Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Removed XP Total Security 2011; Lingering Problems


  • This topic is locked This topic is locked

#1
idrawstuff

idrawstuff

    Member

  • Member
  • PipPip
  • 72 posts
Hello,

Yesterday I stepped away from my computer for half an hour, and when I came back I had pop-ups for XP Total Security 2011 and Antimalware Doctor going. I endeded up running FixNCR.reg to begin with because of the .exe file problems I was having, and then rKill and Malwarebytes while I was in Safe Mode (I have the mbam log for review if anyone wants it). However, this morning I am still having problems with browser redirects and pop-ups on ALL THREE of my browsers (IE/Firefox/Chrome) and my virus scanner picked up and deleted something called V30516.exe, something detected as a W32/Tuared virus (whatever that means).

I'm running XP Pro, with McAfee VirusScan Enterprise 8.5.0i for protection, and Spybot for my spyware protection.

Anything you can recommend to help would be greatly appreciated :-)

Here's my OTL logfile:

OTL logfile created on: 5/19/2011 8:30:25 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\mike.DTB\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 102.36 Gb Free Space | 45.84% Space Free | Partition Type: NTFS
Drive E: | 9.59 Gb Total Space | 9.33 Gb Free Space | 97.33% Space Free | Partition Type: NTFS
Drive P: | 224.57 Gb Total Space | 133.91 Gb Free Space | 59.63% Space Free | Partition Type: NTFS
Drive R: | 224.57 Gb Total Space | 133.91 Gb Free Space | 59.63% Space Free | Partition Type: NTFS
Drive S: | 224.57 Gb Total Space | 133.91 Gb Free Space | 59.63% Space Free | Partition Type: NTFS

Computer Name: MIKE-LT | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/19 08:29:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike.DTB\Desktop\OTL.exe
PRC - [2011/05/19 08:19:08 | 000,025,088 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\Temp\tbuq\setup.exe
PRC - [2011/05/08 22:38:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/21 13:03:40 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2009/11/13 04:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/22 10:21:28 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/24 07:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/23 20:55:18 | 000,009,728 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [2007/10/18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe
PRC - [2007/02/06 15:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/06 15:11:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/30 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 08:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 13:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 13:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 03:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/19 08:29:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike.DTB\Desktop\OTL.exe
MOD - [2011/01/11 04:27:10 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2007/02/06 15:19:44 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (FirebirdServerDefaultInstance)
SRV - [2011/05/19 08:19:30 | 000,215,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\itlpfw32.dll -- (itlperf)
SRV - [2009/11/13 04:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/10/24 07:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/02/12 20:43:55 | 000,155,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\imapihp.exe -- (ImapiService)
SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/23 21:00:54 | 000,065,536 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2007/06/08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/30 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/05/19 08:19:35 | 000,134,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ethqoots.sys -- (ethqoots)
DRV - [2011/03/14 17:30:51 | 000,021,376 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\droidcam.sys -- (DroidCam)
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/07 12:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/05/08 07:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/07/21 14:02:46 | 002,363,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/28 07:11:36 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/02/14 07:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 07:21:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/02/14 07:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 07:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 07:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 07:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/11/30 08:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 22:38:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/18 15:58:01 | 000,000,000 | ---D | M]

[2009/01/20 20:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Extensions
[2009/01/20 20:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Extensions\[email protected]
[2011/05/08 13:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions
[2010/09/10 08:12:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/26 15:18:00 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/03/15 22:09:10 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\searchplugins\live-search.xml
[2011/05/08 13:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/10 09:16:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2010/03/18 19:08:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/08 22:38:45 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/29 20:14:32 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2011/05/08 22:38:48 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Google Update] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.h...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {526A6151-EC5A-4989-9E67-17AC82882E33} http://weatherguard...._downloader.cab (WEATHER GUARD Vehicle Solutions Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229627490044 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://longsdrugs.di...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} https://evalue.inter...nloads/Acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DTB.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell - "" = AutoRun
O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell - "" = AutoRun
O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell\AutoRun\command - "" = H:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\AutoRun\command - "" = Autorun.exe /run
O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell00\Command - "" = Autorun.exe /run
O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell01\Command - "" = Autorun.exe /action
O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell02\Command - "" = Autorun.exe /uninstall
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 08:29:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mike.DTB\Desktop\OTL.exe
[2011/05/19 08:19:35 | 000,134,656 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ethqoots.sys
[2011/05/19 08:19:30 | 000,215,040 | ---- | C] (Intel Corporation ) -- C:\WINDOWS\System32\itlpfw32.dll
[2011/05/19 08:06:31 | 000,114,688 | ---- | C] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2011/05/18 12:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Application Data\Skype
[2011/05/17 08:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\PG&E Winch Pics
[2011/05/11 21:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Emily
[2011/05/09 11:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Project Files
[2011/05/08 11:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Lydia Monthly Pics
[2011/05/03 08:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Bids Due

========== Files - Modified Within 30 Days ==========

[2011/05/19 08:29:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike.DTB\Desktop\OTL.exe
[2011/05/19 08:19:35 | 000,134,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ethqoots.sys
[2011/05/19 08:19:30 | 000,215,040 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\itlpfw32.dll
[2011/05/19 08:19:29 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/05/19 08:12:02 | 000,001,004 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/05/19 08:11:18 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/19 08:09:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/19 08:09:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/19 08:09:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/19 08:06:31 | 000,114,688 | ---- | M] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2011/05/19 08:06:26 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\vcbpjdj.job
[2011/05/19 08:06:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/19 08:06:02 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/18 16:38:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135UA.job
[2011/05/18 13:06:39 | 000,015,684 | -HS- | M] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\pk6t46aijo7k85vl803qs
[2011/05/18 13:06:39 | 000,015,684 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\pk6t46aijo7k85vl803qs
[2011/05/18 12:31:26 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\rkill.exe
[2011/05/18 12:30:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/18 11:56:32 | 000,094,208 | RHS- | M] () -- C:\WINDOWS\System32\wldap32X.dll
[2011/05/17 11:26:43 | 006,791,732 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\CWS Order Book Revision 5L.pdf
[2011/05/16 23:38:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135Core.job
[2011/05/16 19:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/15 23:57:48 | 001,256,617 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\Chevron Crack.JPG
[2011/05/15 20:47:52 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 22:35:59 | 000,002,202 | ---- | M] () -- C:\Documents and Settings\mike.DTB\.recently-used.xbel
[2011/05/11 22:10:16 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

========== Files Created - No Company Name ==========

[2011/05/19 08:19:29 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/05/18 15:50:17 | 2146,750,464 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/18 13:15:13 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\rkill.exe
[2011/05/18 12:04:08 | 000,015,684 | -HS- | C] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\pk6t46aijo7k85vl803qs
[2011/05/18 12:04:08 | 000,015,684 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pk6t46aijo7k85vl803qs
[2011/05/18 11:56:32 | 000,094,208 | RHS- | C] () -- C:\WINDOWS\System32\wldap32X.dll
[2011/05/18 11:56:32 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\vcbpjdj.job
[2011/05/17 11:26:41 | 006,791,732 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\CWS Order Book Revision 5L.pdf
[2011/05/15 23:57:48 | 001,256,617 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\Chevron Crack.JPG
[2011/05/11 22:35:59 | 000,002,202 | ---- | C] () -- C:\Documents and Settings\mike.DTB\.recently-used.xbel
[2011/05/08 22:39:01 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/14 17:46:16 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\droidcam-settings
[2011/03/03 17:30:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/16 01:13:37 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/19 07:32:51 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/20 18:55:39 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/20 18:55:39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/01 08:03:24 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Application Data\setup_ldm.iss
[2009/01/25 15:07:31 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Static Library
[2009/01/25 15:07:31 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\mike.DTB\Application Data\Sports
[2009/01/25 15:07:30 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/11/25 14:36:26 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/21 18:31:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/17 13:50:44 | 000,001,004 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/10/17 13:50:44 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\4D0C8ED9CB.sys
[2008/10/16 15:52:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/16 13:17:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2008/10/16 13:07:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2008/10/15 11:05:25 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/10/15 01:01:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/10/15 01:01:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/10/15 01:01:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/10/15 01:01:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/10/15 01:01:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/10/15 01:01:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/02/12 20:19:33 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/02/12 20:19:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/01/14 17:55:22 | 000,571,320 | ---- | C] () -- C:\WINDOWS\HPISExe.dat
[2008/01/14 17:54:04 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/11/06 13:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/07/21 13:33:32 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/07/21 13:33:32 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/07/21 13:33:32 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/06/12 05:30:04 | 000,151,367 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/06/08 10:05:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2007/02/06 15:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 14:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/07 06:19:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 06:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:14:52 | 000,503,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 06:14:52 | 000,093,662 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 06:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 06:07:40 | 000,465,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 06:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 05:59:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 01:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 01:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B

< End of report >

OTL Extras logfile created on: 5/19/2011 8:30:25 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\mike.DTB\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 102.36 Gb Free Space | 45.84% Space Free | Partition Type: NTFS
Drive E: | 9.59 Gb Total Space | 9.33 Gb Free Space | 97.33% Space Free | Partition Type: NTFS
Drive P: | 224.57 Gb Total Space | 133.91 Gb Free Space | 59.63% Space Free | Partition Type: NTFS
Drive R: | 224.57 Gb Total Space | 133.91 Gb Free Space | 59.63% Space Free | Partition Type: NTFS
Drive S: | 224.57 Gb Total Space | 133.91 Gb Free Space | 59.63% Space Free | Partition Type: NTFS

Computer Name: MIKE-LT | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3337:UDP" = 3337:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"3336:UDP" = 3336:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"3347:UDP" = 3347:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"58870:TCP" = 58870:TCP:*:Enabled:Pando Media Booster
"58870:UDP" = 58870:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"58870:TCP" = 58870:TCP:*:Enabled:Pando Media Booster
"58870:UDP" = 58870:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\ACT\Act for Windows\ActSage.exe" = C:\Program Files\ACT\Act for Windows\ActSage.exe:*:Disabled:ACT! by Sage -- (Sage Software, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\DroidCam\DroidCamApp.exe" = C:\Program Files\DroidCam\DroidCamApp.exe:*:Enabled:DroidCam Client -- ()
"C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\ACT\Act for Windows\ActSage.exe" = C:\Program Files\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! by Sage -- (Sage Software, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0C3345A6-2671-4D4D-E866-8035399579B7}" = Catalyst Control Center Localization Portuguese
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0E99D7D9-A9A8-497A-9982-AB7ABA3841F8}" = ACT! by Sage Premium 2008 (10.0)
"{10FEEFBE-E1F7-166E-06D1-FD95B1F8D11B}" = Catalyst Control Center Localization French
"{159EFA33-202B-177B-C9BB-918AA78E4455}" = Catalyst Control Center Localization Swedish
"{16859FDE-E9A7-FCC1-7749-8B0129FF2EC4}" = Catalyst Control Center Graphics Full Existing
"{18792CA5-34C8-AFAF-91AE-B3E810BDA1DD}" = CCC Help Swedish
"{20029520-0281-991E-A9A7-778B9ED13330}" = CCC Help Danish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 22
"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
"{278A9FF6-F7E2-DEBF-BF9E-EA224C82847F}" = Catalyst Control Center Localization Japanese
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AE624B6-52A1-766B-5376-927F364DDC9E}" = CCC Help English
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2C03FD7C-28A9-BD35-673F-64B988F93A12}" = Catalyst Control Center Graphics Light
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2EC484F7-C770-C881-F6CA-358195A24D3A}" = CCC Help Greek
"{2F1E63CF-1595-9EDA-049C-FBC98265F73A}" = CCC Help Spanish
"{2F545934-B8AA-08A2-E844-1B3E43CDABB1}" = CCC Help Hungarian
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java™ SE Development Kit 6 Update 18
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DD80687-4BF3-9754-179A-CEACD9901C90}" = CCC Help Turkish
"{3DDC9FFE-D7EB-A879-0172-69FFE3396DCA}" = Catalyst Control Center Localization Korean
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F93B2BA-18EC-462B-9ACD-396599353EE1}" = Catalyst Control Center - Branding
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{51C8F850-4218-4C7F-AB21-AD54241106ED}" = HP User Guides 0085
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{5392F156-3357-CE92-5DA5-B9308DF266E1}" = CCC Help Czech
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5E70A6C7-97CB-9718-2B22-5888BDB5DDD6}" = CCC Help Polish
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EDABC59-219A-07B2-866B-D048511AE24B}" = CCC Help Portuguese
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{64AE6DA6-8B61-4DF7-AFC0-7134E4C458FA}" = BIOS Configuration for HP ProtectTools
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E2B82F3-7762-45EA-73B2-68481AA75EBA}" = CCC Help Norwegian
"{6F23C784-DA33-2067-F934-3F22C7DB9FA9}" = Catalyst Control Center Core Implementation
"{6F51FA83-8BCB-B4B1-CD2A-BFBF87C3B11B}" = CCC Help Finnish
"{709A2672-C252-2370-4B3C-55A811EED318}" = Catalyst Control Center Localization Turkish
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7641FD7D-E94E-424E-A95C-0593C84DC0C0}" = VZAccess Manager
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79D658E8-92C6-5F79-0690-383E508A9EBE}" = ccc-core-preinstall
"{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}" = Mobile Broadband Generic Drivers
"{7FFC7529-B5F9-C553-1CF7-3EE84B788512}" = Skins
"{807AC506-8DCF-48A6-7033-5329F779B51B}" = Catalyst Control Center Localization Chinese Standard
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81F2BBFA-F900-48DA-DB22-D6040128612E}" = Catalyst Control Center Localization Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8AB5A517-306D-41C9-7AE4-5F2F5EFAC27A}" = Catalyst Control Center Localization Hungarian
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91ABB39D-DB48-50DF-DE1A-2E379D6EE580}" = Catalyst Control Center Localization Danish
"{93A80B19-F36B-C778-6009-CF14A7B10317}" = CCC Help Korean
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A4F445B6-FBAB-9276-CAF2-A7992A30CA19}" = ccc-core-static
"{A733AE13-9355-14BD-2B66-5B5C9A5F01EF}" = Catalyst Control Center Localization Polish
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC277607-AF19-9933-15EB-223301E5F2D9}" = Catalyst Control Center Localization Thai
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF646E74-C6C0-A881-3E5A-31D5308E4B68}" = Catalyst Control Center Localization Norwegian
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B3E988-3A34-73FD-6D17-55338E620BC9}" = Catalyst Control Center Localization Dutch
"{B99E2972-5693-1CFC-5B10-04D37BF1AC96}" = CCC Help Thai
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BED8FB24-9D21-463A-E6EE-090198841C6A}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2338ED1-3E5F-3A4D-A7C7-E63C4097C7D7}" = CCC Help Italian
"{C5CD8B5B-18CC-B8D2-916B-17CDD49EB9DF}" = CCC Help Russian
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAA3D27F-AE32-B9D1-4BE6-8D2D47B30F92}" = Catalyst Control Center Localization Finnish
"{CABF753A-F72A-492B-8628-ACCE34658CC7}" = CCC Help Dutch
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB5B5F80-73C5-1752-F46A-5494C8B1AB9D}" = CCC Help Chinese Standard
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{D28A2094-CFFA-B8A4-7DCA-9B59C4FB4730}" = Catalyst Control Center Localization Spanish
"{D2CBA04D-490B-07C2-0B32-EE998ECFFF1E}" = Catalyst Control Center Localization Chinese Traditional
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = Panorama Maker
"{D79341EE-8838-5B64-F0E0-34443CA709AF}" = CCC Help Japanese
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DE7C4AEE-C348-D40B-2038-E3CFE9C87DE9}" = Catalyst Control Center Localization Russian
"{E1DCAA98-90E1-4FBD-A942-28591B20F2D3}" = winLAME 2009 beta 1
"{E388170E-10BB-7149-604C-14C2CF8B3B33}" = CCC Help German
"{E396D04A-67E6-6CEC-F62E-68285C4D5294}" = Catalyst Control Center Localization Greek
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA86498F-D4B5-46F8-062F-F81DD01E9080}" = CCC Help French
"{EE690DCE-5D8D-4E52-9F72-F3ADE168A631}" = QBFC 6.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F26615EF-AF0A-486C-99C9-B65C8C401EBC}" = EuroTalk Talk Now!
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7A94D2C-0FF2-B635-6678-01926BF967D8}" = Catalyst Control Center Localization Italian
"{F80E9A98-9508-FE63-2B08-8AAC40C7A09A}" = CCC Help Chinese Traditional
"{F886C4F2-8F77-C194-50AB-533B9A36B8C1}" = Catalyst Control Center Localization German
"{FA15E8C7-5091-60C3-2B45-C3566B95B8DD}" = ccc-utility
"4781-9995-0325-5973" = Fishbowl Inventory 2011.6
"7479-7711-6087-9829" = iReport 4.0.0
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.2.6 Standard
"Adobe Acrobat 8 Standard_826" = Adobe Acrobat 8.2.6 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AutoCAD LT 2000 Uninstall" = AutoCAD LT 2000
"AviSynth" = AviSynth 2.5
"CDisplayEx_is1" = CDisplayEx 1.4
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DesignWorkshop Lite" = DesignWorkshop Lite
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0E99D7D9-A9A8-497A-9982-AB7ABA3841F8}" = ACT! by Sage Premium 2008 (10.0)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mp3tag" = Mp3tag v2.42
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Trim Spaces for Excel_is1" = Trim Spaces for Excel 1.3
"UndeletePlus_is1" = Undelete Plus 2.98
"UndeletePlus�_is1" = UndeletePlus� 3.0.0.521
"USBWebcam" = USB Webcam
"Visual PRO/5" = Visual PRO/5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/18/2011 7:05:27 PM | Computer Name = MIKE-LT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 5/18/2011 7:05:27 PM | Computer Name = MIKE-LT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/18/2011 7:05:28 PM | Computer Name = MIKE-LT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 5/18/2011 7:05:28 PM | Computer Name = MIKE-LT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/19/2011 11:06:25 AM | Computer Name = MIKE-LT | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 5/19/2011 11:09:12 AM | Computer Name = MIKE-LT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 5/19/2011 11:09:12 AM | Computer Name = MIKE-LT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/19/2011 11:09:13 AM | Computer Name = MIKE-LT | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.

Error - 5/19/2011 11:09:13 AM | Computer Name = MIKE-LT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/19/2011 11:19:33 AM | Computer Name = MIKE-LT | Source = McLogEvent | ID = 259
Description = The file C:\WINDOWS\TEMP\V30516.exe contains the W32/Tuareg Virus.
No cleaner available, file deleted successfully. Detected using Scan engine version
5400.1158 DAT version 6350.0000.

[ System Events ]
Error - 5/18/2011 6:50:40 PM | Computer Name = MIKE-LT | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain DTB due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 5/18/2011 6:51:59 PM | Computer Name = MIKE-LT | Source = Service Control Manager | ID = 7000
Description = The Firebird Server - DefaultInstance service failed to start due
to the following error: %%3

Error - 5/18/2011 6:51:59 PM | Computer Name = MIKE-LT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde Pcmcia ViaIde

Error - 5/18/2011 6:52:02 PM | Computer Name = MIKE-LT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/18/2011 7:07:17 PM | Computer Name = MIKE-LT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 5/18/2011 7:37:18 PM | Computer Name = MIKE-LT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 5/19/2011 11:06:54 AM | Computer Name = MIKE-LT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/19/2011 11:07:09 AM | Computer Name = MIKE-LT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/19/2011 11:07:39 AM | Computer Name = MIKE-LT | Source = Service Control Manager | ID = 7000
Description = The Firebird Server - DefaultInstance service failed to start due
to the following error: %%3

Error - 5/19/2011 11:22:10 AM | Computer Name = MIKE-LT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.


< End of report >
  • 0

Advertisements


#2
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
If it would help, I can run and post a Combofix and Gooredfix log.
  • 0

#3
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Here is my original MBAM Log. However, those weird redirects blew back up into the full blown infection again, so I had to run MBAM a second time. Also attached are the results of my second MBAM log, as well as a GMER log. The problem, however, still persists:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6611

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/18/2011 3:44:31 PM
mbam-log-2011-05-18 (15-44-31).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 390678
Time elapsed: 1 hour(s), 2 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SNJQ66R8MU (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SNJQ66R8MU (Trojan.Downloader) -> Value: SNJQ66R8MU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lavsstr70.exe (Trojan.FakeAlert) -> Value: lavsstr70.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Skype (Trojan.Agent) -> Value: Skype -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\mike.DTB\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\mike.DTB\local settings\Temp\Avz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\application data\fe442b965fd86bcfad90d4711b37bdb9\lavsstr70.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\application data\Adobe\plugs\kb13108203.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\application data\Sun\Java\deployment\cache\6.0\24\42332498-1b1d8c0f (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\local settings\application data\lcn.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\local settings\Temp\Av0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\local settings\Temp\Avx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\local settings\Temp\Avy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Axyxaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\ktxc\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\Desktop\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\start menu\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\start menu\Programs\Startup\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\application data\Skype\Phone\Skype.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\mike.DTB\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

**********************************************************************

Malwarebytes' Anti-Malware

1.50.1.1100
www.malwarebytes.org

Database version: 6611

Windows 5.1.2600 Service Pack 3

(Safe Mode)
Internet Explorer 8.0.6001.18702

5/19/2011 7:27:59 PM
mbam-log-2011-05-19 (19-27-59).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 385505
Time elapsed: 59 minute(s), 11

second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\itlnfw32.dll

(Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsof

t\Windows

NT\CurrentVersion\Winlogon\Notify\it

lnfw32 (Trojan.Agent) -> Quarantined

and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsof

t\Security

Center\AntiVirusDisableNotify

(PUM.Disabled.SecurityCenter) ->

Bad: (1) Good: (0) -> Quarantined

and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsof

t\Security

Center\FirewallDisableNotify

(PUM.Disabled.SecurityCenter) ->

Bad: (1) Good: (0) -> Quarantined

and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsof

t\Security

Center\UpdatesDisableNotify

(PUM.Disabled.SecurityCenter) ->

Bad: (1) Good: (0) -> Quarantined

and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and

settings\mike.DTB\local

settings\application data\rsq.exe

(Trojan.ExeShell.Gen) -> Quarantined

and deleted successfully.
c:\system volume

information\_restore{a80475b6-cf6d-

4b3a-bd21-b16c67db5304}\RP0

\A0000025.exe (Trojan.FakeAlert) ->

Quarantined and deleted

successfully.
c:\system volume

information\_restore{a80475b6-cf6d-

4b3a-bd21-b16c67db5304}\RP0

\A0000026.exe (Trojan.FakeAlert) ->

Quarantined and deleted

successfully.
c:\system volume

information\_restore{a80475b6-cf6d-

4b3a-bd21-b16c67db5304}\RP0

\A0000027.exe (Malware.Gen) ->

Quarantined and deleted

successfully.
c:\system volume

information\_restore{a80475b6-cf6d-

4b3a-bd21-b16c67db5304}\RP0

\A0000028.exe (Trojan.Downloader) ->

Quarantined and deleted

successfully.
c:\WINDOWS\system32\itlnfw32.dll

(Trojan.Agent) -> Quarantined and

deleted successfully.
c:\WINDOWS\system32\itlpfw32.dll

(Trojan.Agent) -> Quarantined and

deleted successfully.

**********************************************************************

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-20 08:05:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.BBFO
Running: i0hwzx95.exe; Driver: C:\DOCUME~1\mike.DTB\LOCALS~1\Temp\kwldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

? nfgmwbjg.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AD000A
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AE000A
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006F000C
.text C:\WINDOWS\system32\svchost.exe[1292] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00FF000A
.text C:\WINDOWS\Explorer.EXE[1516] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D5000A
.text C:\WINDOWS\Explorer.EXE[1516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D6000A
.text C:\WINDOWS\Explorer.EXE[1516] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C3000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs bihomimo.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
  • 0

#4
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I also tried running Super Anti Spyware, but after performing the cleaning I was prompted to reboot. The computer hung up on the reboot, so after waiting for over an hour I finally gave it a hard shutdown. I logged back in to get my SAS log, and the redirect problem STILL persisted, AND I once again couldn't shut down and had to give it a hard shutdown. I've left it off ever since Friday. Here are the results of my SAS cleaning:

It was still hanging when I got back from lunch, so I went ahead and gave it a hard shutdown. Browser redirection still exists, so I'm shutting the computer down after posting this pending further advice. My SAS Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/20/2011 at 11:12 AM

Application Version : 4.52.1000

Core Rules Database Version : 7096
Trace Rules Database Version: 4908

Scan type : Complete Scan
Total Scan Time : 02:39:22

Memory items scanned : 286
Memory threats detected : 0
Registry items scanned : 8749
Registry threats detected : 0
File items scanned : 179662
File threats detected : 358

Adware.Tracking Cookie
C:\Documents and Settings\mike.DTB\Cookies\mike@advertnation[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@tribalfusion[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@pointroll[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@insightexpressai[2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@invitemedia[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adecn[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@trafficmp[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@collective-media[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@specificmedia[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@ru4[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adbrite[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adxpose[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@media6degrees[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@dmtracker[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@2o7[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adinterax[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@questionmarket[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@specificclick[3].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@revsci[2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][3].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@lucidmedia[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@serving-sys[2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][4].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@mediabrandsww[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@kontera[3].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@pro-market[2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@legolas-media[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@lucidmedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@imrworldwide[3].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@harrenmedianetwork[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@lucidmedia[4].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][3].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
.kaspersky.122.2o7.net [ C:\Documents and Settings\Administrator.DOUGLASS\Application Data\Mozilla\Firefox\Profiles\gv627ajq.default\cookies.sqlite ]
.clickbank.net [ C:\Documents and Settings\Administrator.DOUGLASS\Application Data\Mozilla\Firefox\Profiles\gv627ajq.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Administrator.DOUGLASS\Application Data\Mozilla\Firefox\Profiles\gv627ajq.default\cookies.sqlite ]
C:\Documents and Settings\administrator.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\administrator.DTB\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\administrator.DTB\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\administrator.DTB\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\administrator.DTB\Cookies\administrator@interclick[1].txt
C:\Documents and Settings\administrator.DTB\Cookies\administrator@revsci[1].txt
media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\D79AKQTQ ]
a.ads2.msads.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
a.media.soapnet.go.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
acvs.mediaonenetwork.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
adimages.scrippsnetworks.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
ads2.msads.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
adsatt.espn.go.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
ao1.crosscutmedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
b.ads2.msads.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
bc.youporn.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
blog.youradultcams.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
broadcast.piximedia.fr [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
cache.specificmedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
cdn-www.pornhub.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
cdn.eyewonder.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
cdn.insights.gravity.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
cdn.media.soapnet.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
cdn4.specificclick.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
cloud.video.unrulymedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
content.oddcast.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
convoad.technoratimedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
core.insightexpressai.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
crackle.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
dcl.wdpromedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
dcl2.wdpromedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
dlr1.wdpromedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
ds.serving-sys.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
googleads.g.doubleclick.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
ia.media-imdb.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
ictv-ic-ec.indieclicktv.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
ieadtrack.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
images.indieclick.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
indieclick.3janecdn.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
interclick.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
m.uk.2mdn.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
m1.2mdn.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.bakersfieldnow.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.entertonement.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.hamptonroads.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.ign.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.jambocast.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.mtvnservices.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.noob.us [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.podaddies.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.scanscout.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.socialvibe.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.tattomedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media.vmixcore.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media01.kyte.tv [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media1.break.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media1.clubpenguin.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
media10.washingtonpost.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
mediaplex.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
msnbcmedia.msn.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
msntest.serving-sys.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
naiadsystems.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
objects.tremormedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
parksandresorts2.wdpromedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
picayune.uclick.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
rmd.atdmt.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
s0.2mdn.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
secure-uk.imrworldwide.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
serving-sys.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
spe.atdmt.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
speed.pointroll.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
static.2mdn.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
static.youporn.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
stmedia.startribune.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
udn.specificclick.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
videos.mediaite.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
vidii.hardsextube.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
wdw2.wdpromedia.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
www.adultswim.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
www.bisexualplayground.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
www.crackle.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
www.naiadsystems.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
www.petfinder.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
www.soundclick.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
wwwstatic.megaporn.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
xxxbunker.com [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
yieldmanager.edgesuite.net [ C:\Documents and Settings\mike.DTB\Application Data\Macromedia\Flash Player\#SharedObjects\PN6VZSX5 ]
C:\Documents and Settings\mike.DTB\Cookies\mike@247realmedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@2o7[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adbrite[2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adinterax[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@adtech[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@advertise[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@advertising[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@atdmt[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@atwola[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@azjmp[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@buttecounty[2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@chitika[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@collective-media[2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@countyofbutte[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@dealtime[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@dmtracker[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@imrworldwide[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@insightexpressai[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@interclick[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@intermundomedia[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@invitemedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@kontera[2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@media6degrees[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@mediafire[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@mediarecover[2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@myroitracking[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@naked[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@nextag[2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@overture[2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@pointroll[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@pro-market[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@questionmarket[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@realmedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@revenue[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@revsci[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@roiservice[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@saccounty[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][3].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][4].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][6].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][3].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][4].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@serving-sys[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@smartadserver[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@smileycentral[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@socialmedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@specificclick[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@specificmedia[2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@superstats[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@tacoda[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@technologyquestions[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@thefind[3].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@trafficmp[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@traffic[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@traveladvertising[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@tribalfusion[2].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@tripod[1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][2].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][3].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][4].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\[email protected][1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@xiti[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@yieldmanager[1].txt
C:\Documents and Settings\mike.DTB\Cookies\mike@yieldmanager[2].txt
cdn4.specificclick.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
udn.specificclick.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\B8XPHMLE ]
C:\Documents and Settings\NetworkService\Cookies\system@2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adservr[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt

Rogue.AntiMalwareDoctor
C:\Documents and Settings\mike.DTB\Application Data\FE442B965FD86BCFAD90D4711B37BDB9

Trojan.Agent/Gen-RogueDrop
C:\DOCUMENTS AND SETTINGS\MIKE.DTB\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\6.0\42\6DADDD6A-5EF5F502

Trojan.Agent/Gen-IExplorer[Fake]
C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\TEMP\RARSFX1\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\TEMP\RARSFX4\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC
C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\TEMP\RARSFX0\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\TEMP\RARSFX1\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\TEMP\RARSFX4\PROCS\EXPLORER.EXE

Heuristic.Backdoor
C:\WINDOWS\TEMP\EXPLORER.EXE

Trojan.Agent/Gen-Faldesc[RE]
C:\WINDOWS\TEMP\TBUQ\SETUP.EXE
  • 0

#5
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Nevermind, it looks like I got it. Turns out I had a TDSS family rootkit that was redirecting me until I'd eventually end up with the virus again. I think I'm resolved, but if you'd like to see any logs to verify don't hesitate to let me know.
  • 0

#6
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Nevermind, it looks like I got it. Turns out I had a TDSS family rootkit that was redirecting me until I'd eventually end up with the virus again. I think I'm resolved, but if you'd like to see any logs to verify don't hesitate to let me know.
  • 0

#7
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Nevermind, I think I got it... looks like the redirects were being caused by a TDSS rootkit (used tdsskiller). Let me know if you'd like to see a log to verify before marking this resolved, but everything is FINALLY behaving again.
  • 0

#8
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Nevermind, I think I got it... looks like the redirects were being caused by a TDSS rootkit (used tdsskiller). Let me know if you'd like to see a log to verify before marking this resolved, but everything is FINALLY behaving again.
  • 0

#9
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
If everything looks good to you guys, can you please close this topic? I'm interested in taking your GTG Malware Removal course, and I'd like to clean up my content before applying :-)
  • 0

#10
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi :yes:
:) . My name is Michael and I am here to help you fix your computer. :unsure:
If you have already received help elsewhere please inform me so that this topic can be closed.
If you haven't, please keep reading:
Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read.
  • Save or print these instructions as a part of the fix will be in safe mode where you will not be able to access the internet.
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.



It seems you found the infection :) There are other infections on your computer as well though


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Next:


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2011/05/19 08:19:08 | 000,025,088 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\Temp\tbuq\setup.exe
    SRV - [2011/05/19 08:19:30 | 000,215,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\itlpfw32.dll -- (itlperf)
    DRV - [2011/05/19 08:19:35 | 000,134,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ethqoots.sys --
    (ethqoots)
    O4 - HKLM..\Run: [] File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
    O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
    O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell - "" = AutoRun
    O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
    O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell - "" = AutoRun
    O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell\AutoRun\command - "" = H:\VZAccess_Manager.exe /z detect
    O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\AutoRun\command - "" = Autorun.exe /run
    O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell00\Command - "" = Autorun.exe /run
    O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell01\Command - "" = Autorun.exe /action
    O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell02\Command - "" = Autorun.exe /uninstall
    [2011/05/19 08:19:35 | 000,134,656 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ethqoots.sys
    [2011/05/19 08:19:30 | 000,215,040 | ---- | C] (Intel Corporation ) -- C:\WINDOWS\System32\itlpfw32.dll
    [2011/05/19 08:19:35 | 000,134,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ethqoots.sys
    [2011/05/19 08:19:30 | 000,215,040 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\itlpfw32.dll
    [2011/05/19 08:19:29 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\itlnfw32.dll
    [2011/05/19 08:06:26 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\vcbpjdj.job
    [2011/05/18 13:06:39 | 000,015,684 | -HS- | M] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\pk6t46aijo7k85vl803qs
    [2011/05/18 13:06:39 | 000,015,684 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\pk6t46aijo7k85vl803qs
    [2011/05/18 11:56:32 | 000,094,208 | RHS- | M] () -- C:\WINDOWS\System32\wldap32X.dll
    [2011/05/19 08:19:29 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\itlnfw32.dll
    [2011/05/18 12:04:08 | 000,015,684 | -HS- | C] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\pk6t46aijo7k85vl803qs
    [2011/05/18 12:04:08 | 000,015,684 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pk6t46aijo7k85vl803qs
    [2011/05/18 11:56:32 | 000,094,208 | RHS- | C] () -- C:\WINDOWS\System32\wldap32X.dll
    [2011/05/18 11:56:32 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\vcbpjdj.job

    :Services

    :Reg

    :Files
    C:\WINDOWS\TEMP\V30516.exe
    c:\documents and settings\mike.DTB\application data\fe442b965fd86bcfad90d4711b37bdb9
    c:\documents and settings\mike.DTB\start menu\Programs\antimalware doctor

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements


#11
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hi Michael,

I've already run TDSSKiller, which is what I used to handle the redirect on Sunday. Here is that log:

2011/05/23 00:48:17.0703 0532 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/23 00:48:18.0171 0532 ================================================================================
2011/05/23 00:48:18.0171 0532 SystemInfo:
2011/05/23 00:48:18.0171 0532
2011/05/23 00:48:18.0171 0532 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/23 00:48:18.0171 0532 Product type: Workstation
2011/05/23 00:48:18.0171 0532 ComputerName: MIKE-LT
2011/05/23 00:48:18.0171 0532 UserName: mike
2011/05/23 00:48:18.0171 0532 Windows directory: C:\WINDOWS
2011/05/23 00:48:18.0171 0532 System windows directory: C:\WINDOWS
2011/05/23 00:48:18.0171 0532 Processor architecture: Intel x86
2011/05/23 00:48:18.0171 0532 Number of processors: 2
2011/05/23 00:48:18.0171 0532 Page size: 0x1000
2011/05/23 00:48:18.0171 0532 Boot type: Safe boot with network
2011/05/23 00:48:18.0171 0532 ================================================================================
2011/05/23 00:48:18.0562 0532 Initialize success
2011/05/23 00:48:44.0921 1280 ================================================================================
2011/05/23 00:48:44.0921 1280 Scan started
2011/05/23 00:48:44.0921 1280 Mode: Manual;
2011/05/23 00:48:44.0921 1280 ================================================================================
2011/05/23 00:48:46.0359 1280 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/23 00:48:46.0406 1280 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/23 00:48:46.0500 1280 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/05/23 00:48:46.0718 1280 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/05/23 00:48:46.0812 1280 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/23 00:48:46.0875 1280 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/23 00:48:47.0000 1280 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/05/23 00:48:47.0390 1280 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/23 00:48:47.0562 1280 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/23 00:48:47.0843 1280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/23 00:48:47.0906 1280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/23 00:48:48.0109 1280 ati2mtag (b11e7e282eeb8d144b2f429fa0383c0a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/23 00:48:48.0312 1280 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/23 00:48:48.0390 1280 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/23 00:48:48.0453 1280 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/23 00:48:48.0593 1280 btaudio (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys
2011/05/23 00:48:48.0734 1280 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/05/23 00:48:48.0843 1280 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/05/23 00:48:49.0015 1280 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/05/23 00:48:49.0078 1280 btwmodem (e206ec370646e42dc862fd995869d31d) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/05/23 00:48:49.0156 1280 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/05/23 00:48:49.0218 1280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/23 00:48:49.0421 1280 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/23 00:48:49.0500 1280 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/23 00:48:49.0546 1280 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/23 00:48:49.0765 1280 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/23 00:48:49.0890 1280 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/23 00:48:50.0125 1280 DAMDrv (5d5984255a4bfaa4262fb750df7cd537) C:\WINDOWS\system32\DRIVERS\DAMDrv.sys
2011/05/23 00:48:50.0218 1280 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/23 00:48:50.0421 1280 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/23 00:48:50.0562 1280 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/23 00:48:50.0625 1280 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/23 00:48:50.0718 1280 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/23 00:48:50.0828 1280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/23 00:48:50.0968 1280 DroidCam (6b2217af067d2f4d04fa2ae0ffa7a3aa) C:\WINDOWS\system32\drivers\droidcam.sys
2011/05/23 00:48:51.0062 1280 e1express (ed91f1042071a36f54e7c430e130e4cd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/05/23 00:48:51.0187 1280 ethqoots (b4f210a11fc62a0285063fc785430ac3) C:\WINDOWS\system32\drivers\ethqoots.sys
2011/05/23 00:48:51.0390 1280 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/23 00:48:51.0484 1280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/23 00:48:51.0531 1280 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/23 00:48:51.0640 1280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/23 00:48:51.0781 1280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/23 00:48:51.0875 1280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/23 00:48:51.0968 1280 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/23 00:48:52.0062 1280 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/23 00:48:52.0140 1280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/23 00:48:52.0218 1280 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/05/23 00:48:52.0312 1280 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/23 00:48:52.0453 1280 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/23 00:48:52.0593 1280 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/05/23 00:48:52.0734 1280 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/23 00:48:52.0953 1280 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/23 00:48:53.0031 1280 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
2011/05/23 00:48:53.0109 1280 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/23 00:48:53.0296 1280 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/23 00:48:53.0343 1280 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/23 00:48:53.0390 1280 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/23 00:48:53.0453 1280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/23 00:48:53.0531 1280 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/23 00:48:53.0640 1280 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/23 00:48:53.0687 1280 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/23 00:48:53.0750 1280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/23 00:48:53.0843 1280 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/23 00:48:54.0000 1280 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/23 00:48:54.0046 1280 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/23 00:48:54.0109 1280 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/23 00:48:54.0140 1280 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/23 00:48:54.0359 1280 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/05/23 00:48:54.0515 1280 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/05/23 00:48:54.0609 1280 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2011/05/23 00:48:54.0750 1280 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/05/23 00:48:54.0796 1280 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/23 00:48:54.0906 1280 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/23 00:48:54.0968 1280 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/23 00:48:55.0125 1280 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
2011/05/23 00:48:55.0234 1280 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys
2011/05/23 00:48:55.0343 1280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/23 00:48:55.0437 1280 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/23 00:48:55.0484 1280 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/23 00:48:55.0640 1280 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/23 00:48:55.0671 1280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/23 00:48:55.0750 1280 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
2011/05/23 00:48:55.0828 1280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/23 00:48:55.0921 1280 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/23 00:48:56.0093 1280 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/23 00:48:56.0171 1280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/23 00:48:56.0265 1280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/23 00:48:56.0296 1280 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/23 00:48:56.0375 1280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/23 00:48:56.0578 1280 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/23 00:48:56.0640 1280 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/23 00:48:56.0671 1280 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/23 00:48:56.0734 1280 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/23 00:48:56.0781 1280 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/23 00:48:56.0828 1280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/23 00:48:57.0015 1280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/23 00:48:57.0093 1280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/23 00:48:57.0296 1280 NETw4x32 (a9574f52e2fd5c1c1b4807a326e0488f) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/05/23 00:48:57.0515 1280 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/23 00:48:57.0593 1280 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/05/23 00:48:57.0656 1280 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/05/23 00:48:57.0843 1280 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/23 00:48:57.0890 1280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/23 00:48:58.0078 1280 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/23 00:48:58.0156 1280 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2011/05/23 00:48:58.0218 1280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/23 00:48:58.0250 1280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/23 00:48:58.0312 1280 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
2011/05/23 00:48:58.0390 1280 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
2011/05/23 00:48:58.0578 1280 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
2011/05/23 00:48:58.0609 1280 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
2011/05/23 00:48:58.0687 1280 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/23 00:48:58.0765 1280 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/23 00:48:58.0921 1280 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/23 00:48:59.0015 1280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/23 00:48:59.0125 1280 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/23 00:48:59.0203 1280 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/23 00:48:59.0265 1280 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/23 00:48:59.0843 1280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/23 00:48:59.0921 1280 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/23 00:49:00.0000 1280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/23 00:49:00.0062 1280 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/23 00:49:00.0375 1280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/23 00:49:00.0484 1280 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/05/23 00:49:00.0546 1280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/23 00:49:00.0593 1280 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/23 00:49:00.0734 1280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/23 00:49:00.0828 1280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/23 00:49:00.0859 1280 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/23 00:49:00.0921 1280 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/23 00:49:01.0062 1280 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/23 00:49:01.0187 1280 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/23 00:49:01.0281 1280 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
2011/05/23 00:49:01.0484 1280 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/23 00:49:01.0562 1280 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/23 00:49:01.0765 1280 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/23 00:49:01.0843 1280 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/23 00:49:01.0906 1280 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/23 00:49:02.0000 1280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/23 00:49:02.0140 1280 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/05/23 00:49:02.0250 1280 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
2011/05/23 00:49:02.0546 1280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/23 00:49:02.0640 1280 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/23 00:49:02.0718 1280 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/23 00:49:02.0828 1280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/23 00:49:02.0984 1280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/23 00:49:03.0281 1280 SynTP (6f9cff60129569ec39efc490f4bcde0e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/23 00:49:03.0343 1280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/23 00:49:03.0468 1280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/23 00:49:03.0609 1280 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/23 00:49:03.0671 1280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/23 00:49:03.0734 1280 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/23 00:49:04.0015 1280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/23 00:49:04.0140 1280 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/23 00:49:04.0265 1280 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/23 00:49:04.0437 1280 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/23 00:49:04.0593 1280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/23 00:49:04.0656 1280 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/23 00:49:04.0750 1280 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/23 00:49:04.0890 1280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/23 00:49:04.0953 1280 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/23 00:49:05.0015 1280 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/23 00:49:05.0093 1280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/23 00:49:05.0125 1280 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/23 00:49:05.0281 1280 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/23 00:49:05.0390 1280 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/23 00:49:05.0468 1280 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/23 00:49:05.0593 1280 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/23 00:49:05.0828 1280 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/05/23 00:49:05.0890 1280 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/23 00:49:06.0000 1280 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/23 00:49:06.0109 1280 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/23 00:49:06.0187 1280 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/23 00:49:06.0328 1280 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/23 00:49:06.0328 1280 ================================================================================
2011/05/23 00:49:06.0328 1280 Scan finished
2011/05/23 00:49:06.0328 1280 ================================================================================
2011/05/23 00:49:06.0375 0212 Detected object count: 1
2011/05/23 00:49:13.0421 0212 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/23 00:49:13.0421 0212 \HardDisk0 - ok
2011/05/23 00:49:13.0421 0212 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/23 00:49:59.0765 1060 Deinitialize success
  • 0

#12
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Before I run that OTL fix, would you mind re-reviewing my new OTL log? Since that last log is almost a week old and I've run MBAM, Mcafee, TDSSKiller, and Superantispyware since then, I just want to make sure you've got the current information before I plug the fix in. Not trying to be difficult, just trying to make sure you're working with current information.

OTL logfile created on: 5/24/2011 8:32:04 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\mike.DTB\Desktop\Virus Removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 103.29 Gb Free Space | 46.26% Space Free | Partition Type: NTFS
Drive E: | 9.59 Gb Total Space | 9.33 Gb Free Space | 97.33% Space Free | Partition Type: NTFS
Drive P: | 224.57 Gb Total Space | 133.87 Gb Free Space | 59.61% Space Free | Partition Type: NTFS
Drive R: | 224.57 Gb Total Space | 133.87 Gb Free Space | 59.61% Space Free | Partition Type: NTFS
Drive S: | 224.57 Gb Total Space | 133.87 Gb Free Space | 59.61% Space Free | Partition Type: NTFS

Computer Name: MIKE-LT | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/19 08:29:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike.DTB\Desktop\Virus Removal\OTL.exe
PRC - [2011/05/08 22:38:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/21 13:03:40 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/11/13 04:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/22 10:21:28 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/24 07:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/23 20:55:18 | 000,009,728 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [2007/10/18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe
PRC - [2007/02/06 15:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/06 15:11:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/30 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 08:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 13:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 13:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 03:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2004/08/31 13:49:26 | 001,982,464 | ---- | M] (BASIS International Ltd.) -- C:\BASIS\VPRO5\vpro5.exe


========== Modules (SafeList) ==========

MOD - [2011/05/19 08:29:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike.DTB\Desktop\Virus Removal\OTL.exe
MOD - [2011/01/11 04:27:10 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2007/02/06 15:19:44 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - File not found [Auto | Stopped] -- -- (FirebirdServerDefaultInstance)
SRV - [2009/11/13 04:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/10/24 07:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/02/12 20:43:55 | 000,155,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\imapihp.exe -- (ImapiService)
SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/23 21:00:54 | 000,065,536 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2007/06/08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/30 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/05/19 08:19:35 | 000,134,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ethqoots.sys -- (ethqoots)
DRV - [2011/03/14 17:30:51 | 000,021,376 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\droidcam.sys -- (DroidCam)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/07 12:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/05/08 07:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/07/21 14:02:46 | 002,363,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/28 07:11:36 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/02/14 07:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 07:21:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/02/14 07:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 07:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 07:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 07:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/11/30 08:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 22:38:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/18 15:58:01 | 000,000,000 | ---D | M]

[2009/01/20 20:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Extensions
[2009/01/20 20:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Extensions\[email protected]
[2011/05/08 13:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions
[2010/09/10 08:12:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/26 15:18:00 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/03/15 22:09:10 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\searchplugins\live-search.xml
[2011/05/08 13:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/10 09:16:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2010/03/18 19:08:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/08 22:38:45 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/29 20:14:32 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2011/05/08 22:38:48 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Google Update] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.h...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {526A6151-EC5A-4989-9E67-17AC82882E33} http://weatherguard...._downloader.cab (WEATHER GUARD Vehicle Solutions Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229627490044 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://longsdrugs.di...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} https://evalue.inter...nloads/Acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DTB.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\itlnfw32: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell - "" = AutoRun
O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell - "" = AutoRun
O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell\AutoRun\command - "" = H:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\AutoRun\command - "" = Autorun.exe /run
O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell00\Command - "" = Autorun.exe /run
O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell01\Command - "" = Autorun.exe /action
O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell02\Command - "" = Autorun.exe /uninstall
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 08:06:12 | 000,114,688 | ---- | C] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2011/05/20 08:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Application Data\SUPERAntiSpyware.com
[2011/05/20 08:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/20 08:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/20 08:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/19 09:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Virus Removal
[2011/05/19 08:19:35 | 000,134,656 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ethqoots.sys
[2011/05/18 12:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Application Data\Skype
[2011/05/17 08:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\PG&E Winch Pics
[2011/05/11 21:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Emily
[2011/05/09 11:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Project Files
[2011/05/08 11:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Lydia Monthly Pics
[2011/05/03 08:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Bids Due

========== Files - Modified Within 30 Days ==========

[2011/05/24 08:38:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135UA.job
[2011/05/24 08:11:06 | 000,001,004 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/05/24 08:10:09 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/24 08:09:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/24 08:09:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/24 08:09:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/24 08:05:33 | 000,114,688 | ---- | M] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2011/05/24 08:05:30 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\vcbpjdj.job
[2011/05/24 08:05:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/24 08:05:07 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/23 15:54:47 | 001,048,439 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\VID-20110523-00000.3GP
[2011/05/23 00:42:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/22 21:12:36 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/05/22 21:12:23 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/20 08:19:15 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/19 11:57:22 | 000,013,520 | -HS- | M] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt
[2011/05/19 11:57:22 | 000,013,520 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt
[2011/05/19 11:19:43 | 001,997,006 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\ED4-77.pdf
[2011/05/19 08:19:35 | 000,134,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ethqoots.sys
[2011/05/18 13:06:39 | 000,015,684 | -HS- | M] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\pk6t46aijo7k85vl803qs
[2011/05/18 13:06:39 | 000,015,684 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\pk6t46aijo7k85vl803qs
[2011/05/17 11:26:43 | 006,791,732 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\CWS Order Book Revision 5L.pdf
[2011/05/16 23:38:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135Core.job
[2011/05/16 19:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/15 23:57:48 | 001,256,617 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\Chevron Crack.JPG
[2011/05/15 20:47:52 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 22:35:59 | 000,002,202 | ---- | M] () -- C:\Documents and Settings\mike.DTB\.recently-used.xbel
[2011/05/11 22:10:16 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/08 22:39:08 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/05/23 15:54:47 | 001,048,439 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\VID-20110523-00000.3GP
[2011/05/23 00:55:50 | 2146,750,464 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/22 21:12:36 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/05/22 21:12:23 | 000,000,238 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/20 08:19:15 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/19 11:55:13 | 000,013,520 | -HS- | C] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt
[2011/05/19 11:55:13 | 000,013,520 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt
[2011/05/19 11:19:24 | 001,997,006 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\ED4-77.pdf
[2011/05/18 12:04:08 | 000,015,684 | -HS- | C] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\pk6t46aijo7k85vl803qs
[2011/05/18 12:04:08 | 000,015,684 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pk6t46aijo7k85vl803qs
[2011/05/18 11:56:32 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\vcbpjdj.job
[2011/05/17 11:26:41 | 006,791,732 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\CWS Order Book Revision 5L.pdf
[2011/05/15 23:57:48 | 001,256,617 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\Chevron Crack.JPG
[2011/05/11 22:35:59 | 000,002,202 | ---- | C] () -- C:\Documents and Settings\mike.DTB\.recently-used.xbel
[2011/05/08 22:39:01 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/14 17:46:16 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\droidcam-settings
[2011/03/03 17:30:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/16 01:13:37 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/19 07:32:51 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/20 18:55:39 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/20 18:55:39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/01 08:03:24 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Application Data\setup_ldm.iss
[2009/01/25 15:07:31 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Static Library
[2009/01/25 15:07:31 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\mike.DTB\Application Data\Sports
[2009/01/25 15:07:30 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/11/25 14:36:26 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/21 18:31:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/17 13:50:44 | 000,001,004 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/10/17 13:50:44 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\4D0C8ED9CB.sys
[2008/10/16 15:52:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/16 13:17:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2008/10/16 13:07:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2008/10/15 11:05:25 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/10/15 01:01:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/10/15 01:01:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/10/15 01:01:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/10/15 01:01:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/10/15 01:01:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/10/15 01:01:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/02/12 20:19:33 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/02/12 20:19:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/01/14 17:55:22 | 000,571,320 | ---- | C] () -- C:\WINDOWS\HPISExe.dat
[2008/01/14 17:54:04 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/11/06 13:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/07/21 13:33:32 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/07/21 13:33:32 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/07/21 13:33:32 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/06/12 05:30:04 | 000,151,367 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/06/08 10:05:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2007/02/06 15:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 14:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/07 06:19:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 06:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:14:52 | 000,503,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 06:14:52 | 000,093,662 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 06:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 06:07:40 | 000,465,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 06:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 05:59:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 01:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 01:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B

< End of report >
  • 0

#13
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Please run a fresh TDSSKiller scan to see if it's cured
Also, please run the fix and then post the new OTL log. It won't hurt anything if something is not there
  • 0

#14
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Sweet! I'll jump right on it.
  • 0

#15
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
2011/05/24 08:57:21.0937 1996 TDSS rootkit removing tool 2.5.2.0 May 24 2011 11:01:23
2011/05/24 08:57:22.0328 1996 ================================================================================
2011/05/24 08:57:22.0328 1996 SystemInfo:
2011/05/24 08:57:22.0328 1996
2011/05/24 08:57:22.0328 1996 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/24 08:57:22.0328 1996 Product type: Workstation
2011/05/24 08:57:22.0328 1996 ComputerName: MIKE-LT
2011/05/24 08:57:22.0328 1996 UserName: mike
2011/05/24 08:57:22.0328 1996 Windows directory: C:\WINDOWS
2011/05/24 08:57:22.0328 1996 System windows directory: C:\WINDOWS
2011/05/24 08:57:22.0328 1996 Processor architecture: Intel x86
2011/05/24 08:57:22.0328 1996 Number of processors: 2
2011/05/24 08:57:22.0328 1996 Page size: 0x1000
2011/05/24 08:57:22.0328 1996 Boot type: Normal boot
2011/05/24 08:57:22.0328 1996 ================================================================================
2011/05/24 08:57:22.0734 1996 Initialize success
2011/05/24 08:57:27.0437 5572 ================================================================================
2011/05/24 08:57:27.0437 5572 Scan started
2011/05/24 08:57:27.0437 5572 Mode: Manual;
2011/05/24 08:57:27.0437 5572 ================================================================================
2011/05/24 08:57:29.0718 5572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/24 08:57:29.0765 5572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/24 08:57:29.0843 5572 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/05/24 08:57:30.0000 5572 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/05/24 08:57:30.0078 5572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/24 08:57:30.0156 5572 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/24 08:57:30.0281 5572 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/05/24 08:57:30.0593 5572 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/24 08:57:30.0687 5572 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/24 08:57:30.0843 5572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/24 08:57:30.0875 5572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/24 08:57:31.0015 5572 ati2mtag (b11e7e282eeb8d144b2f429fa0383c0a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/24 08:57:31.0250 5572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/24 08:57:31.0312 5572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/24 08:57:31.0359 5572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/24 08:57:31.0453 5572 btaudio (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys
2011/05/24 08:57:31.0609 5572 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/05/24 08:57:31.0750 5572 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/05/24 08:57:31.0906 5572 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/05/24 08:57:32.0015 5572 btwmodem (e206ec370646e42dc862fd995869d31d) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/05/24 08:57:32.0078 5572 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/05/24 08:57:32.0218 5572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/24 08:57:32.0328 5572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/24 08:57:32.0437 5572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/24 08:57:32.0468 5572 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/24 08:57:32.0546 5572 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/24 08:57:32.0609 5572 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/24 08:57:32.0750 5572 DAMDrv (5d5984255a4bfaa4262fb750df7cd537) C:\WINDOWS\system32\DRIVERS\DAMDrv.sys
2011/05/24 08:57:32.0796 5572 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/24 08:57:32.0953 5572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/24 08:57:33.0109 5572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/24 08:57:33.0156 5572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/24 08:57:33.0203 5572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/24 08:57:33.0281 5572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/24 08:57:33.0437 5572 DroidCam (6b2217af067d2f4d04fa2ae0ffa7a3aa) C:\WINDOWS\system32\drivers\droidcam.sys
2011/05/24 08:57:33.0531 5572 e1express (ed91f1042071a36f54e7c430e130e4cd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/05/24 08:57:33.0640 5572 ethqoots (b4f210a11fc62a0285063fc785430ac3) C:\WINDOWS\system32\drivers\ethqoots.sys
2011/05/24 08:57:33.0812 5572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/24 08:57:33.0875 5572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/24 08:57:33.0921 5572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/24 08:57:34.0000 5572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/24 08:57:34.0046 5572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/24 08:57:34.0203 5572 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/24 08:57:34.0234 5572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/24 08:57:34.0312 5572 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/24 08:57:34.0375 5572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/24 08:57:34.0468 5572 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/05/24 08:57:34.0593 5572 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/24 08:57:34.0671 5572 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/24 08:57:34.0796 5572 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/05/24 08:57:34.0875 5572 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/24 08:57:35.0062 5572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/24 08:57:35.0140 5572 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
2011/05/24 08:57:35.0187 5572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/24 08:57:35.0406 5572 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/24 08:57:35.0500 5572 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/24 08:57:35.0562 5572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/24 08:57:35.0609 5572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/24 08:57:35.0656 5572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/24 08:57:35.0765 5572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/24 08:57:35.0906 5572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/24 08:57:35.0953 5572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/24 08:57:36.0015 5572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/24 08:57:36.0093 5572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/24 08:57:36.0140 5572 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/24 08:57:36.0250 5572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/24 08:57:36.0328 5572 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/24 08:57:36.0515 5572 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/05/24 08:57:36.0656 5572 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/05/24 08:57:36.0718 5572 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2011/05/24 08:57:36.0859 5572 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/05/24 08:57:36.0890 5572 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/24 08:57:37.0015 5572 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/24 08:57:37.0078 5572 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/24 08:57:37.0234 5572 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
2011/05/24 08:57:37.0500 5572 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys
2011/05/24 08:57:37.0546 5572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/24 08:57:37.0656 5572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/24 08:57:37.0796 5572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/24 08:57:37.0843 5572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/24 08:57:37.0875 5572 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/24 08:57:37.0968 5572 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
2011/05/24 08:57:38.0046 5572 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/24 08:57:38.0203 5572 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/24 08:57:38.0312 5572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/24 08:57:38.0406 5572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/24 08:57:38.0484 5572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/24 08:57:38.0515 5572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/24 08:57:38.0578 5572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/24 08:57:38.0718 5572 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/24 08:57:38.0796 5572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/24 08:57:38.0812 5572 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/24 08:57:38.0859 5572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/24 08:57:38.0921 5572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/24 08:57:39.0000 5572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/24 08:57:39.0093 5572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/24 08:57:39.0125 5572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/24 08:57:39.0250 5572 NETw4x32 (a9574f52e2fd5c1c1b4807a326e0488f) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/05/24 08:57:39.0468 5572 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/24 08:57:39.0515 5572 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/05/24 08:57:39.0578 5572 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/05/24 08:57:39.0625 5572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/24 08:57:39.0812 5572 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/24 08:57:39.0984 5572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/24 08:57:40.0062 5572 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2011/05/24 08:57:40.0093 5572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/24 08:57:40.0125 5572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/24 08:57:40.0171 5572 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
2011/05/24 08:57:40.0234 5572 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
2011/05/24 08:57:40.0390 5572 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
2011/05/24 08:57:40.0421 5572 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
2011/05/24 08:57:40.0484 5572 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/24 08:57:40.0531 5572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/24 08:57:40.0656 5572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/24 08:57:40.0718 5572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/24 08:57:40.0812 5572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/24 08:57:40.0875 5572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/24 08:57:40.0921 5572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/24 08:57:41.0296 5572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/24 08:57:41.0328 5572 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/24 08:57:41.0343 5572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/24 08:57:41.0390 5572 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/24 08:57:41.0609 5572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/24 08:57:41.0656 5572 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/05/24 08:57:41.0734 5572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/24 08:57:41.0781 5572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/24 08:57:41.0890 5572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/24 08:57:41.0921 5572 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/24 08:57:41.0937 5572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/24 08:57:42.0015 5572 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/24 08:57:42.0125 5572 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/24 08:57:42.0234 5572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/24 08:57:42.0312 5572 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
2011/05/24 08:57:42.0515 5572 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/24 08:57:42.0546 5572 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/24 08:57:42.0718 5572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/24 08:57:42.0765 5572 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/24 08:57:42.0812 5572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/24 08:57:42.0875 5572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/24 08:57:42.0984 5572 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/05/24 08:57:43.0109 5572 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
2011/05/24 08:57:43.0312 5572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/24 08:57:43.0421 5572 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/24 08:57:43.0484 5572 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/24 08:57:43.0625 5572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/24 08:57:43.0734 5572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/24 08:57:43.0906 5572 SynTP (6f9cff60129569ec39efc490f4bcde0e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/24 08:57:43.0953 5572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/24 08:57:44.0062 5572 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/24 08:57:44.0171 5572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/24 08:57:44.0203 5572 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/24 08:57:44.0265 5572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/24 08:57:44.0343 5572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/24 08:57:44.0500 5572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/24 08:57:44.0703 5572 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/24 08:57:44.0781 5572 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/24 08:57:44.0828 5572 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/24 08:57:44.0937 5572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/24 08:57:45.0093 5572 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/24 08:57:45.0140 5572 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/24 08:57:45.0218 5572 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/24 08:57:45.0296 5572 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/24 08:57:45.0421 5572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/24 08:57:45.0468 5572 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/24 08:57:45.0500 5572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/24 08:57:45.0562 5572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/24 08:57:45.0671 5572 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/24 08:57:45.0875 5572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/24 08:57:46.0031 5572 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/05/24 08:57:46.0078 5572 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/24 08:57:46.0171 5572 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/24 08:57:46.0328 5572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/24 08:57:46.0390 5572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/24 08:57:46.0484 5572 MBR (0x1B8) (4f02a8d4048a138c450ed7f867eb0144) \Device\Harddisk0\DR0
2011/05/24 08:57:46.0718 5572 ================================================================================
2011/05/24 08:57:46.0718 5572 Scan finished
2011/05/24 08:57:46.0718 5572 ================================================================================
2011/05/24 08:57:46.0765 5776 Detected object count: 0
2011/05/24 08:57:46.0765 5776 Actual detected object count: 0
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP