corporation
WLIDSVCM.EXE 3568 596 K 2,016 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation
WLIDSVC.EXE 2800 4,628 K 8,260 K Microsoft® Windows Live ID Service Microsoft Corporation
winlogon.exe 1332 7,572 K 5,784 K Windows NT Logon Application Microsoft Corporation
unsecapp.exe 564 2,244 K 4,076 K WMI Microsoft Corporation
unsecapp.exe 3928 2,208 K 3,816 K WMI Microsoft Corporation
System 4 0 K 244 K
svchost.exe 1876 20,916 K 30,860 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1568 3,068 K 4,968 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1680 1,992 K 4,704 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 344 1,388 K 3,676 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 644 1,112 K 3,020 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1136 1,332 K 3,816 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1296 2,164 K 3,352 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1768 5,768 K 6,320 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1456 4,780 K 8,064 K Spooler SubSystem App Microsoft Corporation
smss.exe 1260 176 K 420 K Windows NT Session Manager Microsoft Corporation
services.exe 1376 1,856 K 3,612 K Services and Controller app Microsoft Corporation
SeaPort.exe 2028 5,688 K 8,828 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
SCServer.exe 3572 2,708 K 6,288 K Microsoft Search Client Server Microsoft Corporation
S24EvMon.exe 1912 10,500 K 15,420 K Intel® Wireless Management Service Intel® Corporation
rundll32.exe 3828 2,280 K 3,568 K Run a DLL as an App Microsoft Corporation
RegSrvc.exe 896 888 K 3,132 K Intel® PROSet/Wireless Registry Service Intel® Corporation
psi.exe 2352 20,476 K 31,068 K Secunia PSI Secunia
NicConfigSvc.exe 464 3,396 K 4,768 K Internal Network Card Power Management Service Dell Inc.
nhc.exe 3536 29,284 K 5,724 K Notebook Hardware Control http://www.pbus-167.com
mswinext.exe 3552 21,052 K 36,940 K MSN® Toolbar Microsoft Corp.
mDNSResponder.exe 1244 1,196 K 3,676 K Bonjour Service Apple Inc.
lsass.exe 1388 3,996 K 6,452 K LSA Shell (Export Version) Microsoft Corporation
jusched.exe 3504 828 K 2,856 K Java™ Update Scheduler Sun Microsystems, Inc.
jqs.exe 404 2,116 K 1,408 K Java™ Quick Starter Service Sun Microsystems, Inc.
iTunesHelper.exe 3600 9,216 K 13,972 K iTunesHelper Module Apple Inc.
iPodService.exe 2160 2,488 K 4,152 K iPodService Module (32-bit) Apple Inc.
Interrupts n/a 0 K 0 K Hardware Interrupts
iFrmewrk.exe 3680 13,132 K 17,832 K Intel® PROSet/Wireless Framework Intel® Corporation
HPZipm12.exe 428 544 K 1,808 K PML Driver HP
hidfind.exe 2972 1,688 K 2,412 K Alps Pointing-device Driver Alps Electric Co., Ltd.
GrooveMonitor.exe 3696 2,112 K 6,404 K GrooveMonitor Utility Microsoft Corporation
FlipShareService.exe 240 5,064 K 8,052 K FlipShare Service
firefox.exe 864 69,512 K 82,216 K Firefox Mozilla Corporation
explorer.exe 1380 27,684 K 14,720 K Windows Explorer Microsoft Corporation
EvtEng.exe 1996 10,596 K 14,056 K Intel® PROSet/Wireless Event Log Service Intel® Corporation
DPCs n/a 0 K 0 K Deferred Procedure Calls
ctfmon.exe 1744 920 K 3,780 K CTF Loader Microsoft Corporation
csrss.exe 1308 1,780 K 4,312 K Client Server Runtime Process Microsoft Corporation
BrccMCtl.exe 3820 3,592 K 10,308 K Control Center 3 Main Program Brother Industries, Ltd.
BAsfIpM.exe 1196 2,104 K 3,468 K Broadcom ASF IP monitoring service Broadcom Corp.
avp.exe 3488 4,328 K 5,472 K
avp.exe 192 86,708 K 35,204 K
atiptaxx.exe 3844 2,904 K 4,432 K ATI Desktop Control Panel ATI Technologies, Inc.
ati2evxx.exe 1552 620 K 2,604 K ATI External Event Utility EXE Module ATI Technologies Inc.
ati2evxx.exe 508 824 K 3,344 K ATI External Event Utility EXE Module ATI Technologies Inc.
AppleMobileDeviceService.exe 1168 1,844 K 2,744 K Apple Mobile Device Service Apple Inc.
Apoint.exe 3852 1,796 K 5,672 K Alps Pointing-device Driver Alps Electric Co., Ltd.
ApntEx.exe 2672 912 K 2,824 K Alps Pointing-device Driver for Windows NT/2000/XP Alps Electric Co., Ltd.
alg.exe 1300 1,180 K 3,600 K Application Layer Gateway Service Microsoft Corporation



Tsskiller Log:


2010/09/22 01:04:07.0115 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/22 01:04:07.0115 ================================================================================
2010/09/22 01:04:07.0115 SystemInfo:
2010/09/22 01:04:07.0115
2010/09/22 01:04:07.0115 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/22 01:04:07.0115 Product type: Workstation
2010/09/22 01:04:07.0115 ComputerName: LATD610-094BF97
2010/09/22 01:04:07.0115 UserName: NewUser
2010/09/22 01:04:07.0115 Windows directory: C:\WINDOWS
2010/09/22 01:04:07.0115 System windows directory: C:\WINDOWS
2010/09/22 01:04:07.0115 Processor architecture: Intel x86
2010/09/22 01:04:07.0115 Number of processors: 1
2010/09/22 01:04:07.0115 Page size: 0x1000
2010/09/22 01:04:07.0115 Boot type: Normal boot
2010/09/22 01:04:07.0115 ================================================================================
2010/09/22 01:04:07.0287 Initialize success
2010/09/22 01:04:10.0428 ================================================================================
2010/09/22 01:04:10.0428 Scan started
2010/09/22 01:04:10.0428 Mode: Manual;
2010/09/22 01:04:10.0428 ================================================================================
2010/09/22 01:04:15.0365 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/22 01:04:15.0553 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/22 01:04:15.0803 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/22 01:04:15.0990 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/22 01:04:16.0365 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/09/22 01:04:16.0412 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/09/22 01:04:16.0584 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/22 01:04:16.0662 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/22 01:04:16.0787 ati2mtag (2a6c99cfdc23c9c26d0e30b1c99748d4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/09/22 01:04:16.0850 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/22 01:04:16.0912 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/22 01:04:16.0975 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/09/22 01:04:17.0037 BASFND (3d87b0484be1093c6614062701f375c5) C:\WINDOWS\system32\Drivers\BASFND.sys
2010/09/22 01:04:17.0084 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/22 01:04:17.0147 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/09/22 01:04:17.0256 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/09/22 01:04:17.0365 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/09/22 01:04:17.0444 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/09/22 01:04:17.0584 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/22 01:04:17.0694 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/22 01:04:17.0756 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/22 01:04:17.0819 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/22 01:04:17.0881 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/09/22 01:04:17.0990 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/22 01:04:18.0037 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/22 01:04:18.0147 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/22 01:04:18.0225 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/22 01:04:18.0319 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/22 01:04:18.0412 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/22 01:04:18.0475 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/22 01:04:18.0553 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/22 01:04:18.0631 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/22 01:04:18.0678 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/22 01:04:18.0740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/22 01:04:18.0787 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/22 01:04:18.0850 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/22 01:04:18.0912 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/22 01:04:19.0006 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/22 01:04:19.0084 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/22 01:04:19.0147 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/22 01:04:19.0209 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
2010/09/22 01:04:19.0272 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
2010/09/22 01:04:19.0319 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
2010/09/22 01:04:19.0428 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/22 01:04:19.0584 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/09/22 01:04:19.0678 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2010/09/22 01:04:19.0772 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/22 01:04:19.0912 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/22 01:04:19.0959 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/22 01:04:20.0069 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/22 01:04:20.0131 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/22 01:04:20.0194 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/22 01:04:20.0240 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/22 01:04:20.0334 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/22 01:04:20.0428 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/22 01:04:20.0506 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/22 01:04:20.0615 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/22 01:04:20.0725 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/22 01:04:20.0803 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/22 01:04:20.0850 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/22 01:04:20.0928 kl1 (cd6a8fa9395460ffe7fd8881a6c67254) C:\WINDOWS\system32\drivers\kl1.sys
2010/09/22 01:04:21.0022 klbg (f9089982ed97340984e3dd60edd75490) C:\WINDOWS\system32\drivers\klbg.sys
2010/09/22 01:04:21.0069 KLFLTDEV (73eb94ad1c85b4a3c5a8b4d879f668b9) C:\WINDOWS\system32\DRIVERS\klfltdev.sys
2010/09/22 01:04:21.0115 KLIF (2627c389ba33065b2e98118ce9d71e57) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/09/22 01:04:21.0162 klim5 (cd16a39c6f61c2ae0272e1f431353bf7) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/09/22 01:04:21.0240 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/22 01:04:21.0334 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/22 01:04:21.0459 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/09/22 01:04:21.0537 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/22 01:04:21.0600 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/22 01:04:21.0662 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/22 01:04:21.0725 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/22 01:04:21.0772 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/22 01:04:21.0819 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/22 01:04:21.0897 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/22 01:04:21.0928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/22 01:04:22.0006 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/22 01:04:22.0053 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/22 01:04:22.0084 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/22 01:04:22.0162 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/22 01:04:22.0225 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/22 01:04:22.0287 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/22 01:04:22.0365 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/22 01:04:22.0444 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/22 01:04:22.0459 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/22 01:04:22.0506 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/22 01:04:22.0553 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/22 01:04:22.0600 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/22 01:04:22.0678 nhcDriverDevice (37260a293b6a89373ae76791e6cc5a12) C:\WINDOWS\system32\drivers\nhcDriver.sys
2010/09/22 01:04:22.0709 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/22 01:04:22.0756 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/22 01:04:22.0819 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/09/22 01:04:22.0865 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/22 01:04:22.0928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/22 01:04:22.0990 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/22 01:04:23.0037 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2010/09/22 01:04:23.0084 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/22 01:04:23.0115 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/22 01:04:23.0162 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/22 01:04:23.0209 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/22 01:04:23.0256 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/09/22 01:04:23.0272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/22 01:04:23.0459 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/22 01:04:23.0537 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2010/09/22 01:04:23.0553 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/22 01:04:23.0615 PSI (db2e4fc8afb22525d90818a30f53ec11) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2010/09/22 01:04:23.0647 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/22 01:04:23.0756 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/22 01:04:23.0787 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/22 01:04:23.0819 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/22 01:04:23.0834 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/22 01:04:23.0881 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/22 01:04:23.0944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/22 01:04:23.0975 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/22 01:04:24.0069 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/22 01:04:24.0147 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/22 01:04:24.0225 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/09/22 01:04:24.0334 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/09/22 01:04:24.0490 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/22 01:04:24.0553 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/22 01:04:24.0615 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/22 01:04:24.0694 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/22 01:04:24.0787 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/22 01:04:24.0834 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/22 01:04:24.0912 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/22 01:04:25.0022 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
2010/09/22 01:04:25.0131 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/09/22 01:04:25.0194 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/22 01:04:25.0287 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/22 01:04:25.0615 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/22 01:04:25.0834 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/22 01:04:25.0897 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/22 01:04:26.0162 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/22 01:04:26.0350 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/22 01:04:26.0772 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/22 01:04:27.0569 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/22 01:04:27.0897 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/22 01:04:27.0990 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/22 01:04:28.0053 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/22 01:04:28.0115 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/22 01:04:28.0178 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/22 01:04:28.0287 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/22 01:04:28.0350 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/22 01:04:28.0412 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/22 01:04:28.0537 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/22 01:04:28.0725 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2010/09/22 01:04:28.0865 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/22 01:04:28.0959 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/22 01:04:29.0100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/22 01:04:29.0225 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/09/22 01:04:29.0350 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/22 01:04:29.0428 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/22 01:04:29.0475 ================================================================================
2010/09/22 01:04:29.0475 Scan finished
2010/09/22 01:04:29.0475 ================================================================================
2010/09/22 01:04:49.0006 Deinitialize success


Am about to run event viewer for 1 hour or more...Thanks for your help!!
  • 0

#4
OneBadDonzi

OneBadDonzi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
MBR check log:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 682):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 PCIIde.sys
0xBA328000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xBA5AC000 intelide.sys
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F13000 atapi.sys
0xBA338000 cercsr6.sys
0xB9EFB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EDB000 fltmgr.sys
0xB9EC9000 sr.sys
0xBA0F8000 klbg.sys
0xB9EB2000 KSecDD.sys
0xB9E25000 Ntfs.sys
0xB9DF8000 NDIS.sys
0xBA108000 Combo-Fix.sys
0xB9DDE000 Mup.sys
0xB98BF000 kl1.sys
0xBA340000 \WINDOWS\system32\drivers\TDI.SYS
0xB8EC3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA564000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB8D4E000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8D3A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8D10000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8CEC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA1B8000 \SystemRoot\system32\DRIVERS\klfltdev.sys
0xBA388000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8CD6000 \SystemRoot\system32\DRIVERS\gtipci21.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xB8AB8000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xB8A75000 \SystemRoot\system32\drivers\STAC97.sys
0xB8A51000 \SystemRoot\system32\drivers\portcls.sys
0xBA1C8000 \SystemRoot\system32\drivers\drmk.sys
0xB8A2E000 \SystemRoot\system32\drivers\ks.sys
0xB89FB000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xB88FE000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
0xB8851000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA390000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA1D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8836000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA570000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8822000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA238000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA258000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA5FA000 \SystemRoot\system32\DRIVERS\serscan.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\klim5.sys
0xBA7B5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA268000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA550000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB880B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA298000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB87FA000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8E93000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA408000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA450000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB87CA000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8E83000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB876C000 \SystemRoot\system32\DRIVERS\update.sys
0xB8F3A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8E73000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA308000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5FE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB46C0000 \SystemRoot\system32\DRIVERS\klif.sys
0xBA600000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6F3000 \SystemRoot\System32\Drivers\Null.SYS
0xBA602000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA418000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA420000 \SystemRoot\System32\drivers\vga.sys
0xBA604000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA606000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA428000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA430000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9886000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB468D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB460C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB45E4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB45C2000 \SystemRoot\System32\drivers\afd.sys
0xBA318000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB4597000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA6FE000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xBA55C000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xB4527000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA148000 \SystemRoot\System32\Drivers\Fips.SYS
0xB4501000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA158000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB4744000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA168000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB4740000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xB8EB3000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB43E6000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB472C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB43AD000 \SystemRoot\System32\Drivers\Udfs.SYS
0xB4395000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA618000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB4718000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA368000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA75F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04E000 \SystemRoot\System32\ati2cqag.dll
0xBF080000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2E6000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB229D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB2299000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB1E30000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2185000 \SystemRoot\system32\drivers\sysaudio.sys
0xB1C1D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5F0000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xBA62C000 \??\C:\WINDOWS\system32\Drivers\BASFND.sys
0xB2001000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB19E6000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA458000 \??\C:\DOCUME~1\NewUser\LOCALS~1\Temp\mbr.sys
0xB8EE3000 \??\C:\WINDOWS\system32\drivers\nhcDriver.sys
0xB0CE8000 \SystemRoot\system32\drivers\kmixer.sys
0xBA480000 \??\C:\george\catchme.sys
0xBA5E2000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB22BD000 \??\C:\WINDOWS\system32\Drivers\PROCEXP141.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
0x48580000 \WINDOWS\system32\smss.exe
0x01000000 \WINDOWS\system32\autochk.exe
0x66700000 \WINDOWS\system32\sfcfiles.dll
0x4A680000 \WINDOWS\system32\csrss.exe
0x75B40000 \WINDOWS\system32\csrsrv.dll
0x75B50000 \WINDOWS\system32\basesrv.dll
0x75B60000 \WINDOWS\system32\winsrv.dll
0x77F10000 \WINDOWS\system32\gdi32.dll
0x7C800000 \WINDOWS\system32\kernel32.dll
0x7E410000 \WINDOWS\system32\user32.dll
0x77DD0000 \WINDOWS\system32\advapi32.dll
0x77E70000 \WINDOWS\system32\rpcrt4.dll
0x77FE0000 \WINDOWS\system32\secur32.dll
0x776C0000 \WINDOWS\system32\authz.dll
0x77C10000 \WINDOWS\system32\msvcrt.dll
0x77A80000 \WINDOWS\system32\crypt32.dll
0x77B20000 \WINDOWS\system32\msasn1.dll
0x75940000 \WINDOWS\system32\nddeapi.dll
0x75930000 \WINDOWS\system32\profmap.dll
0x5B860000 \WINDOWS\system32\netapi32.dll
0x769C0000 \WINDOWS\system32\userenv.dll
0x76BF0000 \WINDOWS\system32\psapi.dll
0x76BC0000 \WINDOWS\system32\regapi.dll
0x77920000 \WINDOWS\system32\setupapi.dll
0x77C00000 \WINDOWS\system32\version.dll
0x76360000 \WINDOWS\system32\winsta.dll
0x76C30000 \WINDOWS\system32\wintrust.dll
0x76C90000 \WINDOWS\system32\imagehlp.dll
0x71AB0000 \WINDOWS\system32\ws2_32.dll
0x71AA0000 \WINDOWS\system32\ws2help.dll
0x76390000 \WINDOWS\system32\imm32.dll
0x5FFF0000 \WINDOWS\system32\kbdus.dll
0x75970000 \WINDOWS\system32\msgina.dll
0x5D090000 \WINDOWS\system32\comctl32.dll
0x74320000 \WINDOWS\system32\odbc32.dll
0x763B0000 \WINDOWS\system32\comdlg32.dll
0x7C9C0000 \WINDOWS\system32\shell32.dll
0x77F60000 \WINDOWS\system32\shlwapi.dll
0x7E720000 \WINDOWS\system32\sxs.dll
0x773D0000 \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x776E0000 \WINDOWS\system32\shsvcs.dll
0x76BB0000 \WINDOWS\system32\sfc.dll
0x76C60000 \WINDOWS\system32\sfc_os.dll
0x774E0000 \WINDOWS\system32\ole32.dll
0x77B40000 \WINDOWS\system32\apphelp.dll
0x75730000 \WINDOWS\system32\lsasrv.dll
0x71B20000 \WINDOWS\system32\mpr.dll
0x767A0000 \WINDOWS\system32\ntdsapi.dll
0x76F20000 \WINDOWS\system32\dnsapi.dll
0x76F60000 \WINDOWS\system32\wldap32.dll
0x71BF0000 \WINDOWS\system32\samlib.dll
0x5F770000 \WINDOWS\system32\ncobjapi.dll
0x76080000 \WINDOWS\system32\msvcp60.dll
0x7DBD0000 \WINDOWS\system32\scesrv.dll
0x74440000 \WINDOWS\system32\samsrv.dll
0x76790000 \WINDOWS\system32\cryptdll.dll
0x5CB70000 \WINDOWS\system32\shimeng.dll
0x7DBA0000 \WINDOWS\system32\umpnpmgr.dll
0x6F880000 \WINDOWS\AppPatch\acgenral.dll
0x76B40000 \WINDOWS\system32\winmm.dll
0x77120000 \WINDOWS\system32\oleaut32.dll
0x77BE0000 \WINDOWS\system32\msacm32.dll
0x5AD70000 \WINDOWS\system32\uxtheme.dll
0x47260000 \WINDOWS\AppPatch\acadproc.dll
0x71E50000 \WINDOWS\system32\msapsspc.dll
0x78080000 \WINDOWS\system32\msvcrt40.dll
0x767F0000 \WINDOWS\system32\schannel.dll
0x75B00000 \WINDOWS\system32\digest.dll
0x747B0000 \WINDOWS\system32\msnsspc.dll
0x755C0000 \WINDOWS\system32\msctfime.ime
0x71CF0000 \WINDOWS\system32\kerberos.dll
0x77C70000 \WINDOWS\system32\msv1_0.dll
0x76D60000 \WINDOWS\system32\iphlpapi.dll
0x744B0000 \WINDOWS\system32\netlogon.dll
0x767C0000 \WINDOWS\system32\w32time.dll
0x7DFC0000 \WINDOWS\system32\wdigest.dll
0x68000000 \WINDOWS\system32\rsaenh.dll
0x723D0000 \WINDOWS\system32\winscard.dll
0x76F50000 \WINDOWS\system32\wtsapi32.dll
0x74410000 \WINDOWS\system32\scecli.dll
0x00400000 \WINDOWS\system32\ati2evxx.exe
0x77690000 \WINDOWS\system32\ntmarta.dll
0x76A80000 \WINDOWS\system32\rpcss.dll
0x77B70000 \WINDOWS\system32\eventlog.dll
0x71A50000 \WINDOWS\system32\mswsock.dll
0x662B0000 \WINDOWS\system32\hnetcfg.dll
0x71A90000 \WINDOWS\system32\wshtcpip.dll
0x76FB0000 \WINDOWS\system32\winrnr.dll
0x751D0000 \WINDOWS\system32\wshbth.dll
0x16080000 \Program Files\Bonjour\mdnsNSP.dll
0x76FC0000 \WINDOWS\system32\rasadhlp.dll
0x59A60000 \WINDOWS\system32\dbghelp.dll
0x10000000 \Program Files\Intel\WiFi\bin\IntStngs.dll
0x73000000 \WINDOWS\system32\winspool.drv
0x74C80000 \WINDOWS\system32\oleacc.dll
0x76600000 \WINDOWS\system32\cscdll.dll
0x47020000 \WINDOWS\system32\dimsntfy.dll
0x6D4D0000 \WINDOWS\system32\klogon.dll
0x75950000 \WINDOWS\system32\wlnotify.dll
0x76FD0000 \WINDOWS\system32\clbcatq.dll
0x77050000 \WINDOWS\system32\comres.dll
0x6C1B0000 \WINDOWS\system32\duser.dll
0x76380000 \WINDOWS\system32\msimg32.dll
0x74980000 \WINDOWS\system32\msxml3.dll
0x71AD0000 \WINDOWS\system32\wsock32.dll
0x755F0000 \WINDOWS\system32\netcfgx.dll
0x76D10000 \WINDOWS\system32\clusapi.dll
0x7D4B0000 \WINDOWS\system32\dhcpcsvc.dll
0x73D70000 \WINDOWS\system32\shgina.dll
0x77A20000 \WINDOWS\system32\cscui.dll
0x74AD0000 \WINDOWS\system32\powrprof.dll
0x6C7F0000 \WINDOWS\system32\dpcdll.dll
0x76770000 \WINDOWS\system32\dnsrslvr.dll
0x3D930000 \WINDOWS\system32\wininet.dll
0x78130000 \WINDOWS\system32\urlmon.dll
0x3DFD0000 \WINDOWS\system32\iertutil.dll
0x4DE10000 \Program Files\Common Files\System\ado\msado15.dll
0x765B0000 \WINDOWS\system32\msdart.dll
0x73160000 \Program Files\Common Files\System\Ole DB\oledb32.dll
0x75350000 \Program Files\Common Files\System\Ole DB\oledb32r.dll
0x60E30000 \Program Files\Common Files\System\Ole DB\msdatl3.dll
0x76620000 \WINDOWS\system32\comsvcs.dll
0x75130000 \WINDOWS\system32\colbact.dll
0x750F0000 \WINDOWS\system32\mtxclu.dll
0x750B0000 \WINDOWS\system32\resutils.dll
0x4DD40000 \WINDOWS\system32\odbcjt32.dll
0x1B000000 \WINDOWS\system32\msjet40.dll
0x1B5D0000 \WINDOWS\system32\mswstr10.dll
0x5D130000 \WINDOWS\system32\odbcji32.dll
0x1B2C0000 \WINDOWS\system32\msjter40.dll
0x1B2D0000 \WINDOWS\system32\msjint40.dll
0x74C40000 \WINDOWS\system32\lmhsvc.dll
0x7DB10000 \WINDOWS\system32\wzcsvc.dll
0x76E80000 \WINDOWS\system32\rtutils.dll
0x76D30000 \WINDOWS\system32\wmi.dll
0x5FE80000 \WINDOWS\system32\odbccp32.dll
0x72810000 \WINDOWS\system32\eapolqec.dll
0x76B20000 \WINDOWS\system32\atl.dll
0x726C0000 \WINDOWS\system32\qutil.dll
0x478C0000 \WINDOWS\system32\dot3api.dll
0x606B0000 \WINDOWS\system32\esent.dll
0x74060000 \Program Files\Common Files\System\msadc\msadce.dll
0x74EF0000 \WINDOWS\system32\wbem\wbemprox.dll
0x75290000 \WINDOWS\system32\wbem\wbemcomn.dll
0x76B70000 \WINDOWS\system32\rastls.dll
0x754D0000 \WINDOWS\system32\cryptui.dll
0x76D40000 \WINDOWS\system32\mprapi.dll
0x77CC0000 \WINDOWS\system32\activeds.dll
0x76E10000 \WINDOWS\system32\adsldpc.dll
0x76EE0000 \WINDOWS\system32\rasapi32.dll
0x76E90000 \WINDOWS\system32\rasman.dll
0x76EB0000 \WINDOWS\system32\tapi32.dll
0x74E30000 \WINDOWS\system32\riched20.dll
0x76BD0000 \WINDOWS\system32\raschap.dll
0x77D00000 \WINDOWS\system32\netman.dll
0x76400000 \WINDOWS\system32\netshell.dll
0x76C00000 \WINDOWS\system32\credui.dll
0x736D0000 \WINDOWS\system32\dot3dlg.dll
0x5DCA0000 \WINDOWS\system32\onex.dll
0x745B0000 \WINDOWS\system32\eappcfg.dll
0x5DCD0000 \WINDOWS\system32\eappprxy.dll
0x73030000 \WINDOWS\system32\wzcsapi.dll
0x75F80000 \WINDOWS\system32\browseui.dll
0x7E290000 \WINDOWS\system32\shdocvw.dll
0x75E60000 \WINDOWS\system32\cryptnet.dll
0x722B0000 \WINDOWS\system32\sensapi.dll
0x4D4F0000 \WINDOWS\system32\winhttp.dll
0x77300000 \WINDOWS\system32\schedsvc.dll
0x661D0000 \Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
0x68EF0000 \Program Files\Microsoft Office\Office12\GrooveUtil.dll
0x68FF0000 \Program Files\Microsoft Office\Office12\GrooveNew.dll
0x7C630000 \WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
0x58AB0000 \WINDOWS\system32\desk.cpl
0x5BA60000 \WINDOWS\system32\themeui.dll
0x74F50000 \WINDOWS\system32\msidle.dll
0x708B0000 \WINDOWS\system32\audiosrv.dll
0x50000000 \WINDOWS\system32\iernonce.dll
0x76E40000 \WINDOWS\system32\wkssvc.dll
0x65000000 \WINDOWS\system32\advpack.dll
0x72D20000 \WINDOWS\system32\wdmaud.drv
0x72D10000 \WINDOWS\system32\msacm32.drv
0x77BD0000 \WINDOWS\system32\midimap.dll
0x65E50000 \Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
0x4AD00000 \george\CF5840.cfxxe
0x71FA0000 \WINDOWS\system32\ulib.dll
0x71550000 \WINDOWS\system32\aclui.dll
0x6F2B0000 \WINDOWS\system32\clb.dll
0x742E0000 \WINDOWS\system32\spoolss.dll
0x5A6E0000 \WINDOWS\system32\webclnt.dll
0x6D860000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\prremote.dll
0x7C420000 \WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
0x6D440000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\fssync.dll
0x4FFE0000 \WINDOWS\system32\fltlib.dll
0x6DA40000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ushata.dll
0x6D410000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\clldr.dll
0x6D810000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\prloader.dll
0x6E360000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\PrKernel.ppl
0x74AE0000 \WINDOWS\system32\cfgmgr32.dll
0x4C070000 \WINDOWS\system32\bthserv.dll
0x6E4B0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\pxstub.ppl
0x6E240000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\params.ppl
0x6E8C0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\WinReg.ppl
0x6E150000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mkavio.ppl
0x6E680000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\TempFile.ppl
0x79000000 \WINDOWS\system32\mscoree.dll
0x64050000 \WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
0x6E6B0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\tm.ppl
0x6E1D0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\nfio.ppl
0x6DEE0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\FsDrvPlg.ppl
0x6DDE0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\bl.ppl
0x76CE0000 \WINDOWS\system32\cryptsvc.dll
0x6E8F0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\wmihlpr.ppl
0x6E500000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\regmap.ppl
0x6E180000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ndetect.ppl
0x6DE70000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\crpthlpr.ppl
0x74290000 \WINDOWS\system32\icmp.dll
0x6DEA0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\dtreg.ppl
0x6E570000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SFDB.PPL
0x6E560000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\schedule.ppl
0x6E6A0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\timer.ppl
0x6E690000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\thpimpl.ppl
0x6E050000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\lic.ppl
0x6E510000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\report.ppl
0x77B90000 \WINDOWS\system32\certcli.dll
0x46FF0000 \WINDOWS\system32\wlanapi.dll
0x7D1E0000 \WINDOWS\system32\msi.dll
0x77710000 \WINDOWS\system32\es.dll
0x74F80000 \WINDOWS\system32\ersvc.dll
0x74F90000 \WINDOWS\system32\dmserver.dll
0x74F40000 \WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
0x7C340000 \Program Files\Java\jre6\bin\msvcr71.dll
0x74000000 \WINDOWS\system32\pdh.dll
0x711A0000 \WINDOWS\system32\odbcbcp.dll
0x75090000 \WINDOWS\system32\srvsvc.dll
0x7DF70000 \WINDOWS\system32\oledlg.dll
0x6E520000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\reportdb.ppl
0x743E0000 \WINDOWS\system32\ipsecsvc.dll
0x75D90000 \WINDOWS\system32\oakley.dll
0x74370000 \WINDOWS\system32\winipsec.dll
0x743A0000 \WINDOWS\system32\pstorsvc.dll
0x743C0000 \WINDOWS\system32\psbase.dll
0x68100000 \WINDOWS\system32\dssenh.dll
0x75BB0000 \WINDOWS\system32\localspl.dll
0x742A0000 \WINDOWS\system32\cnbjmon.dll
0x72020000 \WINDOWS\system32\mgmtapi.dll
0x71F60000 \WINDOWS\system32\snmpapi.dll
0x72010000 \WINDOWS\system32\wsnmp32.dll
0x74280000 \WINDOWS\system32\pjlmon.dll
0x72400000 \WINDOWS\system32\tcpmon.dll
0x72030000 \WINDOWS\system32\tcpmib.dll
0x723F0000 \WINDOWS\system32\usbmon.dll
0x3F420000 \WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
0x3D5F0000 \WINDOWS\system32\msxml6.dll
0x73D20000 \WINDOWS\system32\seclogon.dll
0x722D0000 \WINDOWS\system32\sens.dll
0x751A0000 \WINDOWS\system32\srsvc.dll
0x75AA0000 \WINDOWS\system32\wiaservc.dll
0x73B30000 \WINDOWS\system32\mscms.dll
0x75070000 \WINDOWS\system32\trkwks.dll
0x59490000 \WINDOWS\system32\wbem\wmisvc.dll
0x753E0000 \WINDOWS\system32\vssapi.dll
0x1C300000 \WINDOWS\system32\BrWia06a.dll
0x75C10000 \WINDOWS\system32\win32spl.dll
0x71C80000 \WINDOWS\system32\netrap.dll
0x74300000 \WINDOWS\system32\inetpp.dll
0x76DE0000 \WINDOWS\system32\upnp.dll
0x74F00000 \WINDOWS\system32\ssdpapi.dll
0x762C0000 \WINDOWS\system32\wbem\wbemcore.dll
0x75310000 \WINDOWS\system32\wbem\esscli.dll
0x75690000 \WINDOWS\system32\wbem\fastprox.dll
0x74ED0000 \WINDOWS\system32\wbem\wbemsvc.dll
0x75020000 \WINDOWS\system32\wbem\wmiutils.dll
0x75200000 \WINDOWS\system32\wbem\repdrvfs.dll
0x71D40000 \WINDOWS\system32\actxprxy.dll
0x3F1E0000 \WINDOWS\system32\wbem\wmiprvsd.dll
0x75390000 \WINDOWS\system32\wbem\wbemess.dll
0x5E760000 \WINDOWS\system32\perfos.dll
0x5E790000 \WINDOWS\system32\perfdisk.dll
0x6CD00000 \Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
0x5F740000 \WINDOWS\system32\wbem\ncprov.dll
0x4C0A0000 \WINDOWS\system32\wscsvc.dll
0x50040000 \WINDOWS\system32\wuaueng.dll
0x75150000 \WINDOWS\system32\cabinet.dll
0x600A0000 \WINDOWS\system32\mspatcha.dll
0x66460000 \WINDOWS\system32\ipnathlp.dll
0x76DA0000 \WINDOWS\system32\browser.dll
0x50640000 \WINDOWS\system32\wups.dll
0x50F00000 \WINDOWS\system32\wups2.dll
0x7DF30000 \WINDOWS\system32\rasmans.dll
0x506A0000 \WINDOWS\system32\wuapi.dll
0x73D30000 \WINDOWS\system32\wbem\wbemcons.dll
0x72410000 \WINDOWS\system32\mydocs.dll
0x76990000 \WINDOWS\system32\ntshrui.dll
0x76980000 \WINDOWS\system32\linkinfo.dll
0x3E1C0000 \WINDOWS\system32\ieframe.dll
0x75CF0000 \WINDOWS\system32\mlang.dll
0x47280000 \WINDOWS\system32\mmcshext.dll
0x723B0000 \WINDOWS\system32\hhsetup.dll
0x72F20000 \WINDOWS\system32\wbem\wmiprov.dll
0x6BD10000 \Program Files\Microsoft Office\Office12\MSOHEVI.DLL
0x47060000 \Program Files\MSN Toolbar\Platform\4.0.0401.0\xmllite.dll
0x79E70000 \WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
0x790C0000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
0x7B860000 \Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
0x7B970000 \Program Files\Microsoft Silverlight\4.0.50524.0\agcore.dll
0x164A0000 \WINDOWS\system32\WPDShServiceObj.dll
0x7A440000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
0x76280000 \WINDOWS\system32\stobject.dll
0x74AF0000 \WINDOWS\system32\batmeter.dll
0x109C0000 \WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 \WINDOWS\system32\PortableDeviceApi.dll
0x7ADE0000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
0x7AFD0000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
0x73DD0000 \WINDOWS\system32\mfc42.dll
0x637A0000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
0x4EC50000 \WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
0x76780000 \WINDOWS\system32\shfolder.dll
0x60340000 \WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
0x66800000 \Program Files\QuickTime\QTSystem\QuickTime.qts
0x73640000 \WINDOWS\system32\mnmdd.dll
0x68A40000 \Program Files\QuickTime\QTSystem\QTCF.dll
0x73F10000 \WINDOWS\system32\dsound.dll
0x4FFB0000 \WINDOWS\system32\bthprops.cpl
0x72A90000 \WINDOWS\system32\devmgr.dll
0x66B50000 \Program Files\Microsoft Office\Office12\GrooveMisc.dll
0x73760000 \WINDOWS\system32\ddraw.dll
0x73BC0000 \WINDOWS\system32\dciman32.dll
0x605F0000 \WINDOWS\system32\msisip.dll
0x7DFA0000 \WINDOWS\system32\wshext.dll
0x79150000 \Program Files\Microsoft Silverlight\4.0.50524.0\coreclr.dll
0x3CEA0000 \WINDOWS\system32\mshtml.dll
0x688F0000 \WINDOWS\system32\hid.dll
0x6D9A0000 \WINDOWS\system32\d3d8.dll
0x6D990000 \WINDOWS\system32\d3d8thk.dll
0x6CE10000 \WINDOWS\system32\dinput8.dll
0x73BA0000 \WINDOWS\system32\sti.dll
0x79520000 \Program Files\Microsoft Silverlight\4.0.50524.0\mscorlib.dll
0x796B0000 \Program Files\Microsoft Silverlight\4.0.50524.0\mscorlib.ni.dll
0x6DB60000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avpgui.ppl
0x5CB00000 \WINDOWS\system32\shimgvw.dll
0x6DCA0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\basegui.ppl
0x3D7A0000 \WINDOWS\system32\jscript.dll
0x746F0000 \WINDOWS\system32\msimtf.dll
0x74720000 \WINDOWS\system32\msctf.dll
0x6DEF0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\HASHMD5.PPL
0x5FC10000 \WINDOWS\system32\msutb.dll
0x5C2C0000 \WINDOWS\ime\sptip.dll
0x6DC20000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avs.ppl
0x6E8A0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\vmarea.ppl
0x6DB30000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avlib.ppl
0x7B080000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.Windows.Browser.dll
0x38000000 \Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Bases\kavbase.kdl
0x7B0B0000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.Windows.Browser.ni.dll
0x7A190000 \Program Files\Microsoft Silverlight\4.0.50524.0\system.dll
0x7A1D0000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.ni.dll
0x6E4C0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\qb.ppl
0x7B170000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.Windows.dll
0x7B2E0000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.Windows.ni.dll
0x7A300000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.Net.dll
0x6E390000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\procmon.ppl
0x7A340000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.Net.ni.dll
0x79E50000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.Core.dll
0x79EE0000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.Core.ni.dll
0x7AA80000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.Xml.dll
0x7AAE0000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.Xml.ni.dll
0x7A460000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.Runtime.Serialization.dll
0x6E410000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\propmap.ppl
0x7A4D0000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.Runtime.Serialization.ni.dll
0x6DED0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\filemap.ppl
0x7A9F0000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.ServiceModel.Web.dll
0x7AA10000 \Program Files\Microsoft Silverlight\4.0.50524.0\System.ServiceModel.Web.ni.dll
0x6E660000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\syswatch.ppl
0x6E1B0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\netwatch.ppl
0x67E00000 \Program Files\ScanSoft\PaperPort\ocr\ximage3.dll
0x609F0000 \Program Files\Microsoft Silverlight\4.0.50524.0\mscorrc.dll
0x760F0000 \WINDOWS\system32\termsrv.dll
0x74F70000 \WINDOWS\system32\icaapi.dll
0x733E0000 \WINDOWS\system32\tapisrv.dll
0x75110000 \WINDOWS\system32\mstlsapi.dll
0x75F60000 \WINDOWS\system32\drprov.dll
0x71C10000 \WINDOWS\system32\ntlanman.dll
0x71CD0000 \WINDOWS\system32\netui0.dll
0x71C90000 \WINDOWS\system32\netui1.dll
0x75880000 \WINDOWS\system32\rastapi.dll
0x75F70000 \WINDOWS\system32\davclnt.dll
0x57CC0000 \WINDOWS\system32\unimdm.tsp
0x72000000 \WINDOWS\system32\uniplat.dll
0x5B070000 \WINDOWS\system32\unimdmat.dll
0x61650000 \WINDOWS\system32\modemui.dll
0x57D40000 \WINDOWS\system32\kmddsp.tsp
0x57D20000 \WINDOWS\system32\ndptsp.tsp
0x57D50000 \WINDOWS\system32\ipconf.tsp
0x5B9F0000 \WINDOWS\system32\qmgr.dll
0x57D70000 \WINDOWS\system32\h323.tsp
0x46AA0000 \WINDOWS\system32\wbem\cimwin32.dll
0x692C0000 \WINDOWS\system32\wbem\framedyn.dll
0x57D60000 \WINDOWS\system32\hidphone.tsp
0x72240000 \WINDOWS\system32\rasppp.dll
0x724B0000 \WINDOWS\system32\ntlsapi.dll
0x67510000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
0x72AE0000 \WINDOWS\system32\rasqec.dll
0x5DDC0000 \WINDOWS\system32\qmgrprxy.dll
0x62BB0000 \WINDOWS\system32\licwmi.dll
0x61050000 \WINDOWS\system32\licdll.dll
0x6A310000 \WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
0x768D0000 \WINDOWS\system32\rasdlg.dll
0x6E430000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ProxyDet.ppl
0x6D920000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\updater.dll
0x71F80000 \WINDOWS\system32\security.dll
0x59910000 \WINDOWS\system32\wbem\wmipcima.dll
0x6E470000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\PrUpdate.ppl
0x42B80000 \WINDOWS\system32\jsproxy.dll
0x73300000 \WINDOWS\system32\vbscript.dll
0x30000000 \PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
0x1B060000 \WINDOWS\system32\pngfilt.dll
0x35C50000 \WINDOWS\system32\dxtrans.dll
0x6D430000 \WINDOWS\system32\ddrawex.dll
0x35CB0000 \WINDOWS\system32\dxtmsft.dll
0x5DF10000 \WINDOWS\system32\wzcdlg.dll
0x64890000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
0x79060000 \WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
0x67920000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
0x60000000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
0x67890000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
0x6A320000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
0x65A20000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
0x649E0000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
0x5E620000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
0x5E1B0000 \WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
0x5AD60000 \WINDOWS\system32\vdmdbg.dll
0x5E750000 \WINDOWS\system32\perfproc.dll
0x6D8E0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\scrchpg.dll
0x6D570000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mcou.dll
0x6D5B0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mcouas.dll
0x6D910000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\shellex.dll
0x5CE40000 \WINDOWS\system32\scrobj.dll
0x735A0000 \WINDOWS\system32\scrrun.dll
0x5A730000 \WINDOWS\system32\wbem\wbemdisp.dll
0x5B3C0000 \WINDOWS\system32\tscfgwmi.dll
0x60280000 \WINDOWS\system32\wshom.ocx
0x6D000000 \Program Files\Java\jre6\bin\awt.dll
0x6D800000 \Program Files\Java\jre6\bin\client\jvm.dll
0x6D1A0000 \Program Files\Java\jre6\bin\dcpr.dll
0x6D1D0000 \Program Files\Java\jre6\bin\deploy.dll
0x6D230000 \Program Files\Java\jre6\bin\fontmanager.dll
0x6D290000 \Program Files\Java\jre6\bin\hpi.dll
0x6D330000 \Program Files\Java\jre6\bin\java.dll
0x6D450000 \Program Files\Java\jre6\bin\jpeg.dll
0x6D610000 \Program Files\Java\jre6\bin\net.dll
0x6D630000 \Program Files\Java\jre6\bin\nio.dll
0x6D6B0000 \Program Files\Java\jre6\bin\regutils.dll
0x6D7B0000 \Program Files\Java\jre6\bin\verify.dll
0x6D7F0000 \Program Files\Java\jre6\bin\zip.dll
0x74D90000 \WINDOWS\system32\usp10.dll
0x6DB00000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\aphisht.ppl
0x73CE0000 \WINDOWS\system32\t2embed.dll
0x73DC0000 \WINDOWS\system32\lz32.dll
0x6E5E0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\stat.ppl
0x6DFB0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\httpscan.ppl
0x6E550000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\sc.ppl
0x6DA90000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ahids.ppl
0x6D3B0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ckahum.dll
0x6D340000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ckahcomm.dll
0x6D350000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ckahrule.dll
0x6DF00000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\hips.ppl
0x6D380000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ckahstat.dll
0x6DAA0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\antispam.ppl
0x6DF60000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\httpanlz.ppl
0x38200000 \Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Bases\vlns.kdl
0x6E0F0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mc.ppl
0x6E210000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\oas.ppl
0x6DA70000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialtsk.ppl
0x6E580000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SMTPprtc.ppl
0x6E2F0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\pdm2rt.ppl
0x6E6E0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\TrafMon2.ppl
0x6E350000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\POP3prtc.ppl
0x6E0A0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\maildisp.ppl
0x6DFE0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\IMAPprtc.ppl
0x6E1F0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\NNTPprtc.ppl
0x6DB50000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avpgs.ppl
0x6E830000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\urlflt.ppl
0x6DFC0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ichk2.ppl
0x6DFD0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\iChkSA.ppl
0x46C20000 \Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
0x46CA0000 \Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
0x46D00000 \Program Files\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll
0x6E7E0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\UniArc.ppl
0x6E140000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\minizip.ppl
0x6DE50000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\CAB.ppl
0x6DB10000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\Arj.ppl
0x6E4E0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\rar.ppl
0x6E030000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\lha.ppl
0x6E100000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mdb.ppl
0x61E00000 \WINDOWS\system32\mapi32.dll
0x6E160000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\msoe.ppl
0x6E0E0000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\MailMsg.ppl
0x32600000 \Program Files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
0x4B400000 \WINDOWS\system32\msftedit.dll
0x5C080000 \WINDOWS\srchasst\srchui.dll
0x5C150000 \WINDOWS\srchasst\srchctls.dll
0x711C0000 \WINDOWS\msagent\agentdp2.dll
0x7C140000 \Program Files\Common Files\Ahead\Lib\MFC71.dll
0x7C3A0000 \Program Files\Common Files\Ahead\Lib\msvcp71.dll
0x16210000 \WINDOWS\system32\WpdShext.dll
0x07160000 \WINDOWS\system32\audiodev.dll
0x15110000 \WINDOWS\system32\WMVCore.dll
0x11C70000 \WINDOWS\system32\wmasf.dll
0x593F0000 \WINDOWS\system32\wiashext.dll
0x60510000 \WINDOWS\system32\dfshim.dll
0x604F0000 \WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
0x71EE0000 \WINDOWS\system32\hticons.dll
0x73380000 \WINDOWS\system32\zipfldr.dll
0x386F0000 \PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
0x3A110000 \Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL
0x641F0000 \WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
0x64220000 \WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
0x3D760000 \WINDOWS\system32\occache.dll
0x75830000 \WINDOWS\system32\mstask.dll
0x6F7B0000 \WINDOWS\system32\fontext.dll
0x6FD40000 \WINDOWS\system32\cabview.dll
0x59370000 \WINDOWS\system32\wiadefui.dll
0x66400000 \WINDOWS\system32\msieftp.dll
0x6DE90000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\DMAP.ppl
0x732E0000 \WINDOWS\system32\riched32.dll
0x60310000 \WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
0x38EE0000 \PROGRA~1\MICROS~2\Office12\OLMAPI32.DLL
0x5E1E0000 \WINDOWS\system32\pschdprf.dll
0x73590000 \WINDOWS\system32\traffic.dll
0x5DC20000 \WINDOWS\system32\rasctrs.dll
0x5D400000 \WINDOWS\system32\rsvpperf.dll
0x5B7E0000 \WINDOWS\system32\tapiperf.dll
0x60630000 \WINDOWS\system32\netfxperf.dll
0x640D0000 \WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
0x63E90000 \WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
0x6E440000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\prseqio.ppl
0x6E000000 \Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\Inflate.ppl
0x5A680000 \WINDOWS\system32\winshfhc.dll
0x7C250000 \Program Files\Nero\Nero 7\Nero BackItUp\mfc71u.dll

Processes (total 60):
0 System Idle Process
4 System
1260 C:\WINDOWS\system32\smss.exe
1308 csrss.exe
1332 C:\WINDOWS\system32\winlogon.exe
1376 C:\WINDOWS\system32\services.exe
1388 C:\WINDOWS\system32\lsass.exe
1552 C:\WINDOWS\system32\ati2evxx.exe
1568 C:\WINDOWS\system32\svchost.exe
1680 svchost.exe
1876 C:\WINDOWS\system32\svchost.exe
1912 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
344 svchost.exe
508 C:\WINDOWS\system32\ati2evxx.exe
644 svchost.exe
1456 C:\WINDOWS\system32\spoolsv.exe
1136 svchost.exe
1168 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
192 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
1196 C:\WINDOWS\system32\BAsfIpM.exe
1244 C:\Program Files\Bonjour\mDNSResponder.exe
1296 svchost.exe
1996 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
240 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
404 C:\Program Files\Java\jre6\bin\jqs.exe
464 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
428 C:\WINDOWS\system32\HPZipm12.exe
896 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2028 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1768 C:\WINDOWS\system32\svchost.exe
480 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
2800 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3148 wmiprvse.exe
3488 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
3504 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3536 C:\Program Files\Notebook Hardware Control\nhc.exe
3552 C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
3600 C:\Program Files\iTunes\iTunesHelper.exe
3648 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
3680 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
3696 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3820 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
3828 C:\WINDOWS\system32\rundll32.exe
3844 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
3852 C:\Program Files\Apoint\Apoint.exe
2352 C:\Program Files\Secunia\PSI\psi.exe
2672 C:\Program Files\Apoint\ApntEx.exe
564 C:\WINDOWS\system32\wbem\unsecapp.exe
2972 C:\Program Files\Apoint\hidfind.exe
3292 wmiprvse.exe
3568 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1744 C:\WINDOWS\system32\ctfmon.exe
3928 unsecapp.exe
4052 wmiprvse.exe
2160 C:\Program Files\iPod\bin\iPodService.exe
1300 alg.exe
1380 C:\WINDOWS\explorer.exe
864 C:\Program Files\Mozilla Firefox\firefox.exe
3572 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
220 C:\Documents and Settings\NewUser\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHU2100AT, Rev: 00000008

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



WEW Log:



Vino's Event Viewer v01c run on Windows XP in English
Report run at 22/09/2010 2:16:11 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/09/2010 1:21:33 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The HID Input Service service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 22/09/2010 1:21:29 AM
Type: error Category: 0
Event: 10016 Source: DCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 22/09/2010 1:21:29 AM
Type: error Category: 0
Event: 10016 Source: DCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 22/09/2010 1:21:29 AM
Type: error Category: 0
Event: 10016 Source: DCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/09/2010 2:11:54 AM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 22/09/2010 1:31:29 AM
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.




WEW Log Application Radio button on:


Vino's Event Viewer v01c run on Windows XP in English
Report run at 22/09/2010 2:19:30 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/09/2010 1:18:14 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LATD610-094BF97\NewUser registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
I'm not seeing anything bad. The thing that MBAM found was just adware probably installed by your computer maker.

The HID Input Service service terminated with the following error: The specified module could not be found.

This can slow the boot down a bit. Unless you use something like Voice Recognition Software you don't need it so just turn it off.

Copy the next line:

sc config hid start= disabled

Start, Run, cmd, OK then

right click and Paste or Edit then Paste. Then hit Enter.

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

This error is caused by Intel's Wireless program. To fix it you can

Start, Run, dcomcnfg, OK

# Expand Component services.
# Expand Computers.
# Expand My Computer.
# Click the DCOM Config node.



View => Detail

then scroll down until you find "{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}", then:

Right-click the program name, and then select Properties.
On the Security tab, in the Launch and Activation Permissions group
box,

What does it say for Authentication Level? If it doesn't say Default then change it to Default. OK

Does your Broadcom Ethernet still work? I'm pretty sure the file that combofix removed was a false positive.

To find the source of a slow start we usually use msconfig

Start, Run, msconfig, OK

Then under Startup we uncheck everything but the Kaspersky stuff and Apply then under Services we check Hide Microsoft Services then uncheck everything but the Kaspersky stuff and Apply then OK and reboot.

If it boots faster you go back in and turn stuff back on by checking them and Apply and reboot. Takes a while but usually you can identify one or two items that really cause a slow boot.

Ron
  • 0

#6
OneBadDonzi

OneBadDonzi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Works great now! After doing everything you said to do, I then upgraded to Kaspersky 2011 and the current copy of it was a ghost but ran exactly the same. Even Kaspersky couldn't find it. Anyway, thanks so much for the help!!

Geeks To Go Rocks!!!!!!

;) ;)


:D ;)
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,727 posts
  • MVP
We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past. Uncheck any other extras they want to give you as part of the download.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 18.1 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://oldmcdonald.w...orun-eater-v25/
A small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) and No Script are two others you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password!

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP