Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browers (both Firefox & IE)are EXTREMELY slow


  • Please log in to reply

#46
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please post the Malware Bytes log that you referred to from when you ran it earlier this evening.

Thanks,

CompCav
  • 0

Advertisements


#47
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

I am in my office, so I will confirm this when I return home this evening, but, if I remember correctly, I can't find the log.

js
  • 0

#48
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Just open up Malware Bytes. :yes:

Click on the tab Logs

Look for the file mbam-log-2011-10-(the date you ran it).txt

Double click to open the file.

Click Edit> Select All > Copy

Then Paste it into your next post! :)

CompCav

Edited by CompCav, 19 October 2011 - 11:19 AM.

  • 0

#49
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Do not delete any temporary files until we have your desktop restored


Step 1.

Download RogueKiller to your desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 2.

Quit all running programs and run RogueKiller once again.

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.


Step 3.

Delete the old TDSSKiller on your desktop.
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 4.

Run Unhide

Download Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.


Step 5.

OTL Fix


We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    O4 - HKU\S-1-5-21-299502267-115176313-839522115-1004..\Run: [{7FB644AF-C1B3-F973-93FD-BC72DAABCAAC}] "C:\Documents and Settings\Baba\Application Data\Xopix\qoro.exe" File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 2600 = C:\DOCUME~1\ALLUSE~1.WIN\LOCALS~1\Temp\174eff8a.com
    
    
    :files
    C:\Documents and Settings\Baba\Application Data\Xopix
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 6.

Run OTL Scan

  • Please reopen Posted Image on your desktop.
  • Please check Scan All Users
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT

  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 7.

Post:

Both RKreport.txt files
TDSSKiller log
OTL.txt
Extras.txt


Do you have your icons back and your desktop? How is the computer performing??


After posting these logs please do this step:

Panda USB Vaccine

Please download Panda USB Vaccine from here to the Desktop of your machine.

  • Click on USBVaccineSetup.exe >> follow the prompts in the installation wizard.
  • At the configuarion screen(settings)...
  • Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected.
  • Now click on Next >> ensure Launch Panda USB Vaccine is selected >> click on Finish.
  • Attach/insert your USB Drive in your machine...it will be automatically vaccinated.
  • Close Panda USB Vaccine via right-clicking on the Panda USB Vaccine system tray icon and selecting Exit.

  • 0

#50
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

I've completed Steps 1-3, and Step 4 is currently running (It has been running for about 20 minutes - is this normal?).

Tdsskiller found only 3 suspicious threats, so I continued.

Also I don't have a Malwarebytes icon,so I can not get to the window that has the log tab.


js
  • 0

#51
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Yes with the specific rogue you had it hides many files.
  • 0

#52
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hopefully one of these steps will restore your icons and menu items but if not we have at least one more trick up our sleeves that requires a little more manual work to bring them all back.

CompCav
  • 0

#53
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

unhide has been running for almost an hour, is that normal?
  • 0

#54
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
unhide is still running. ALso, twice I received an AVIRA pop-up informing me that AVIRA identified a threat, I clicked on Remove.
  • 0

#55
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
If it is still running go to Task Manager (Ctrl-Alt-Delete)
Cick on the Process tab,
Click on Image Name
Click on unhide.exe
Click End Process
  • 0

Advertisements


#56
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

My desktop icons are back, except now there is also a new one. Its icon resembles the Windows logo and its name is SYSTEM RESTORE.

The tray is back to normal EXCEPT the System Restore icon is in the tray and the icon for My Computer is NO LONGER in the tray.

Clicking on Start brings up what was there before if my memory is correct. However MS OFFICE and Malwarebytes are missing from the Programs window.

Below are the logs. I am not sure if the mbam log is the most recent.

Lastly, I will be home tomorrow and I will be at the computer all day.

js


-------------------------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7926

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/18/2011 8:01:32 PM
mbam-log-2011-10-18 (20-01-31).txt

Scan type: Quick scan
Objects scanned: 349574
Time elapsed: 48 minute(s), 2 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 10
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\documents and settings\all users.window2\application data\akiurosrodonc.exe (Trojan.FakeAlert) -> 1024 -> Unloaded process successfully.
c:\documents and settings\all users.window2\application data\6dss92c31apgjk.exe (Trojan.FakeAlert) -> 1164 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aKIuROsrOdoNC.exe (Trojan.FakeAlert) -> Value: aKIuROsrOdoNC.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users.window2\application data\akiurosrodonc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users.window2\application data\6dss92c31apgjk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Baba\local settings\temp\0.005202558938409041exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


------------------------------

RogueKiller V6.1.3 [10/14/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Luli [Admin rights]
Mode: Remove -- Date : 10/19/2011 18:14:30

Bad processes: 1
[SUSP PATH] mixer.exe -- c:\window2\mixer.exe -> KILLED [TermProc]

Registry Entries: 1
[] HKLM\[...]\Run : () -> ACCESS DENIED

Particular Files / Folders:

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



----------------------------


RogueKiller V6.1.3 [10/14/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Luli [Admin rights]
Mode: Shortcuts HJfix -- Date : 10/19/2011 18:21:50

Bad processes: 0

Driver: [LOADED]

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 0 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\CdRom1 -- 0x5 --> Skipped

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt



----------------------------

18:26:17.0015 1708 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
18:26:17.0375 1708 ============================================================
18:26:17.0375 1708 Current date / time: 2011/10/19 18:26:17.0375
18:26:17.0375 1708 SystemInfo:
18:26:17.0375 1708
18:26:17.0375 1708 OS Version: 5.1.2600 ServicePack: 3.0
18:26:17.0375 1708 Product type: Workstation
18:26:17.0375 1708 ComputerName: JAMES-HOME
18:26:17.0375 1708 UserName: Luli
18:26:17.0375 1708 Windows directory: C:\WINDOW2
18:26:17.0375 1708 System windows directory: C:\WINDOW2
18:26:17.0375 1708 Processor architecture: Intel x86
18:26:17.0375 1708 Number of processors: 1
18:26:17.0375 1708 Page size: 0x1000
18:26:17.0375 1708 Boot type: Normal boot
18:26:17.0375 1708 ============================================================
18:26:19.0562 1708 Initialize success
18:27:06.0906 3568 ============================================================
18:27:06.0906 3568 Scan started
18:27:06.0906 3568 Mode: Manual; SigCheck; TDLFS;
18:27:06.0906 3568 ============================================================
18:27:07.0859 3568 Abiosdsk - ok
18:27:08.0156 3568 abp480n5 - ok
18:27:08.0546 3568 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOW2\system32\DRIVERS\ACPI.sys
18:27:11.0968 3568 ACPI - ok
18:27:12.0359 3568 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOW2\system32\drivers\ACPIEC.sys
18:27:12.0578 3568 ACPIEC - ok
18:27:12.0875 3568 adpu160m - ok
18:27:13.0234 3568 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOW2\system32\drivers\aec.sys
18:27:13.0546 3568 aec - ok
18:27:13.0906 3568 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOW2\System32\drivers\afd.sys
18:27:14.0000 3568 AFD - ok
18:27:14.0343 3568 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOW2\system32\DRIVERS\agp440.sys
18:27:14.0578 3568 agp440 - ok
18:27:14.0875 3568 Aha154x - ok
18:27:15.0156 3568 aic78u2 - ok
18:27:15.0468 3568 aic78xx - ok
18:27:15.0765 3568 AliIde - ok
18:27:16.0062 3568 amsint - ok
18:27:16.0421 3568 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOW2\system32\DRIVERS\arp1394.sys
18:27:16.0656 3568 Arp1394 - ok
18:27:16.0937 3568 asc - ok
18:27:17.0218 3568 asc3350p - ok
18:27:17.0500 3568 asc3550 - ok
18:27:17.0828 3568 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOW2\system32\DRIVERS\asyncmac.sys
18:27:18.0046 3568 AsyncMac - ok
18:27:18.0375 3568 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOW2\system32\DRIVERS\atapi.sys
18:27:18.0625 3568 atapi - ok
18:27:18.0906 3568 Atdisk - ok
18:27:19.0234 3568 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOW2\system32\DRIVERS\atmarpc.sys
18:27:19.0500 3568 Atmarpc - ok
18:27:19.0828 3568 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOW2\system32\DRIVERS\audstub.sys
18:27:20.0031 3568 audstub - ok
18:27:20.0421 3568 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOW2\system32\DRIVERS\avgntflt.sys
18:27:20.0578 3568 avgntflt - ok
18:27:21.0015 3568 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOW2\system32\DRIVERS\avipbb.sys
18:27:21.0062 3568 avipbb - ok
18:27:21.0375 3568 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOW2\system32\DRIVERS\avkmgr.sys
18:27:21.0390 3568 avkmgr - ok
18:27:21.0687 3568 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOW2\system32\drivers\Beep.sys
18:27:21.0937 3568 Beep - ok
18:27:22.0093 3568 catchme - ok
18:27:22.0421 3568 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOW2\system32\drivers\cbidf2k.sys
18:27:22.0703 3568 cbidf2k - ok
18:27:23.0000 3568 cd20xrnt - ok
18:27:23.0296 3568 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOW2\system32\drivers\Cdaudio.sys
18:27:23.0562 3568 Cdaudio - ok
18:27:23.0906 3568 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOW2\system32\drivers\Cdfs.sys
18:27:24.0125 3568 Cdfs - ok
18:27:24.0468 3568 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOW2\system32\DRIVERS\cdrom.sys
18:27:24.0703 3568 Cdrom - ok
18:27:24.0984 3568 Changer - ok
18:27:25.0281 3568 CmdIde - ok
18:27:25.0781 3568 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOW2\system32\drivers\cmaudio.sys
18:27:25.0968 3568 cmpci - ok
18:27:26.0359 3568 Cpqarray - ok
18:27:26.0546 3568 d8a4fef9-85c1-448f-a6f9-2570fb195020 (7f109ab3e0251d73dcb56130bab7826e) C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys
18:27:26.0546 3568 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - warning
18:27:26.0546 3568 d8a4fef9-85c1-448f-a6f9-2570fb195020 - detected UnsignedFile.Multi.Generic (1)
18:27:26.0828 3568 dac2w2k - ok
18:27:27.0125 3568 dac960nt - ok
18:27:27.0453 3568 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOW2\system32\DRIVERS\disk.sys
18:27:27.0671 3568 Disk - ok
18:27:28.0265 3568 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOW2\system32\drivers\dmboot.sys
18:27:28.0968 3568 dmboot - ok
18:27:29.0312 3568 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOW2\system32\drivers\dmio.sys
18:27:29.0609 3568 dmio - ok
18:27:29.0906 3568 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOW2\system32\drivers\dmload.sys
18:27:30.0156 3568 dmload - ok
18:27:30.0515 3568 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOW2\system32\drivers\DMusic.sys
18:27:30.0796 3568 DMusic - ok
18:27:31.0109 3568 dpti2o - ok
18:27:31.0421 3568 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOW2\system32\drivers\drmkaud.sys
18:27:31.0609 3568 drmkaud - ok
18:27:31.0984 3568 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOW2\system32\drivers\Fastfat.sys
18:27:32.0250 3568 Fastfat - ok
18:27:32.0593 3568 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOW2\system32\DRIVERS\fdc.sys
18:27:32.0828 3568 Fdc - ok
18:27:33.0171 3568 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOW2\system32\drivers\Fips.sys
18:27:33.0375 3568 Fips - ok
18:27:33.0734 3568 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOW2\system32\DRIVERS\flpydisk.sys
18:27:33.0953 3568 Flpydisk - ok
18:27:34.0312 3568 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOW2\system32\drivers\fltmgr.sys
18:27:34.0546 3568 FltMgr - ok
18:27:34.0921 3568 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOW2\system32\drivers\Fs_Rec.sys
18:27:35.0156 3568 Fs_Rec - ok
18:27:35.0531 3568 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOW2\system32\DRIVERS\ftdisk.sys
18:27:35.0875 3568 Ftdisk - ok
18:27:36.0171 3568 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOW2\system32\DRIVERS\gameenum.sys
18:27:36.0359 3568 gameenum - ok
18:27:36.0703 3568 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOW2\system32\DRIVERS\msgpc.sys
18:27:36.0906 3568 Gpc - ok
18:27:37.0250 3568 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOW2\system32\DRIVERS\hidusb.sys
18:27:37.0437 3568 HidUsb - ok
18:27:37.0718 3568 hpn - ok
18:27:38.0125 3568 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOW2\system32\Drivers\HTTP.sys
18:27:38.0281 3568 HTTP - ok
18:27:38.0578 3568 i2omgmt - ok
18:27:38.0859 3568 i2omp - ok
18:27:39.0171 3568 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOW2\system32\DRIVERS\i8042prt.sys
18:27:39.0390 3568 i8042prt - ok
18:27:39.0734 3568 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOW2\system32\DRIVERS\imapi.sys
18:27:39.0968 3568 Imapi - ok
18:27:40.0250 3568 ini910u - ok
18:27:40.0625 3568 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOW2\system32\DRIVERS\intelide.sys
18:27:40.0812 3568 IntelIde - ok
18:27:41.0140 3568 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOW2\system32\DRIVERS\intelppm.sys
18:27:41.0328 3568 intelppm - ok
18:27:41.0671 3568 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOW2\system32\drivers\ip6fw.sys
18:27:41.0906 3568 Ip6Fw - ok
18:27:42.0203 3568 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOW2\system32\DRIVERS\ipfltdrv.sys
18:27:42.0468 3568 IpFilterDriver - ok
18:27:42.0843 3568 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOW2\system32\DRIVERS\ipinip.sys
18:27:43.0046 3568 IpInIp - ok
18:27:43.0453 3568 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOW2\system32\DRIVERS\ipnat.sys
18:27:43.0750 3568 IpNat - ok
18:27:44.0078 3568 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOW2\system32\DRIVERS\ipsec.sys
18:27:44.0296 3568 IPSec - ok
18:27:44.0625 3568 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOW2\system32\DRIVERS\irenum.sys
18:27:44.0859 3568 IRENUM - ok
18:27:45.0203 3568 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOW2\system32\DRIVERS\isapnp.sys
18:27:45.0390 3568 isapnp - ok
18:27:45.0703 3568 ivusb - ok
18:27:46.0015 3568 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOW2\system32\DRIVERS\kbdclass.sys
18:27:46.0203 3568 Kbdclass - ok
18:27:46.0562 3568 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOW2\system32\drivers\kmixer.sys
18:27:46.0796 3568 kmixer - ok
18:27:47.0109 3568 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOW2\system32\drivers\KSecDD.sys
18:27:47.0234 3568 KSecDD - ok
18:27:47.0546 3568 lbrtfdc - ok
18:27:47.0859 3568 MBAMSwissArmy - ok
18:27:48.0171 3568 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOW2\system32\drivers\mnmdd.sys
18:27:48.0406 3568 mnmdd - ok
18:27:48.0765 3568 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOW2\system32\drivers\Modem.sys
18:27:48.0968 3568 Modem - ok
18:27:49.0281 3568 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOW2\system32\DRIVERS\mouclass.sys
18:27:49.0484 3568 Mouclass - ok
18:27:49.0796 3568 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOW2\system32\DRIVERS\mouhid.sys
18:27:50.0046 3568 mouhid - ok
18:27:50.0421 3568 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOW2\system32\drivers\MountMgr.sys
18:27:50.0640 3568 MountMgr - ok
18:27:51.0031 3568 mraid35x - ok
18:27:51.0421 3568 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOW2\system32\DRIVERS\mrxdav.sys
18:27:51.0687 3568 MRxDAV - ok
18:27:52.0187 3568 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOW2\system32\DRIVERS\mrxsmb.sys
18:27:52.0500 3568 MRxSmb - ok
18:27:52.0796 3568 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOW2\system32\drivers\Msfs.sys
18:27:53.0015 3568 Msfs - ok
18:27:53.0328 3568 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOW2\system32\drivers\MSKSSRV.sys
18:27:53.0531 3568 MSKSSRV - ok
18:27:53.0937 3568 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOW2\system32\drivers\MSPCLOCK.sys
18:27:54.0140 3568 MSPCLOCK - ok
18:27:54.0468 3568 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOW2\system32\drivers\MSPQM.sys
18:27:54.0671 3568 MSPQM - ok
18:27:55.0000 3568 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOW2\system32\DRIVERS\mssmbios.sys
18:27:55.0187 3568 mssmbios - ok
18:27:55.0531 3568 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOW2\system32\drivers\Mup.sys
18:27:55.0609 3568 Mup - ok
18:27:56.0015 3568 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOW2\system32\drivers\NDIS.sys
18:27:56.0296 3568 NDIS - ok
18:27:56.0671 3568 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOW2\system32\DRIVERS\ndistapi.sys
18:27:56.0875 3568 NdisTapi - ok
18:27:57.0218 3568 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOW2\system32\DRIVERS\ndisuio.sys
18:27:57.0421 3568 Ndisuio - ok
18:27:57.0781 3568 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOW2\system32\DRIVERS\ndiswan.sys
18:27:58.0031 3568 NdisWan - ok
18:27:58.0375 3568 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOW2\system32\drivers\NDProxy.sys
18:27:58.0437 3568 NDProxy - ok
18:27:58.0765 3568 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOW2\system32\DRIVERS\netbios.sys
18:27:59.0000 3568 NetBIOS - ok
18:27:59.0406 3568 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOW2\system32\DRIVERS\netbt.sys
18:27:59.0656 3568 NetBT - ok
18:28:00.0031 3568 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOW2\system32\DRIVERS\nic1394.sys
18:28:00.0234 3568 NIC1394 - ok
18:28:00.0609 3568 NPDriver (65194f525aef541eaa5056eb3d53a25b) C:\WINDOW2\system32\Drivers\NPDRIVER.SYS
18:28:00.0640 3568 NPDriver - ok
18:28:01.0015 3568 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOW2\system32\drivers\Npfs.sys
18:28:01.0203 3568 Npfs - ok
18:28:01.0750 3568 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOW2\system32\drivers\Ntfs.sys
18:28:02.0250 3568 Ntfs - ok
18:28:02.0625 3568 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOW2\system32\drivers\Null.sys
18:28:02.0875 3568 Null - ok
18:28:05.0593 3568 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOW2\system32\DRIVERS\nv4_mini.sys
18:28:10.0390 3568 nv - ok
18:28:10.0781 3568 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOW2\system32\DRIVERS\nwlnkflt.sys
18:28:11.0078 3568 NwlnkFlt - ok
18:28:11.0437 3568 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOW2\system32\DRIVERS\nwlnkfwd.sys
18:28:11.0671 3568 NwlnkFwd - ok
18:28:12.0000 3568 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOW2\system32\DRIVERS\ohci1394.sys
18:28:12.0218 3568 ohci1394 - ok
18:28:12.0546 3568 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOW2\system32\drivers\Parport.sys
18:28:12.0765 3568 Parport - ok
18:28:13.0109 3568 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOW2\system32\drivers\PartMgr.sys
18:28:13.0281 3568 PartMgr - ok
18:28:13.0609 3568 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOW2\system32\drivers\ParVdm.sys
18:28:13.0875 3568 ParVdm - ok
18:28:14.0218 3568 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOW2\system32\DRIVERS\pci.sys
18:28:14.0421 3568 PCI - ok
18:28:14.0703 3568 PCIDump - ok
18:28:15.0000 3568 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOW2\system32\drivers\PCIIde.sys
18:28:15.0250 3568 PCIIde - ok
18:28:15.0609 3568 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOW2\system32\drivers\Pcmcia.sys
18:28:15.0859 3568 Pcmcia - ok
18:28:16.0187 3568 PDCOMP - ok
18:28:16.0468 3568 PDFRAME - ok
18:28:16.0765 3568 PDRELI - ok
18:28:17.0062 3568 PDRFRAME - ok
18:28:17.0343 3568 perc2 - ok
18:28:17.0640 3568 perc2hib - ok
18:28:18.0015 3568 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOW2\system32\DRIVERS\raspptp.sys
18:28:18.0203 3568 PptpMiniport - ok
18:28:18.0531 3568 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOW2\system32\DRIVERS\psched.sys
18:28:18.0781 3568 PSched - ok
18:28:19.0093 3568 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOW2\system32\DRIVERS\ptilink.sys
18:28:19.0312 3568 Ptilink - ok
18:28:19.0593 3568 ql1080 - ok
18:28:19.0890 3568 Ql10wnt - ok
18:28:20.0171 3568 ql12160 - ok
18:28:20.0453 3568 ql1240 - ok
18:28:20.0734 3568 ql1280 - ok
18:28:21.0062 3568 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOW2\system32\DRIVERS\rasacd.sys
18:28:21.0328 3568 RasAcd - ok
18:28:21.0687 3568 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOW2\system32\DRIVERS\rasl2tp.sys
18:28:21.0906 3568 Rasl2tp - ok
18:28:22.0250 3568 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOW2\system32\DRIVERS\raspppoe.sys
18:28:22.0453 3568 RasPppoe - ok
18:28:22.0796 3568 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOW2\system32\DRIVERS\raspti.sys
18:28:23.0015 3568 Raspti - ok
18:28:23.0390 3568 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOW2\system32\DRIVERS\rdbss.sys
18:28:23.0656 3568 Rdbss - ok
18:28:23.0953 3568 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOW2\system32\DRIVERS\RDPCDD.sys
18:28:24.0203 3568 RDPCDD - ok
18:28:24.0593 3568 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOW2\system32\drivers\RDPWD.sys
18:28:24.0875 3568 RDPWD - ok
18:28:25.0218 3568 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOW2\system32\DRIVERS\redbook.sys
18:28:25.0421 3568 redbook - ok
18:28:25.0796 3568 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOW2\system32\DRIVERS\RTL8139.SYS
18:28:26.0000 3568 rtl8139 - ok
18:28:26.0421 3568 SDdriver (11b5e1da4566a68a881a7d73222f4c78) C:\WINDOW2\system32\Drivers\sddriver.sys
18:28:26.0484 3568 SDdriver - ok
18:28:26.0796 3568 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOW2\system32\DRIVERS\secdrv.sys
18:28:27.0031 3568 Secdrv - ok
18:28:27.0359 3568 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOW2\system32\drivers\Serial.sys
18:28:27.0578 3568 Serial - ok
18:28:27.0921 3568 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOW2\system32\drivers\Sfloppy.sys
18:28:28.0109 3568 Sfloppy - ok
18:28:28.0421 3568 Simbad - ok
18:28:28.0718 3568 Sparrow - ok
18:28:29.0093 3568 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOW2\system32\drivers\splitter.sys
18:28:29.0265 3568 splitter - ok
18:28:29.0609 3568 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOW2\system32\DRIVERS\sr.sys
18:28:29.0812 3568 sr - ok
18:28:30.0375 3568 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOW2\system32\DRIVERS\srv.sys
18:28:30.0640 3568 Srv - ok
18:28:30.0968 3568 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOW2\system32\DRIVERS\ssmdrv.sys
18:28:30.0984 3568 ssmdrv - ok
18:28:31.0281 3568 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOW2\system32\DRIVERS\swenum.sys
18:28:31.0515 3568 swenum - ok
18:28:31.0828 3568 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOW2\system32\drivers\swmidi.sys
18:28:32.0046 3568 swmidi - ok
18:28:32.0343 3568 symc810 - ok
18:28:32.0625 3568 symc8xx - ok
18:28:33.0000 3568 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOW2\system32\Drivers\SYMEVENT.SYS
18:28:33.0062 3568 SymEvent - ok
18:28:33.0343 3568 sym_hi - ok
18:28:33.0625 3568 sym_u3 - ok
18:28:33.0984 3568 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOW2\system32\drivers\sysaudio.sys
18:28:34.0203 3568 sysaudio - ok
18:28:34.0687 3568 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOW2\system32\DRIVERS\tcpip.sys
18:28:35.0031 3568 Tcpip - ok
18:28:35.0343 3568 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOW2\system32\drivers\TDPIPE.sys
18:28:35.0546 3568 TDPIPE - ok
18:28:35.0890 3568 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOW2\system32\drivers\TDTCP.sys
18:28:36.0125 3568 TDTCP - ok
18:28:36.0500 3568 TermDD (88155247177638048422893737429d9e) C:\WINDOW2\system32\DRIVERS\termdd.sys
18:28:36.0687 3568 TermDD - ok
18:28:37.0062 3568 TosIde - ok
18:28:37.0421 3568 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\window2\system32\drivers\TrueSight.sys
18:28:37.0453 3568 TrueSight ( UnsignedFile.Multi.Generic ) - warning
18:28:37.0453 3568 TrueSight - detected UnsignedFile.Multi.Generic (1)
18:28:37.0812 3568 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOW2\system32\drivers\Udfs.sys
18:28:38.0062 3568 Udfs - ok
18:28:38.0359 3568 ultra - ok
18:28:38.0828 3568 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOW2\system32\DRIVERS\update.sys
18:28:39.0250 3568 Update - ok
18:28:39.0593 3568 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOW2\system32\DRIVERS\usbehci.sys
18:28:39.0796 3568 usbehci - ok
18:28:40.0140 3568 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOW2\system32\DRIVERS\usbhub.sys
18:28:40.0359 3568 usbhub - ok
18:28:40.0687 3568 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOW2\system32\DRIVERS\usbprint.sys
18:28:40.0890 3568 usbprint - ok
18:28:41.0203 3568 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOW2\system32\DRIVERS\usbscan.sys
18:28:41.0390 3568 usbscan - ok
18:28:41.0765 3568 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOW2\system32\DRIVERS\USBSTOR.SYS
18:28:41.0968 3568 USBSTOR - ok
18:28:42.0296 3568 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOW2\system32\DRIVERS\usbuhci.sys
18:28:42.0484 3568 usbuhci - ok
18:28:42.0812 3568 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOW2\System32\drivers\vga.sys
18:28:43.0000 3568 VgaSave - ok
18:28:43.0281 3568 ViaIde - ok
18:28:43.0609 3568 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOW2\system32\drivers\VolSnap.sys
18:28:43.0812 3568 VolSnap - ok
18:28:44.0234 3568 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOW2\system32\DRIVERS\wanarp.sys
18:28:44.0421 3568 Wanarp - ok
18:28:44.0734 3568 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOW2\system32\DRIVERS\wdcsam.sys
18:28:44.0796 3568 WDC_SAM - ok
18:28:45.0109 3568 WDICA - ok
18:28:45.0500 3568 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOW2\system32\drivers\wdmaud.sys
18:28:45.0750 3568 wdmaud - ok
18:28:46.0156 3568 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOW2\System32\drivers\ws2ifsl.sys
18:28:46.0390 3568 WS2IFSL - ok
18:28:46.0765 3568 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOW2\system32\DRIVERS\WudfPf.sys
18:28:46.0859 3568 WudfPf - ok
18:28:47.0250 3568 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOW2\system32\DRIVERS\wudfrd.sys
18:28:47.0312 3568 WudfRd - ok
18:28:47.0390 3568 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:28:47.0781 3568 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:28:47.0781 3568 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:28:47.0796 3568 Boot (0x1200) (fc650981a1f3f179c87399ce78457b07) \Device\Harddisk0\DR0\Partition0
18:28:47.0796 3568 \Device\Harddisk0\DR0\Partition0 - ok
18:28:47.0812 3568 ============================================================
18:28:47.0812 3568 Scan finished
18:28:47.0812 3568 ============================================================
18:28:47.0937 2984 Detected object count: 3
18:28:47.0937 2984 Actual detected object count: 3
18:31:43.0281 2984 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - skipped by user
18:31:43.0281 2984 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:31:43.0281 2984 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
18:31:43.0281 2984 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:31:43.0296 2984 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:31:43.0296 2984 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:32:17.0281 1448 Deinitialize success



-------------------------


OTL logfile created on: 10/20/2011 1:05:28 AM - Run 10
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Baba\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 52.29% Memory free
2.11 Gb Paging File | 1.49 Gb Available in Paging File | 70.62% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 16.48 Gb Free Space | 22.11% Space Free | Partition Type: NTFS

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/06 02:32:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Baba\Desktop\OTL.exe
PRC - [2011/10/05 10:24:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/05 10:24:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/05 10:24:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/05 10:24:15 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/10/05 10:24:14 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/05 10:24:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/05 10:24:13 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOW2\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/05/08 08:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2002/10/15 14:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOW2\mixer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/05 10:24:28 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/02 18:35:30 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/28 10:40:36 | 006,277,280 | ---- | M] () -- C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/02 02:42:23 | 000,998,400 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
MOD - [2011/07/02 02:33:33 | 017,403,904 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll
MOD - [2011/07/02 02:00:06 | 000,141,312 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll
MOD - [2011/07/02 02:00:04 | 000,212,992 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/07/02 01:57:03 | 000,771,584 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
MOD - [2011/07/02 01:56:50 | 000,627,712 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll
MOD - [2011/07/02 01:56:39 | 000,627,200 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
MOD - [2011/07/02 01:56:26 | 006,616,576 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
MOD - [2011/07/02 01:51:26 | 000,015,872 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
MOD - [2011/07/02 01:49:56 | 005,450,752 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
MOD - [2011/07/02 01:49:45 | 000,971,264 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
MOD - [2011/07/02 01:49:36 | 007,950,848 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/07/02 01:49:17 | 011,490,816 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/07/02 01:46:46 | 002,933,248 | ---- | M] () -- C:\WINDOW2\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/07/02 01:46:24 | 000,261,632 | ---- | M] () -- C:\WINDOW2\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010/11/08 14:16:50 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2009/04/23 22:55:14 | 000,176,235 | ---- | M] () -- C:\WINDOW2\system32\Primomonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/05 10:24:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/05 10:24:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/05 10:24:15 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/10/05 10:24:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2008/08/01 11:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 11:31:01 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/01/29 19:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/10/19 18:22:43 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOW2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/13 23:57:18 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys -- (d8a4fef9-85c1-448f-a6f9-2570fb195020)
DRV - [2009/08/18 22:36:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/09/25 17:53:36 | 000,095,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2008/09/25 17:53:14 | 000,087,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/11/18 11:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOW2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 18:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 23:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 23:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Baba\Application Data\Move Networks [2009/12/02 02:06:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Components: C:\Netscape 6\Components
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Plugins: C:\Netscape 6\Plugins

[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions
[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/07 23:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions
[2010/06/25 22:04:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/28 23:57:29 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\searchplugins\imdb.xml
[2011/03/23 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 12:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/24 12:46:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/02 18:35:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 19:36:22 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/06/24 12:46:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 07:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 09:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/20 00:10:22 | 000,000,098 | ---- | M]) - C:\WINDOW2\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOW2\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOW2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOW2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOW2\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ US DOT VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKU\S-1-5-21-299502267-115176313-839522115-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sra.dot.gov/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17B7A976-DB18-48C7-AD20-F583F7824731}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOW2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOW2\system32\userinit.exe) -C:\WINDOW2\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOW2\doody1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOW2\doody1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 17:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/02 07:48:02 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-115176313-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-299502267-115176313-839522115-1004\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/18 19:55:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Baba\Recent
[2011/10/18 17:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\System Restore
[2011/10/17 15:40:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/17 15:33:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWREG.exe
[2011/10/17 15:33:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWSC.exe
[2011/10/17 15:33:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWXCACLS.exe
[2011/10/17 15:33:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOW2\NIRCMD.exe
[2011/10/17 15:32:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/17 15:32:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/17 15:32:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\Administrative Tools
[2011/10/17 15:31:32 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/10/16 09:54:23 | 000,000,000 | ---D | C] -- C:\Danae Saklas
[2011/10/16 09:54:06 | 000,000,000 | ---D | C] -- C:\Danae
[2011/10/13 18:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Puran Defrag
[2011/10/13 18:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/10/12 23:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Avira
[2011/10/12 23:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Avira
[2011/10/12 23:01:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\ssmdrv.sys
[2011/10/12 23:01:08 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avipbb.sys
[2011/10/12 23:01:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avkmgr.sys
[2011/10/12 23:01:07 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avgntflt.sys
[2011/10/12 22:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/12 01:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/07 23:30:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/07 23:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Desktop\GooredFix Backups
[2011/10/07 23:12:10 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Baba\Desktop\tdsskiller.exe
[2011/10/07 23:10:42 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Baba\Desktop\GooredFix.exe
[2011/10/06 09:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Local Settings
[2011/10/06 02:32:39 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Baba\Desktop\OTL.exe
[2011/10/01 12:23:41 | 000,000,000 | ---D | C] -- C:\Computer

========== Files - Modified Within 30 Days ==========

[2011/10/20 00:10:22 | 000,000,098 | ---- | M] () -- C:\WINDOW2\System32\drivers\etc\Hosts
[2011/10/20 00:03:30 | 000,186,097 | ---- | M] () -- C:\WINDOW2\System32\nvapps.xml
[2011/10/20 00:03:12 | 000,013,646 | ---- | M] () -- C:\WINDOW2\System32\wpa.dbl
[2011/10/20 00:02:23 | 000,002,048 | --S- | M] () -- C:\WINDOW2\bootstat.dat
[2011/10/20 00:02:21 | 1610,145,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/19 18:22:43 | 000,111,872 | ---- | M] () -- C:\WINDOW2\System32\drivers\TrueSight.sys
[2011/10/18 17:56:10 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\~6DSS92c31Apgjk
[2011/10/18 17:56:10 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\~6DSS92c31Apgjkr
[2011/10/18 17:47:09 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/18 17:47:09 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\Baba\Desktop\System Restore.lnk
[2011/10/18 17:46:56 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\6DSS92c31Apgjk
[2011/10/17 15:41:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/15 12:32:20 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/15 11:03:44 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2011/10/12 23:02:29 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/11 21:35:54 | 000,000,226 | ---- | M] () -- C:\WINDOW2\Prestopm.INI
[2011/10/07 23:15:06 | 000,004,730 | ---- | M] () -- C:\Documents and Settings\Baba\Desktop\Document.rtf
[2011/10/07 23:11:19 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Baba\Desktop\tdsskiller.exe
[2011/10/07 23:07:54 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Baba\Desktop\GooredFix.exe
[2011/10/07 22:48:59 | 001,045,398 | ---- | M] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:45:59 | 001,045,466 | ---- | M] () -- C:\WINDOW2\dietrich2.bmp
[2011/10/07 22:42:35 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:13 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:53 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody1.bmp
[2011/10/06 02:32:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Baba\Desktop\OTL.exe
[2011/10/01 09:00:55 | 000,000,290 | ---- | M] () -- C:\WINDOW2\tasks\Norton SystemWorks One Button Checkup.job
[2011/09/28 11:30:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOW2\System32\FlashPlayerCPLApp.cpl
[2011/09/25 23:47:41 | 001,045,386 | ---- | M] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:50 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dickinson2.bmp
[2011/09/25 23:40:59 | 001,045,546 | ---- | M] () -- C:\WINDOW2\dickinson1.bmp
[2011/09/25 23:36:24 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel2.bmp
[2011/09/25 23:35:40 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel1.bmp

========== Files Created - No Company Name ==========

[2011/10/19 23:48:07 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/19 23:48:07 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Norton SystemWorks.lnk
[2011/10/19 23:48:06 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/19 23:48:06 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyula's Commander.lnk
[2011/10/19 23:48:06 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/19 23:48:06 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Thunderbird.lnk
[2011/10/19 23:48:06 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/19 23:48:06 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/10/19 23:48:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/10/19 23:48:04 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/10/19 23:47:57 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/19 23:47:57 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\MSN.lnk
[2011/10/19 23:47:57 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Apple Software Update.lnk
[2011/10/19 23:47:57 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Photoshop Elements 2.0.lnk
[2011/10/19 23:47:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/19 23:47:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Windows Movie Maker.lnk
[2011/10/19 23:47:57 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Windows Messenger.lnk
[2011/10/18 21:57:08 | 000,111,872 | ---- | C] () -- C:\WINDOW2\System32\drivers\TrueSight.sys
[2011/10/18 17:54:28 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/18 17:47:09 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\Baba\Desktop\System Restore.lnk
[2011/10/18 17:47:08 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\~6DSS92c31Apgjk
[2011/10/18 17:47:08 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\~6DSS92c31Apgjkr
[2011/10/18 17:46:56 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\6DSS92c31Apgjk
[2011/10/17 15:41:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/17 15:40:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/17 15:33:15 | 000,256,000 | ---- | C] () -- C:\WINDOW2\PEV.exe
[2011/10/17 15:33:15 | 000,208,896 | ---- | C] () -- C:\WINDOW2\MBR.exe
[2011/10/17 15:33:15 | 000,098,816 | ---- | C] () -- C:\WINDOW2\sed.exe
[2011/10/17 15:33:15 | 000,080,412 | ---- | C] () -- C:\WINDOW2\grep.exe
[2011/10/17 15:33:15 | 000,068,096 | ---- | C] () -- C:\WINDOW2\zip.exe
[2011/10/07 23:15:06 | 000,004,730 | ---- | C] () -- C:\Documents and Settings\Baba\Desktop\Document.rtf
[2011/10/07 22:48:57 | 001,045,398 | ---- | C] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:42:32 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:11 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:50 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody1.bmp
[2011/10/02 00:06:09 | 000,302,592 | ---- | C] () -- C:\gmer.exe
[2011/09/25 23:47:39 | 001,045,386 | ---- | C] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:48 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dickinson2.bmp
[2010/10/05 19:15:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/13 19:01:29 | 000,000,066 | ---- | C] () -- C:\WINDOW2\GDINST.INI
[2009/10/01 23:33:34 | 000,000,226 | ---- | C] () -- C:\WINDOW2\Prestopm.INI
[2009/10/01 23:32:22 | 000,036,291 | ---- | C] () -- C:\WINDOW2\CSTBox.INI
[2009/08/20 00:28:34 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PrimoPDFSet.xml
[2009/08/19 23:45:06 | 000,176,235 | ---- | C] () -- C:\WINDOW2\System32\Primomonnt.dll
[2009/08/13 18:23:41 | 000,075,776 | ---- | C] () -- C:\WINDOW2\cadkasdeinst01e.exe
[2009/07/14 04:35:33 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 03:17:34 | 000,000,235 | ---- | C] () -- C:\WINDOW2\EXCEL4.INI
[2009/07/11 15:13:24 | 000,022,480 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI16.DLL
[2009/07/11 15:13:24 | 000,020,992 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI32.DLL
[2009/07/10 21:26:01 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JPR.{PB
[2009/07/10 21:26:01 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JCM.{PB
[2009/07/09 21:54:40 | 000,000,532 | ---- | C] () -- C:\WINDOW2\MAXLINK.INI
[2009/07/09 21:52:13 | 000,000,105 | ---- | C] () -- C:\WINDOW2\UMXADDIN.INI
[2009/07/09 21:52:12 | 000,040,960 | ---- | C] () -- C:\WINDOW2\System32\IPPCPUID.DLL
[2009/07/09 21:51:55 | 000,011,776 | ---- | C] () -- C:\WINDOW2\System32\pmsbfn32.dll
[2009/07/09 21:50:49 | 000,000,074 | ---- | C] () -- C:\WINDOW2\PMINI.ini
[2009/07/09 11:50:10 | 000,046,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\LuUninstall.LiveUpdate
[2009/07/08 01:14:23 | 000,024,501 | ---- | C] () -- C:\WINDOW2\mozver.dat
[2009/07/06 21:13:13 | 000,000,376 | ---- | C] () -- C:\WINDOW2\ODBC.INI
[2009/07/06 19:05:29 | 000,000,335 | ---- | C] () -- C:\WINDOW2\nsreg.dat
[2009/07/06 19:03:10 | 000,000,025 | ---- | C] () -- C:\WINDOW2\mixerdef.ini
[2009/07/06 18:56:15 | 000,002,048 | --S- | C] () -- C:\WINDOW2\bootstat.dat
[2009/07/06 18:43:58 | 000,021,640 | ---- | C] () -- C:\WINDOW2\System32\emptyregdb.dat
[2009/07/06 11:30:20 | 000,004,161 | ---- | C] () -- C:\WINDOW2\ODBCINST.INI
[2009/07/06 11:27:26 | 000,929,280 | ---- | C] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2009/07/06 10:34:13 | 000,039,104 | ---- | C] () -- C:\WINDOW2\cmijack.dat
[2009/07/06 10:34:13 | 000,022,178 | ---- | C] () -- C:\WINDOW2\cmaudio.dat
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOW2\primopdf.ini
[2008/05/16 17:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOW2\System32\nvwdmcpl.dll
[2008/05/16 17:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOW2\System32\nwiz.exe
[2008/05/16 17:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOW2\System32\nview.dll
[2008/05/16 17:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOW2\System32\nvdspsch.exe
[2008/05/16 17:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOW2\System32\nvwimg.dll
[2008/05/16 17:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOW2\System32\nvshell.dll
[2008/05/16 17:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOW2\System32\nvappbar.exe
[2008/05/16 17:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOW2\System32\keystone.exe
[2008/05/16 17:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOW2\System32\nvnt4cpl.dll
[2006/11/01 08:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOW2\System32\xvidvfw.dll
[2006/11/01 08:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOW2\System32\xvidcore.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOW2\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOW2\System32\mlang.dat
[2006/02/28 08:00:00 | 000,432,622 | ---- | C] () -- C:\WINDOW2\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOW2\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOW2\System32\dssec.dat
[2006/02/28 08:00:00 | 000,067,578 | ---- | C] () -- C:\WINDOW2\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOW2\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOW2\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOW2\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOW2\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOW2\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOW2\System32\noise.dat
[2004/10/26 18:39:04 | 003,375,104 | ---- | C] () -- C:\WINDOW2\System32\qt-mt331.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/09/19 19:07:48 | 000,045,568 | ---- | M] (Atribune.org) -- C:\ATF-Cleaner.exe
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\gmer.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\ServicePackFiles\i386\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOW2\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOW2\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOW2\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOW2\system32\svchost.exe
[2006/02/28 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOW2\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOW2\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOW2\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >




------------------------------------------


OTL Extras logfile created on: 10/20/2011 1:05:28 AM - Run 10
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Baba\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 52.29% Memory free
2.11 Gb Paging File | 1.49 Gb Available in Paging File | 70.62% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 16.48 Gb Free Space | 22.11% Space Free | Partition Type: NTFS

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07CEC3B0-83D0-422A-BE6D-63633C5063BB}" = TurboCAD Symbols
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EEF331B-6AC8-471A-84AE-6A9ED940EDC2}" = TurboCAD Deluxe v11.2
"{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39468292-5D68-4E93-9E09-5D9D5CA00E7A}" = FileOpen Client Installer
"{444B6A7B-0E26-4416-A43F-D1C9AAE6075D}" = Canon CanoScan Toolbox 4.8
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50CD421F-CAFD-46C4-BEFD-E1C46FE63062}" = Manual CanoScan 8400F
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.11
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6C9736CA-121C-427E-A2AC-E2125B0D362D}" = 1st Pricing
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7EFB99A8-465B-4B2F-B97F-F9C687449081}" = WinBASIC 2.0
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{DC5F786F-0733-46AC-8160-972A6906A872}" = WD SmartWare
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FL 2001 Registration" = FL 2001 Registration
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreeZip" = FreeZip
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Java Web Start" = Java Web Start
"jZip" = jZip
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PCI Audio Driver" = PCI Audio Driver
"PDF Editor 2" = PDF Editor 2
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PrimoPDF3.1" = PrimoPDF
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Quicken Family Lawyer 2001" = Quicken Family Lawyer 2001
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"SymSetup.{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks (Symantec Corporation)
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"VisualFortran60" = Visual Fortran 6.6.a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Codec Pack" = X Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/5/2011 7:56:37 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/7/2011 11:24:35 PM | Computer Name = JAMES-HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The process cannot access the file because it is being used by another
process.

Error - 10/15/2011 3:46:42 PM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 10/16/2011 10:53:45 PM | Computer Name = JAMES-HOME | Source = ESENT | ID = 490
Description = svchost (5756) An attempt to open the file "C:\WINDOW2\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/17/2011 4:03:43 PM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d1c0.

Error - 10/18/2011 8:44:03 PM | Computer Name = JAMES-HOME | Source = ESENT | ID = 490
Description = svchost (940) An attempt to open the file "C:\WINDOW2\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/18/2011 10:25:04 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application OTL(1).exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/18/2011 11:15:18 PM | Computer Name = JAMES-HOME | Source = ESENT | ID = 485
Description = HelpSvc (1296) An attempt to delete the file "C:\WINDOW2\PCHealth\HelpCtr\Config\CheckPoint\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 10/18/2011 11:15:18 PM | Computer Name = JAMES-HOME | Source = ESENT | ID = 485
Description = HelpSvc (3084) An attempt to delete the file "C:\WINDOW2\PCHealth\HelpCtr\Config\CheckPoint\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 10/19/2011 6:26:00 PM | Computer Name = JAMES-HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The process cannot access the file because it is being used by another
process.

[ System Events ]
Error - 10/19/2011 11:16:51 PM | Computer Name = JAMES-HOME | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 10/19/2011 11:17:01 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 10/19/2011 11:19:05 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 10/19/2011 11:19:05 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 10/19/2011 11:19:06 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 10/20/2011 12:03:33 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 10/20/2011 12:03:39 AM | Computer Name = JAMES-HOME | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 10/20/2011 12:06:01 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 10/20/2011 12:06:01 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 10/20/2011 12:06:01 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >
  • 0

#57
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Download RogueKiller to your desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 2.

Delete the old TDSSKiller on your desktop.
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3.


OTL Fix


We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    [2011/10/18 17:54:28 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/10/18 17:47:09 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\Baba\Desktop\System Restore.lnk
    [2011/10/18 17:47:08 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\~6DSS92c31Apgjk
    [2011/10/18 17:47:08 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\~6DSS92c31Apgjkr
    [2011/10/18 17:46:56 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\6DSS92c31Apgjk
    
    :files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 4.

Delete your current copy of ComboFix.
Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now



Step 5.

Run OTL Scan

  • Please reopen Posted Image on your desktop.
  • Please check Scan All Users
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT

  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 6.

Post:

RKreport.txt
TDSSKiller log
ComboFix Log
OTL.txt
Extras.txt


How is the computer performing??
  • 0

#58
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

In terms of speed, I think the computer is now pretty much as it was before this infection. Some things are still odd.

The Restore Icon is now gone from the desktop and tray. The tray has everything it had before except for one oddity - the icon for My Computer is not the usual one (a monitor and PC), rather it looks a little like a Folder.

Clicking on Start brings up all that I had on the Start Menu. Clicking on Programs brings up everything (as best as I can tell) that was there before, but the System Restore icon is now there and it did not exist before the infection and although it uses the MS Window logo (the window with the four colored panes) I still think it is bogus.

Also a strange thing happens when I try to load MS Word. A window titled "File Conversion-~$eanConvert. The window indicates that the Text encoding it "other" and the min--window highlights "Japanese (Shift-JIS)" Choosing Windows (Default)causes the mini window to show Western European and hitting OK brings up a small window titled, "Microsoft Office Word" and inside the window it says, "The add-in template is not valid. (C:\...\START-UP\~$eanConvert.dot). Clicking on OK makes the Window go away and all is OK.

WordPerfect, my FORTRAN compiler, Paradox, and all other programs I tested all work normally. Excel opens up just fine. It seems the only problem is with Word. SInce after a few hits it is also normal, and since I normally use WordPerfect (much superior to Word), I can live with this.

During the ComboFix run, it was paused by Avguard.exe, even though I disabled the AVIRA Real Time, Mail and Web Protection. I would just put my mouse back on the Blue ComboFIx window and it would continue running. IT ran until completion (I thinkg 49 stages).

Below are the logs.


-------------------


RogueKiller V6.1.3 [10/14/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Baba [Admin rights]
Mode: Remove -- Date : 10/20/2011 16:45:59

Bad processes: 1
[SUSP PATH] mixer.exe -- c:\window2\mixer.exe -> KILLED [TermProc]

Registry Entries: 0

Particular Files / Folders:

Driver: [LOADED]

HOSTS File:
˙ž1

Finished : << RKreport[1].txt >>
RKreport[1].txt



-------------------------


16:50:03.0296 1556 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
16:50:03.0703 1556 ============================================================
16:50:03.0703 1556 Current date / time: 2011/10/20 16:50:03.0703
16:50:03.0703 1556 SystemInfo:
16:50:03.0703 1556
16:50:03.0703 1556 OS Version: 5.1.2600 ServicePack: 3.0
16:50:03.0703 1556 Product type: Workstation
16:50:03.0703 1556 ComputerName: JAMES-HOME
16:50:03.0703 1556 UserName: Baba
16:50:03.0703 1556 Windows directory: C:\WINDOW2
16:50:03.0703 1556 System windows directory: C:\WINDOW2
16:50:03.0703 1556 Processor architecture: Intel x86
16:50:03.0703 1556 Number of processors: 1
16:50:03.0703 1556 Page size: 0x1000
16:50:03.0703 1556 Boot type: Normal boot
16:50:03.0703 1556 ============================================================
16:50:05.0765 1556 Initialize success
16:50:38.0593 3288 ============================================================
16:50:38.0593 3288 Scan started
16:50:38.0593 3288 Mode: Manual; SigCheck; TDLFS;
16:50:38.0593 3288 ============================================================
16:50:39.0906 3288 Abiosdsk - ok
16:50:40.0218 3288 abp480n5 - ok
16:50:40.0625 3288 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOW2\system32\DRIVERS\ACPI.sys
16:50:44.0203 3288 ACPI - ok
16:50:44.0593 3288 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOW2\system32\drivers\ACPIEC.sys
16:50:44.0812 3288 ACPIEC - ok
16:50:45.0109 3288 adpu160m - ok
16:50:45.0500 3288 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOW2\system32\drivers\aec.sys
16:50:45.0781 3288 aec - ok
16:50:46.0187 3288 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOW2\System32\drivers\afd.sys
16:50:46.0328 3288 AFD - ok
16:50:46.0671 3288 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOW2\system32\DRIVERS\agp440.sys
16:50:46.0921 3288 agp440 - ok
16:50:47.0203 3288 Aha154x - ok
16:50:47.0515 3288 aic78u2 - ok
16:50:47.0812 3288 aic78xx - ok
16:50:48.0140 3288 AliIde - ok
16:50:48.0453 3288 amsint - ok
16:50:48.0843 3288 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOW2\system32\DRIVERS\arp1394.sys
16:50:49.0093 3288 Arp1394 - ok
16:50:49.0406 3288 asc - ok
16:50:49.0703 3288 asc3350p - ok
16:50:50.0000 3288 asc3550 - ok
16:50:50.0359 3288 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOW2\system32\DRIVERS\asyncmac.sys
16:50:50.0578 3288 AsyncMac - ok
16:50:50.0921 3288 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOW2\system32\DRIVERS\atapi.sys
16:50:51.0171 3288 atapi - ok
16:50:51.0468 3288 Atdisk - ok
16:50:51.0812 3288 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOW2\system32\DRIVERS\atmarpc.sys
16:50:52.0046 3288 Atmarpc - ok
16:50:52.0375 3288 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOW2\system32\DRIVERS\audstub.sys
16:50:52.0609 3288 audstub - ok
16:50:52.0984 3288 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOW2\system32\DRIVERS\avgntflt.sys
16:50:53.0734 3288 avgntflt - ok
16:50:54.0171 3288 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOW2\system32\DRIVERS\avipbb.sys
16:50:54.0250 3288 avipbb - ok
16:50:54.0593 3288 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOW2\system32\DRIVERS\avkmgr.sys
16:50:54.0609 3288 avkmgr - ok
16:50:54.0953 3288 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOW2\system32\drivers\Beep.sys
16:50:55.0218 3288 Beep - ok
16:50:55.0375 3288 catchme - ok
16:50:55.0703 3288 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOW2\system32\drivers\cbidf2k.sys
16:50:55.0968 3288 cbidf2k - ok
16:50:56.0296 3288 cd20xrnt - ok
16:50:56.0640 3288 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOW2\system32\drivers\Cdaudio.sys
16:50:56.0890 3288 Cdaudio - ok
16:50:57.0250 3288 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOW2\system32\drivers\Cdfs.sys
16:50:57.0484 3288 Cdfs - ok
16:50:57.0843 3288 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOW2\system32\DRIVERS\cdrom.sys
16:50:58.0062 3288 Cdrom - ok
16:50:58.0359 3288 Changer - ok
16:50:58.0687 3288 CmdIde - ok
16:50:59.0156 3288 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOW2\system32\drivers\cmaudio.sys
16:50:59.0484 3288 cmpci - ok
16:50:59.0875 3288 Cpqarray - ok
16:51:00.0062 3288 d8a4fef9-85c1-448f-a6f9-2570fb195020 (7f109ab3e0251d73dcb56130bab7826e) C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys
16:51:00.0062 3288 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - warning
16:51:00.0062 3288 d8a4fef9-85c1-448f-a6f9-2570fb195020 - detected UnsignedFile.Multi.Generic (1)
16:51:00.0421 3288 dac2w2k - ok
16:51:00.0718 3288 dac960nt - ok
16:51:01.0046 3288 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOW2\system32\DRIVERS\disk.sys
16:51:01.0359 3288 Disk - ok
16:51:01.0984 3288 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOW2\system32\drivers\dmboot.sys
16:51:02.0718 3288 dmboot - ok
16:51:03.0093 3288 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOW2\system32\drivers\dmio.sys
16:51:03.0421 3288 dmio - ok
16:51:03.0734 3288 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOW2\system32\drivers\dmload.sys
16:51:03.0984 3288 dmload - ok
16:51:04.0375 3288 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOW2\system32\drivers\DMusic.sys
16:51:04.0609 3288 DMusic - ok
16:51:04.0906 3288 dpti2o - ok
16:51:05.0250 3288 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOW2\system32\drivers\drmkaud.sys
16:51:05.0484 3288 drmkaud - ok
16:51:05.0921 3288 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOW2\system32\drivers\Fastfat.sys
16:51:06.0171 3288 Fastfat - ok
16:51:06.0562 3288 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOW2\system32\DRIVERS\fdc.sys
16:51:06.0781 3288 Fdc - ok
16:51:07.0187 3288 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOW2\system32\drivers\Fips.sys
16:51:07.0421 3288 Fips - ok
16:51:07.0734 3288 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOW2\system32\DRIVERS\flpydisk.sys
16:51:07.0953 3288 Flpydisk - ok
16:51:08.0343 3288 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOW2\system32\drivers\fltmgr.sys
16:51:08.0578 3288 FltMgr - ok
16:51:08.0906 3288 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOW2\system32\drivers\Fs_Rec.sys
16:51:09.0140 3288 Fs_Rec - ok
16:51:09.0500 3288 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOW2\system32\DRIVERS\ftdisk.sys
16:51:09.0765 3288 Ftdisk - ok
16:51:10.0093 3288 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOW2\system32\DRIVERS\gameenum.sys
16:51:10.0296 3288 gameenum - ok
16:51:10.0640 3288 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOW2\system32\DRIVERS\msgpc.sys
16:51:10.0843 3288 Gpc - ok
16:51:11.0171 3288 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOW2\system32\DRIVERS\hidusb.sys
16:51:11.0375 3288 HidUsb - ok
16:51:11.0703 3288 hpn - ok
16:51:12.0125 3288 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOW2\system32\Drivers\HTTP.sys
16:51:12.0343 3288 HTTP - ok
16:51:12.0640 3288 i2omgmt - ok
16:51:12.0937 3288 i2omp - ok
16:51:13.0250 3288 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOW2\system32\DRIVERS\i8042prt.sys
16:51:13.0515 3288 i8042prt - ok
16:51:13.0890 3288 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOW2\system32\DRIVERS\imapi.sys
16:51:14.0109 3288 Imapi - ok
16:51:14.0437 3288 ini910u - ok
16:51:14.0765 3288 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOW2\system32\DRIVERS\intelide.sys
16:51:14.0968 3288 IntelIde - ok
16:51:15.0375 3288 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOW2\system32\DRIVERS\intelppm.sys
16:51:15.0562 3288 intelppm - ok
16:51:15.0890 3288 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOW2\system32\drivers\ip6fw.sys
16:51:16.0125 3288 Ip6Fw - ok
16:51:16.0453 3288 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOW2\system32\DRIVERS\ipfltdrv.sys
16:51:16.0843 3288 IpFilterDriver - ok
16:51:17.0187 3288 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOW2\system32\DRIVERS\ipinip.sys
16:51:17.0531 3288 IpInIp - ok
16:51:17.0953 3288 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOW2\system32\DRIVERS\ipnat.sys
16:51:18.0390 3288 IpNat - ok
16:51:18.0750 3288 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOW2\system32\DRIVERS\ipsec.sys
16:51:19.0031 3288 IPSec - ok
16:51:19.0468 3288 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOW2\system32\DRIVERS\irenum.sys
16:51:19.0796 3288 IRENUM - ok
16:51:20.0156 3288 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOW2\system32\DRIVERS\isapnp.sys
16:51:20.0375 3288 isapnp - ok
16:51:20.0671 3288 ivusb - ok
16:51:21.0015 3288 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOW2\system32\DRIVERS\kbdclass.sys
16:51:21.0218 3288 Kbdclass - ok
16:51:21.0609 3288 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOW2\system32\drivers\kmixer.sys
16:51:21.0843 3288 kmixer - ok
16:51:22.0187 3288 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOW2\system32\drivers\KSecDD.sys
16:51:22.0343 3288 KSecDD - ok
16:51:22.0656 3288 lbrtfdc - ok
16:51:23.0078 3288 MBAMSwissArmy - ok
16:51:23.0406 3288 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOW2\system32\drivers\mnmdd.sys
16:51:23.0640 3288 mnmdd - ok
16:51:24.0093 3288 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOW2\system32\drivers\Modem.sys
16:51:24.0343 3288 Modem - ok
16:51:24.0671 3288 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOW2\system32\DRIVERS\mouclass.sys
16:51:24.0906 3288 Mouclass - ok
16:51:25.0203 3288 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOW2\system32\DRIVERS\mouhid.sys
16:51:25.0468 3288 mouhid - ok
16:51:25.0796 3288 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOW2\system32\drivers\MountMgr.sys
16:51:26.0046 3288 MountMgr - ok
16:51:26.0359 3288 mraid35x - ok
16:51:26.0765 3288 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOW2\system32\DRIVERS\mrxdav.sys
16:51:27.0062 3288 MRxDAV - ok
16:51:27.0562 3288 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOW2\system32\DRIVERS\mrxsmb.sys
16:51:27.0937 3288 MRxSmb - ok
16:51:28.0250 3288 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOW2\system32\drivers\Msfs.sys
16:51:28.0468 3288 Msfs - ok
16:51:28.0812 3288 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOW2\system32\drivers\MSKSSRV.sys
16:51:29.0031 3288 MSKSSRV - ok
16:51:29.0375 3288 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOW2\system32\drivers\MSPCLOCK.sys
16:51:29.0578 3288 MSPCLOCK - ok
16:51:29.0968 3288 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOW2\system32\drivers\MSPQM.sys
16:51:30.0171 3288 MSPQM - ok
16:51:30.0515 3288 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOW2\system32\DRIVERS\mssmbios.sys
16:51:30.0703 3288 mssmbios - ok
16:51:31.0062 3288 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOW2\system32\drivers\Mup.sys
16:51:31.0171 3288 Mup - ok
16:51:31.0562 3288 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOW2\system32\drivers\NDIS.sys
16:51:31.0859 3288 NDIS - ok
16:51:32.0171 3288 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOW2\system32\DRIVERS\ndistapi.sys
16:51:32.0375 3288 NdisTapi - ok
16:51:32.0687 3288 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOW2\system32\DRIVERS\ndisuio.sys
16:51:32.0875 3288 Ndisuio - ok
16:51:33.0218 3288 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOW2\system32\DRIVERS\ndiswan.sys
16:51:33.0453 3288 NdisWan - ok
16:51:33.0781 3288 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOW2\system32\drivers\NDProxy.sys
16:51:33.0875 3288 NDProxy - ok
16:51:34.0296 3288 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOW2\system32\DRIVERS\netbios.sys
16:51:34.0515 3288 NetBIOS - ok
16:51:34.0968 3288 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOW2\system32\DRIVERS\netbt.sys
16:51:35.0234 3288 NetBT - ok
16:51:35.0625 3288 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOW2\system32\DRIVERS\nic1394.sys
16:51:35.0828 3288 NIC1394 - ok
16:51:36.0218 3288 NPDriver (65194f525aef541eaa5056eb3d53a25b) C:\WINDOW2\system32\Drivers\NPDRIVER.SYS
16:51:36.0234 3288 NPDriver - ok
16:51:36.0578 3288 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOW2\system32\drivers\Npfs.sys
16:51:36.0859 3288 Npfs - ok
16:51:37.0406 3288 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOW2\system32\drivers\Ntfs.sys
16:51:37.0937 3288 Ntfs - ok
16:51:38.0281 3288 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOW2\system32\drivers\Null.sys
16:51:38.0531 3288 Null - ok
16:51:41.0437 3288 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOW2\system32\DRIVERS\nv4_mini.sys
16:51:46.0328 3288 nv - ok
16:51:46.0734 3288 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOW2\system32\DRIVERS\nwlnkflt.sys
16:51:47.0078 3288 NwlnkFlt - ok
16:51:47.0437 3288 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOW2\system32\DRIVERS\nwlnkfwd.sys
16:51:47.0734 3288 NwlnkFwd - ok
16:51:48.0093 3288 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOW2\system32\DRIVERS\ohci1394.sys
16:51:48.0312 3288 ohci1394 - ok
16:51:48.0671 3288 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOW2\system32\drivers\Parport.sys
16:51:48.0921 3288 Parport - ok
16:51:49.0250 3288 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOW2\system32\drivers\PartMgr.sys
16:51:49.0437 3288 PartMgr - ok
16:51:49.0765 3288 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOW2\system32\drivers\ParVdm.sys
16:51:50.0015 3288 ParVdm - ok
16:51:50.0375 3288 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOW2\system32\DRIVERS\pci.sys
16:51:50.0593 3288 PCI - ok
16:51:50.0906 3288 PCIDump - ok
16:51:51.0218 3288 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOW2\system32\drivers\PCIIde.sys
16:51:51.0437 3288 PCIIde - ok
16:51:51.0859 3288 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOW2\system32\drivers\Pcmcia.sys
16:51:52.0140 3288 Pcmcia - ok
16:51:52.0437 3288 PDCOMP - ok
16:51:52.0750 3288 PDFRAME - ok
16:51:53.0046 3288 PDRELI - ok
16:51:53.0343 3288 PDRFRAME - ok
16:51:53.0640 3288 perc2 - ok
16:51:53.0953 3288 perc2hib - ok
16:51:54.0343 3288 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOW2\system32\DRIVERS\raspptp.sys
16:51:54.0546 3288 PptpMiniport - ok
16:51:54.0906 3288 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOW2\system32\DRIVERS\psched.sys
16:51:55.0125 3288 PSched - ok
16:51:55.0437 3288 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOW2\system32\DRIVERS\ptilink.sys
16:51:55.0671 3288 Ptilink - ok
16:51:55.0968 3288 ql1080 - ok
16:51:56.0281 3288 Ql10wnt - ok
16:51:56.0578 3288 ql12160 - ok
16:51:56.0890 3288 ql1240 - ok
16:51:57.0218 3288 ql1280 - ok
16:51:57.0546 3288 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOW2\system32\DRIVERS\rasacd.sys
16:51:57.0781 3288 RasAcd - ok
16:51:58.0156 3288 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOW2\system32\DRIVERS\rasl2tp.sys
16:51:58.0359 3288 Rasl2tp - ok
16:51:58.0703 3288 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOW2\system32\DRIVERS\raspppoe.sys
16:51:58.0937 3288 RasPppoe - ok
16:51:59.0265 3288 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOW2\system32\DRIVERS\raspti.sys
16:51:59.0468 3288 Raspti - ok
16:51:59.0859 3288 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOW2\system32\DRIVERS\rdbss.sys
16:52:00.0140 3288 Rdbss - ok
16:52:00.0437 3288 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOW2\system32\DRIVERS\RDPCDD.sys
16:52:00.0640 3288 RDPCDD - ok
16:52:01.0031 3288 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOW2\system32\drivers\RDPWD.sys
16:52:01.0281 3288 RDPWD - ok
16:52:01.0656 3288 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOW2\system32\DRIVERS\redbook.sys
16:52:01.0890 3288 redbook - ok
16:52:02.0281 3288 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOW2\system32\DRIVERS\RTL8139.SYS
16:52:02.0453 3288 rtl8139 - ok
16:52:02.0843 3288 SDdriver (11b5e1da4566a68a881a7d73222f4c78) C:\WINDOW2\system32\Drivers\sddriver.sys
16:52:02.0906 3288 SDdriver - ok
16:52:03.0234 3288 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOW2\system32\DRIVERS\secdrv.sys
16:52:03.0437 3288 Secdrv - ok
16:52:03.0781 3288 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOW2\system32\drivers\Serial.sys
16:52:04.0031 3288 Serial - ok
16:52:04.0359 3288 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOW2\system32\drivers\Sfloppy.sys
16:52:04.0562 3288 Sfloppy - ok
16:52:04.0921 3288 Simbad - ok
16:52:05.0250 3288 Sparrow - ok
16:52:05.0578 3288 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOW2\system32\drivers\splitter.sys
16:52:05.0750 3288 splitter - ok
16:52:06.0140 3288 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOW2\system32\DRIVERS\sr.sys
16:52:06.0359 3288 sr - ok
16:52:06.0890 3288 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOW2\system32\DRIVERS\srv.sys
16:52:07.0187 3288 Srv - ok
16:52:07.0562 3288 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOW2\system32\DRIVERS\ssmdrv.sys
16:52:07.0578 3288 ssmdrv - ok
16:52:07.0906 3288 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOW2\system32\DRIVERS\swenum.sys
16:52:08.0093 3288 swenum - ok
16:52:08.0437 3288 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOW2\system32\drivers\swmidi.sys
16:52:08.0640 3288 swmidi - ok
16:52:08.0968 3288 symc810 - ok
16:52:09.0265 3288 symc8xx - ok
16:52:09.0640 3288 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOW2\system32\Drivers\SYMEVENT.SYS
16:52:09.0734 3288 SymEvent - ok
16:52:10.0031 3288 sym_hi - ok
16:52:10.0328 3288 sym_u3 - ok
16:52:10.0687 3288 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOW2\system32\drivers\sysaudio.sys
16:52:10.0906 3288 sysaudio - ok
16:52:11.0390 3288 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOW2\system32\DRIVERS\tcpip.sys
16:52:11.0765 3288 Tcpip - ok
16:52:12.0125 3288 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOW2\system32\drivers\TDPIPE.sys
16:52:12.0375 3288 TDPIPE - ok
16:52:12.0703 3288 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOW2\system32\drivers\TDTCP.sys
16:52:12.0906 3288 TDTCP - ok
16:52:13.0296 3288 TermDD (88155247177638048422893737429d9e) C:\WINDOW2\system32\DRIVERS\termdd.sys
16:52:13.0484 3288 TermDD - ok
16:52:13.0812 3288 TosIde - ok
16:52:14.0218 3288 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\window2\system32\drivers\TrueSight.sys
16:52:14.0281 3288 TrueSight ( UnsignedFile.Multi.Generic ) - warning
16:52:14.0281 3288 TrueSight - detected UnsignedFile.Multi.Generic (1)
16:52:14.0625 3288 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOW2\system32\drivers\Udfs.sys
16:52:14.0859 3288 Udfs - ok
16:52:15.0156 3288 ultra - ok
16:52:15.0640 3288 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOW2\system32\DRIVERS\update.sys
16:52:16.0125 3288 Update - ok
16:52:16.0484 3288 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOW2\system32\DRIVERS\usbehci.sys
16:52:16.0671 3288 usbehci - ok
16:52:17.0031 3288 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOW2\system32\DRIVERS\usbhub.sys
16:52:17.0296 3288 usbhub - ok
16:52:17.0625 3288 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOW2\system32\DRIVERS\usbprint.sys
16:52:17.0828 3288 usbprint - ok
16:52:18.0156 3288 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOW2\system32\DRIVERS\usbscan.sys
16:52:18.0359 3288 usbscan - ok
16:52:18.0671 3288 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOW2\system32\DRIVERS\USBSTOR.SYS
16:52:18.0859 3288 USBSTOR - ok
16:52:19.0203 3288 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOW2\system32\DRIVERS\usbuhci.sys
16:52:19.0390 3288 usbuhci - ok
16:52:19.0703 3288 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOW2\System32\drivers\vga.sys
16:52:19.0906 3288 VgaSave - ok
16:52:20.0265 3288 ViaIde - ok
16:52:20.0609 3288 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOW2\system32\drivers\VolSnap.sys
16:52:20.0828 3288 VolSnap - ok
16:52:21.0171 3288 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOW2\system32\DRIVERS\wanarp.sys
16:52:21.0359 3288 Wanarp - ok
16:52:21.0703 3288 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOW2\system32\DRIVERS\wdcsam.sys
16:52:21.0796 3288 WDC_SAM - ok
16:52:22.0109 3288 WDICA - ok
16:52:22.0500 3288 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOW2\system32\drivers\wdmaud.sys
16:52:22.0734 3288 wdmaud - ok
16:52:23.0156 3288 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOW2\System32\drivers\ws2ifsl.sys
16:52:23.0406 3288 WS2IFSL - ok
16:52:23.0765 3288 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOW2\system32\DRIVERS\WudfPf.sys
16:52:23.0875 3288 WudfPf - ok
16:52:24.0250 3288 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOW2\system32\DRIVERS\wudfrd.sys
16:52:24.0328 3288 WudfRd - ok
16:52:24.0406 3288 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:52:24.0812 3288 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:52:24.0812 3288 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:52:24.0828 3288 MBR (0x1B8) (a3487e2e4982fb9590c4694bdd6bf26a) \Device\Harddisk1\DR2
16:52:25.0015 3288 \Device\Harddisk1\DR2 - ok
16:52:25.0031 3288 Boot (0x1200) (fc650981a1f3f179c87399ce78457b07) \Device\Harddisk0\DR0\Partition0
16:52:25.0031 3288 \Device\Harddisk0\DR0\Partition0 - ok
16:52:25.0046 3288 Boot (0x1200) (80f1be939438a055e382994f1bd821c8) \Device\Harddisk1\DR2\Partition0
16:52:25.0046 3288 \Device\Harddisk1\DR2\Partition0 - ok
16:52:25.0046 3288 ============================================================
16:52:25.0046 3288 Scan finished
16:52:25.0046 3288 ============================================================
16:52:25.0171 2480 Detected object count: 3
16:52:25.0171 2480 Actual detected object count: 3
17:04:46.0390 2480 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - skipped by user
17:04:46.0390 2480 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:04:46.0390 2480 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
17:04:46.0390 2480 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:04:46.0406 2480 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:04:46.0406 2480 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:06:35.0296 1780 Deinitialize success



----------------------



ComboFix 11-10-20.06 - Baba 10/20/2011 18:15:34.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1101 [GMT -4:00]
Running from: c:\desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\setup.exe
F:\AUTORUN.INF . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-09-20 to 2011-10-20 )))))))))))))))))))))))))))))))
.
.
2011-10-20 05:49 . 2011-10-20 05:49 -------- d-----w- c:\documents and settings\All Users.WINDOW2\Application Data\Panda Security
2011-10-20 05:47 . 2011-10-20 05:48 -------- d-----w- C:\PANDA
2011-10-19 01:57 . 2011-10-20 20:46 111872 ----a-w- c:\window2\system32\drivers\TrueSight.sys
2011-10-16 13:54 . 2011-10-16 14:09 -------- d-----w- C:\Danae Saklas
2011-10-16 13:54 . 2011-10-16 13:54 -------- d-----w- C:\Danae
2011-10-15 21:04 . 2011-10-15 21:04 1324 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\d3d9caps.tmp
2011-10-15 15:13 . 2011-10-15 15:13 -------- d-s---w- c:\documents and settings\LocalService.NT AUTHORITY.000\UserData
2011-10-15 13:59 . 2011-10-15 13:59 -------- d-s---w- c:\documents and settings\NetworkService.NT AUTHORITY.000\UserData
2011-10-14 02:11 . 2011-10-14 02:11 -------- d-----w- c:\documents and settings\Luli\Application Data\Avira
2011-10-13 22:06 . 2011-04-08 20:09 229376 ----a-w- c:\window2\system32\PuranDefragS.exe
2011-10-13 22:06 . 2011-04-08 20:09 221184 ----a-w- c:\window2\system32\PuranDC.exe
2011-10-13 22:06 . 2011-04-08 20:09 1110016 ----a-w- c:\window2\system32\PuranFD.exe
2011-10-13 22:06 . 2011-04-08 20:09 107008 ----a-w- c:\window2\system32\PuranDefragBT.exe
2011-10-13 22:06 . 2010-01-27 17:58 212992 ----a-w- c:\window2\system32\PuranDefrag.dll
2011-10-13 22:06 . 2011-10-14 17:30 -------- d-----w- c:\program files\Puran Defrag
2011-10-13 03:03 . 2011-10-13 03:03 -------- d-----w- c:\documents and settings\Baba\Application Data\Avira
2011-10-13 03:01 . 2011-09-18 12:39 134344 ----a-w- c:\window2\system32\drivers\avipbb.sys
2011-10-13 03:01 . 2011-09-16 03:55 36000 ----a-w- c:\window2\system32\drivers\avkmgr.sys
2011-10-13 03:01 . 2011-09-16 03:55 74640 ----a-w- c:\window2\system32\drivers\avgntflt.sys
2011-10-13 02:59 . 2011-10-13 02:59 -------- d-----w- c:\program files\Avira
2011-10-12 05:41 . 2011-10-12 05:41 -------- d-----w- c:\program files\ESET
2011-10-08 03:30 . 2011-10-08 03:30 -------- d-----w- C:\_OTL
2011-10-02 04:06 . 2011-07-17 02:21 302592 ----a-w- C:\gmer.exe
2011-10-01 16:23 . 2011-10-20 21:06 -------- d-----w- C:\Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-28 15:30 . 2011-05-16 23:16 404640 ----a-w- c:\window2\system32\FlashPlayerCPLApp.cpl
2011-08-31 21:00 . 2010-03-20 01:47 22216 ----a-w- c:\window2\system32\drivers\mbam.sys
2011-08-01 14:15 . 2011-08-24 02:11 23386624 ----a-w- C:\WD Software Upgrader.msi
2011-10-02 22:35 . 2011-03-24 21:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_20.20.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-20 23:27 . 2011-10-20 23:27 16384 c:\window2\Temp\Perflib_Perfdata_7a4.dat
+ 2011-10-19 03:11 . 2011-10-19 03:16 182890 c:\window2\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"NvCplDaemon"="c:\window2\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\window2\system32\NvMcTray.dll" [2008-05-16 86016]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-24 198160]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-05 258512]
.
c:\documents and settings\Baba\Start Menu\Programs\Startup\
PandaUSBVaccine.lnk - c:\panda\Panda USB Vaccine\USBVaccine.exe [2011-10-20 1287176]
.
c:\documents and settings\All Users.WINDOW2\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-29 113664]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOW2^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\documents and settings\All Users.WINDOW2\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\window2\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOW2^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\documents and settings\All Users.WINDOW2\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\window2\pss\WDSmartWare.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NswUiTray]
2008-09-25 21:52 85360 ----a-w- c:\program files\Norton SystemWorks\NswUiTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Baba\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 avkmgr;avkmgr;c:\window2\system32\drivers\avkmgr.sys [10/12/2011 11:01 PM 36000]
R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;c:\window2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [12/13/2009 11:57 PM 3584]
R2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [10/12/2011 11:01 PM 342480]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/12/2011 11:01 PM 86224]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [10/12/2011 11:01 PM 463824]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [9/25/2008 5:53 PM 95600]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/8/2010 12:40 PM 237568]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [11/8/2010 12:43 PM 1060352]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [11/8/2010 12:43 PM 484352]
S3 ivusb;Initio Driver for USB Default Controller;c:\window2\system32\DRIVERS\ivusb.sys --> c:\window2\system32\DRIVERS\ivusb.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\window2\system32\drivers\mbamswissarmy.sys --> c:\window2\system32\drivers\mbamswissarmy.sys [?]
S3 TrueSight;TrueSight;c:\window2\system32\drivers\TrueSight.sys [10/18/2011 9:57 PM 111872]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\window2\system32\drivers\wdcsam.sys [3/2/2011 1:13 AM 11520]
S4 PuranDefrag;PuranDefrag;c:\window2\system32\PuranDefragS.exe [10/13/2011 6:06 PM 229376]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-01 c:\window2\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2008-09-25 21:52]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 19:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(648)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(2460)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\window2\system32\WPDShServiceObj.dll
c:\window2\system32\PortableDeviceTypes.dll
c:\window2\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\window2\system32\nvsvc32.exe
c:\progra~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\window2\Mixer.exe
c:\window2\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2011-10-20 19:41:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-20 23:40
ComboFix2.txt 2011-10-17 20:25
.
Pre-Run: 18,047,748,608 bytes free
Post-Run: 18,237,935,104 bytes free
.
- - End Of File - - 213E6D64FF1413928AEE89DF3573C5EF



-------------------------



OTL logfile created on: 10/20/2011 8:05:17 PM - Run 11
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Baba\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 56.54% Memory free
2.11 Gb Paging File | 1.53 Gb Available in Paging File | 72.47% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 16.92 Gb Free Space | 22.71% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 30.99 Gb Free Space | 83.16% Space Free | Partition Type: FAT32

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/06 02:32:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Baba\Desktop\OTL.exe
PRC - [2011/10/05 10:24:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/05 10:24:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/05 10:24:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/05 10:24:15 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/10/05 10:24:14 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/05 10:24:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\PANDA\Panda USB Vaccine\USBVaccine.exe
PRC - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOW2\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/05/08 08:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2002/10/15 14:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOW2\mixer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/05 10:24:28 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/02 18:35:30 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/28 10:40:36 | 006,277,280 | ---- | M] () -- C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/02 02:42:23 | 000,998,400 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
MOD - [2011/07/02 02:33:33 | 017,403,904 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll
MOD - [2011/07/02 02:00:06 | 000,141,312 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll
MOD - [2011/07/02 02:00:04 | 000,212,992 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/07/02 01:57:03 | 000,771,584 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
MOD - [2011/07/02 01:56:50 | 000,627,712 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll
MOD - [2011/07/02 01:56:39 | 000,627,200 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
MOD - [2011/07/02 01:56:26 | 006,616,576 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
MOD - [2011/07/02 01:51:26 | 000,015,872 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
MOD - [2011/07/02 01:49:56 | 005,450,752 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
MOD - [2011/07/02 01:49:45 | 000,971,264 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
MOD - [2011/07/02 01:49:36 | 007,950,848 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/07/02 01:49:17 | 011,490,816 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/07/02 01:46:46 | 002,933,248 | ---- | M] () -- C:\WINDOW2\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/07/02 01:46:24 | 000,261,632 | ---- | M] () -- C:\WINDOW2\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010/11/08 14:16:50 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2009/04/23 22:55:14 | 000,176,235 | ---- | M] () -- C:\WINDOW2\system32\Primomonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/05 10:24:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/05 10:24:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/05 10:24:15 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/10/05 10:24:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2008/09/25 17:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2008/09/25 17:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2008/08/01 11:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 11:31:01 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/01/29 19:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/10/20 16:46:46 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOW2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/13 23:57:18 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys -- (d8a4fef9-85c1-448f-a6f9-2570fb195020)
DRV - [2009/08/18 22:36:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/09/25 17:53:36 | 000,095,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2008/09/25 17:53:14 | 000,087,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/11/18 11:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOW2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 18:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 23:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 23:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Baba\Application Data\Move Networks [2009/12/02 02:06:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Components: C:\Netscape 6\Components
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Plugins: C:\Netscape 6\Plugins

[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions
[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/07 23:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions
[2010/06/25 22:04:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/28 23:57:29 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\searchplugins\imdb.xml
[2011/03/23 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 12:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/24 12:46:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/02 18:35:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 19:36:22 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/06/24 12:46:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 07:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 09:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/20 19:28:09 | 000,000,027 | ---- | M]) - C:\WINDOW2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOW2\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOW2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOW2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOW2\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ US DOT VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Baba\Start Menu\Programs\Startup\PandaUSBVaccine.lnk = C:\PANDA\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKU\S-1-5-21-299502267-115176313-839522115-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sra.dot.gov/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17B7A976-DB18-48C7-AD20-F583F7824731}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOW2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOW2\system32\userinit.exe) -C:\WINDOW2\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOW2\doody2.bmp
O24 - Desktop BackupWallPaper: C:\WINDOW2\doody2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 17:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/02 07:48:02 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O32 - AutoRun File - [2011/10/20 01:50:14 | 000,000,000 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2011/10/20 01:50:14 | 000,000,000 | ---- | M] () - F:\AUTORUN_.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-115176313-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-299502267-115176313-839522115-1004\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/20 16:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Desktop\RK_Quarantine
[2011/10/20 01:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Panda Security
[2011/10/20 01:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Panda Security
[2011/10/20 01:47:56 | 000,000,000 | ---D | C] -- C:\PANDA
[2011/10/18 19:55:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Baba\Recent
[2011/10/18 17:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\System Restore
[2011/10/17 15:40:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/17 15:33:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWREG.exe
[2011/10/17 15:33:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWSC.exe
[2011/10/17 15:33:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWXCACLS.exe
[2011/10/17 15:33:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOW2\NIRCMD.exe
[2011/10/17 15:32:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/17 15:32:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\Administrative Tools
[2011/10/16 09:54:23 | 000,000,000 | ---D | C] -- C:\Danae Saklas
[2011/10/16 09:54:06 | 000,000,000 | ---D | C] -- C:\Danae
[2011/10/13 18:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Puran Defrag
[2011/10/13 18:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/10/12 23:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Avira
[2011/10/12 23:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Avira
[2011/10/12 23:01:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\ssmdrv.sys
[2011/10/12 23:01:08 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avipbb.sys
[2011/10/12 23:01:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avkmgr.sys
[2011/10/12 23:01:07 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avgntflt.sys
[2011/10/12 22:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/12 01:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/07 23:30:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/07 23:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Desktop\GooredFix Backups
[2011/10/07 23:12:10 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Baba\Desktop\tdsskiller.exe
[2011/10/07 23:10:42 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Baba\Desktop\GooredFix.exe
[2011/10/06 09:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Local Settings
[2011/10/06 02:32:39 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Baba\Desktop\OTL.exe
[2011/10/01 12:23:41 | 000,000,000 | ---D | C] -- C:\Computer

========== Files - Modified Within 30 Days ==========

[2011/10/20 19:28:46 | 000,186,097 | ---- | M] () -- C:\WINDOW2\System32\nvapps.xml
[2011/10/20 19:28:09 | 000,000,027 | ---- | M] () -- C:\WINDOW2\System32\drivers\etc\hosts
[2011/10/20 19:27:15 | 000,013,646 | ---- | M] () -- C:\WINDOW2\System32\wpa.dbl
[2011/10/20 19:26:56 | 000,002,048 | --S- | M] () -- C:\WINDOW2\bootstat.dat
[2011/10/20 19:26:53 | 1610,145,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/20 16:46:46 | 000,111,872 | ---- | M] () -- C:\WINDOW2\System32\drivers\TrueSight.sys
[2011/10/20 01:48:54 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Baba\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2011/10/17 15:41:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/15 12:32:20 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/15 11:03:44 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2011/10/12 23:02:29 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/11 21:35:54 | 000,000,226 | ---- | M] () -- C:\WINDOW2\Prestopm.INI
[2011/10/07 23:15:06 | 000,004,730 | ---- | M] () -- C:\Documents and Settings\Baba\Desktop\Document.rtf
[2011/10/07 23:11:19 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Baba\Desktop\tdsskiller.exe
[2011/10/07 23:07:54 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Baba\Desktop\GooredFix.exe
[2011/10/07 22:48:59 | 001,045,398 | ---- | M] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:45:59 | 001,045,466 | ---- | M] () -- C:\WINDOW2\dietrich2.bmp
[2011/10/07 22:42:35 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:13 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:53 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody1.bmp
[2011/10/06 02:32:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Baba\Desktop\OTL.exe
[2011/10/01 09:00:55 | 000,000,290 | ---- | M] () -- C:\WINDOW2\tasks\Norton SystemWorks One Button Checkup.job
[2011/09/28 11:30:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOW2\System32\FlashPlayerCPLApp.cpl
[2011/09/25 23:47:41 | 001,045,386 | ---- | M] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:50 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dickinson2.bmp
[2011/09/25 23:40:59 | 001,045,546 | ---- | M] () -- C:\WINDOW2\dickinson1.bmp
[2011/09/25 23:36:24 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel2.bmp
[2011/09/25 23:35:40 | 001,045,558 | ---- | M] () -- C:\WINDOW2\deschanel1.bmp

========== Files Created - No Company Name ==========

[2011/10/20 01:48:54 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Baba\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2011/10/19 23:48:07 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/19 23:48:07 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Norton SystemWorks.lnk
[2011/10/19 23:48:06 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/19 23:48:06 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyula's Commander.lnk
[2011/10/19 23:48:06 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/19 23:48:06 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Thunderbird.lnk
[2011/10/19 23:48:06 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/19 23:48:06 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/10/19 23:48:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/10/19 23:48:04 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/10/19 23:47:57 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/19 23:47:57 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\MSN.lnk
[2011/10/19 23:47:57 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Apple Software Update.lnk
[2011/10/19 23:47:57 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Photoshop Elements 2.0.lnk
[2011/10/19 23:47:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/19 23:47:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Windows Movie Maker.lnk
[2011/10/19 23:47:57 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Windows Messenger.lnk
[2011/10/18 21:57:08 | 000,111,872 | ---- | C] () -- C:\WINDOW2\System32\drivers\TrueSight.sys
[2011/10/17 15:41:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/17 15:40:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/17 15:33:15 | 000,256,000 | ---- | C] () -- C:\WINDOW2\PEV.exe
[2011/10/17 15:33:15 | 000,208,896 | ---- | C] () -- C:\WINDOW2\MBR.exe
[2011/10/17 15:33:15 | 000,098,816 | ---- | C] () -- C:\WINDOW2\sed.exe
[2011/10/17 15:33:15 | 000,080,412 | ---- | C] () -- C:\WINDOW2\grep.exe
[2011/10/17 15:33:15 | 000,068,096 | ---- | C] () -- C:\WINDOW2\zip.exe
[2011/10/07 23:15:06 | 000,004,730 | ---- | C] () -- C:\Documents and Settings\Baba\Desktop\Document.rtf
[2011/10/07 22:48:57 | 001,045,398 | ---- | C] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:42:32 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:11 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:50 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody1.bmp
[2011/10/02 00:06:09 | 000,302,592 | ---- | C] () -- C:\gmer.exe
[2011/09/25 23:47:39 | 001,045,386 | ---- | C] () -- C:\WINDOW2\dickinson3.bmp
[2011/09/25 23:45:48 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dickinson2.bmp
[2010/10/05 19:15:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/13 19:01:29 | 000,000,066 | ---- | C] () -- C:\WINDOW2\GDINST.INI
[2009/10/01 23:33:34 | 000,000,226 | ---- | C] () -- C:\WINDOW2\Prestopm.INI
[2009/10/01 23:32:22 | 000,036,291 | ---- | C] () -- C:\WINDOW2\CSTBox.INI
[2009/08/20 00:28:34 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PrimoPDFSet.xml
[2009/08/19 23:45:06 | 000,176,235 | ---- | C] () -- C:\WINDOW2\System32\Primomonnt.dll
[2009/08/13 18:23:41 | 000,075,776 | ---- | C] () -- C:\WINDOW2\cadkasdeinst01e.exe
[2009/07/14 04:35:33 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 03:17:34 | 000,000,235 | ---- | C] () -- C:\WINDOW2\EXCEL4.INI
[2009/07/11 15:13:24 | 000,022,480 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI16.DLL
[2009/07/11 15:13:24 | 000,020,992 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI32.DLL
[2009/07/10 21:26:01 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JPR.{PB
[2009/07/10 21:26:01 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JCM.{PB
[2009/07/09 21:54:40 | 000,000,532 | ---- | C] () -- C:\WINDOW2\MAXLINK.INI
[2009/07/09 21:52:13 | 000,000,105 | ---- | C] () -- C:\WINDOW2\UMXADDIN.INI
[2009/07/09 21:52:12 | 000,040,960 | ---- | C] () -- C:\WINDOW2\System32\IPPCPUID.DLL
[2009/07/09 21:51:55 | 000,011,776 | ---- | C] () -- C:\WINDOW2\System32\pmsbfn32.dll
[2009/07/09 21:50:49 | 000,000,074 | ---- | C] () -- C:\WINDOW2\PMINI.ini
[2009/07/09 11:50:10 | 000,046,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Application Data\LuUninstall.LiveUpdate
[2009/07/08 01:14:23 | 000,024,501 | ---- | C] () -- C:\WINDOW2\mozver.dat
[2009/07/06 21:13:13 | 000,000,376 | ---- | C] () -- C:\WINDOW2\ODBC.INI
[2009/07/06 19:05:29 | 000,000,335 | ---- | C] () -- C:\WINDOW2\nsreg.dat
[2009/07/06 19:03:10 | 000,000,025 | ---- | C] () -- C:\WINDOW2\mixerdef.ini
[2009/07/06 18:56:15 | 000,002,048 | --S- | C] () -- C:\WINDOW2\bootstat.dat
[2009/07/06 18:43:58 | 000,021,640 | ---- | C] () -- C:\WINDOW2\System32\emptyregdb.dat
[2009/07/06 11:30:20 | 000,004,161 | ---- | C] () -- C:\WINDOW2\ODBCINST.INI
[2009/07/06 11:27:26 | 000,929,280 | ---- | C] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2009/07/06 10:34:13 | 000,039,104 | ---- | C] () -- C:\WINDOW2\cmijack.dat
[2009/07/06 10:34:13 | 000,022,178 | ---- | C] () -- C:\WINDOW2\cmaudio.dat
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOW2\primopdf.ini
[2008/05/16 17:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOW2\System32\nvwdmcpl.dll
[2008/05/16 17:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOW2\System32\nwiz.exe
[2008/05/16 17:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOW2\System32\nview.dll
[2008/05/16 17:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOW2\System32\nvdspsch.exe
[2008/05/16 17:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOW2\System32\nvwimg.dll
[2008/05/16 17:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOW2\System32\nvshell.dll
[2008/05/16 17:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOW2\System32\nvappbar.exe
[2008/05/16 17:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOW2\System32\keystone.exe
[2008/05/16 17:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOW2\System32\nvnt4cpl.dll
[2006/11/01 08:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOW2\System32\xvidvfw.dll
[2006/11/01 08:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOW2\System32\xvidcore.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOW2\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOW2\System32\mlang.dat
[2006/02/28 08:00:00 | 000,432,622 | ---- | C] () -- C:\WINDOW2\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOW2\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOW2\System32\dssec.dat
[2006/02/28 08:00:00 | 000,067,578 | ---- | C] () -- C:\WINDOW2\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOW2\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOW2\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOW2\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOW2\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOW2\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOW2\System32\noise.dat
[2004/10/26 18:39:04 | 003,375,104 | ---- | C] () -- C:\WINDOW2\System32\qt-mt331.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/09/19 19:07:48 | 000,045,568 | ---- | M] (Atribune.org) -- C:\ATF-Cleaner.exe
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\gmer.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\ServicePackFiles\i386\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOW2\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOW2\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOW2\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOW2\system32\svchost.exe
[2006/02/28 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOW2\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOW2\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOW2\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >


------------------------


OTL Extras logfile created on: 10/20/2011 8:05:17 PM - Run 11
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Baba\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 56.54% Memory free
2.11 Gb Paging File | 1.53 Gb Available in Paging File | 72.47% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 16.92 Gb Free Space | 22.71% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 30.99 Gb Free Space | 83.16% Space Free | Partition Type: FAT32

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07CEC3B0-83D0-422A-BE6D-63633C5063BB}" = TurboCAD Symbols
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EEF331B-6AC8-471A-84AE-6A9ED940EDC2}" = TurboCAD Deluxe v11.2
"{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39468292-5D68-4E93-9E09-5D9D5CA00E7A}" = FileOpen Client Installer
"{444B6A7B-0E26-4416-A43F-D1C9AAE6075D}" = Canon CanoScan Toolbox 4.8
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50CD421F-CAFD-46C4-BEFD-E1C46FE63062}" = Manual CanoScan 8400F
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.11
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6C9736CA-121C-427E-A2AC-E2125B0D362D}" = 1st Pricing
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7EFB99A8-465B-4B2F-B97F-F9C687449081}" = WinBASIC 2.0
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{DC5F786F-0733-46AC-8160-972A6906A872}" = WD SmartWare
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FL 2001 Registration" = FL 2001 Registration
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreeZip" = FreeZip
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Java Web Start" = Java Web Start
"jZip" = jZip
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PCI Audio Driver" = PCI Audio Driver
"PDF Editor 2" = PDF Editor 2
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PrimoPDF3.1" = PrimoPDF
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Quicken Family Lawyer 2001" = Quicken Family Lawyer 2001
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"SymSetup.{34EF3470-B8D8-44b6-B09B-7F5EB9AECCC8}" = Norton SystemWorks (Symantec Corporation)
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"VisualFortran60" = Visual Fortran 6.6.a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Codec Pack" = X Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2011 3:46:42 PM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 10/16/2011 10:53:45 PM | Computer Name = JAMES-HOME | Source = ESENT | ID = 490
Description = svchost (5756) An attempt to open the file "C:\WINDOW2\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/17/2011 4:03:43 PM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d1c0.

Error - 10/18/2011 8:44:03 PM | Computer Name = JAMES-HOME | Source = ESENT | ID = 490
Description = svchost (940) An attempt to open the file "C:\WINDOW2\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/18/2011 10:25:04 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application OTL(1).exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/18/2011 11:15:18 PM | Computer Name = JAMES-HOME | Source = ESENT | ID = 485
Description = HelpSvc (1296) An attempt to delete the file "C:\WINDOW2\PCHealth\HelpCtr\Config\CheckPoint\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 10/18/2011 11:15:18 PM | Computer Name = JAMES-HOME | Source = ESENT | ID = 485
Description = HelpSvc (3084) An attempt to delete the file "C:\WINDOW2\PCHealth\HelpCtr\Config\CheckPoint\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 10/19/2011 6:26:00 PM | Computer Name = JAMES-HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The process cannot access the file because it is being used by another
process.

Error - 10/20/2011 5:58:38 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application WinNav.exe, version 1.27.0.208, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2011 6:13:28 PM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application avguard.exe, version 12.1.0.18, faulting module
avbb.dll, version 12.1.0.18, fault address 0x000414c0.

[ System Events ]
Error - 10/20/2011 5:57:52 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 10/20/2011 5:57:52 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 10/20/2011 6:07:51 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The Speed Disk service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/20/2011 6:31:08 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7031
Description = The Avira Realtime Protection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 10/20/2011 6:33:23 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The WD File Management Engine service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/20/2011 6:33:29 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The WDDMService service terminated unexpectedly. It has done this
1 time(s).

Error - 10/20/2011 6:33:33 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7034
Description = The WD File Management Shadow Engine service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/20/2011 7:27:46 PM | Computer Name = JAMES-HOME | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 10/20/2011 7:28:05 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 10/20/2011 7:30:40 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.


< End of report >
  • 0

#59
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
We can address the issues you have:


Step 1.

Restore My Computer Icon

  • In the desktop with a right click go to properties.
  • On the desktop tab, click on Customize Desktop...
  • On the Desktop Options sections check the My Computer box.
  • Then click Restore Default


Step 2.

Remove System Restore Icon

Right click and delete or remove from list.


Step 3.

Fix Issues with MS Word

Go here and under On-demand detect and repairfollow the steps outlined.
Under step one start Word.
Complete the rest of the steps.


Step 4.

Uninstall Malware Bytes.

Then Download a new mbam and reinstall and update.


Step 5.

You most likely are reinfecting your computer when you attach external drives. We have now installed Panda USB Vaccine to help us.

Disconnect all external drives.

Install one at a time and follow these steps:

  • Hold down the Shift key and install one external drive.
  • When it is installed Vaccinate it with Panda USB by clicking Vaccinate when the window comes up on your lower right.
  • Use Avira to do a manual scan:
    • Open Avira
    • Click on System Scanner
    • Click on Manual Selection > My Computer > Check External Drive > Click Magnifying Glass to start Scan
    • Once Finished copy report to your next post.

    Next:
  • Open Malware Bytes.
  • Select Full Scan. Only check the box of the external drive and Scan the external drive.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
  • Disconnect the drive and do this process for all the other external drives you have.


Step 6.

Post your reports


Also when you have run TDSSKiller these show up:

17:04:46.0406 2480 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:04:46.0406 2480 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Does it give you an option to cure these??
If you do not remember please rerun TDSSKiller carefully following the steps in Post #57 Step 2, and let me know the result.

As always please tell me what issues remain.
  • 0

#60
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

First, I want to thank you for your tremendous efforts.

1. I fixed the My Computer icon.

2. The System Restore icon was already gone with this boot-up.

3. The repair utility did not work - no surprise- typical Microsoft.

4. Downloaded new Malwarebytes.

5. Ran both AVIRA and Malwarebytes on the only external drive I have - no infections, logs are below.


The TDSS Killer found the same 3 malicious threats:
1. Unsigned File: Service: d8a4fe9-85c1-448f-a6f9-2570-fb195020
2. Unsigned File: Service: TrueSight
3. TDSS File System: Physical drive: \Device\Harddisk\DRO

In all three cases the default is Skip and the other options are: Copy to Quarentine, and Delete


Other Issues

Norton System Works How best to uninstall and, secondly, what can I use as a replacement, if anything?
The WD programs - if I choose to not have them run in the background - how do I get them out of the background?




Lastly, Logs are below:


---------------------------

Avira Antivirus Premium 2012
Report file date: Saturday, October 22, 2011 00:38

Scanning for 3421795 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : JAMES SAKLAS
Serial number : 2211382182-PEPWE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Baba
Computer name : JAMES-HOME

Version information:
BUILD.DAT : 12.0.0.871 42512 Bytes 10/12/2011 17:08:00
AVSCAN.EXE : 12.1.0.17 490448 Bytes 10/5/2011 14:24:16
AVSCAN.DLL : 12.1.0.17 54224 Bytes 9/23/2011 17:34:57
LUKE.DLL : 12.1.0.17 68304 Bytes 10/5/2011 14:24:24
AVSCPLR.DLL : 12.1.0.19 99536 Bytes 10/5/2011 14:24:16
AVREG.DLL : 12.1.0.20 227024 Bytes 10/5/2011 14:24:15
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 15:07:39
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 21:08:51
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 16:00:55
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 16:18:22
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 18:12:53
VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 13:26:09
VBASE007.VDF : 7.11.15.106 2389504 Bytes 10/5/2011 15:44:27
VBASE008.VDF : 7.11.15.107 2048 Bytes 10/5/2011 15:44:27
VBASE009.VDF : 7.11.15.108 2048 Bytes 10/5/2011 15:44:27
VBASE010.VDF : 7.11.15.109 2048 Bytes 10/5/2011 15:44:27
VBASE011.VDF : 7.11.15.110 2048 Bytes 10/5/2011 15:44:27
VBASE012.VDF : 7.11.15.111 2048 Bytes 10/5/2011 15:44:27
VBASE013.VDF : 7.11.15.144 161792 Bytes 10/7/2011 03:04:29
VBASE014.VDF : 7.11.15.177 130048 Bytes 10/10/2011 03:04:30
VBASE015.VDF : 7.11.15.213 113664 Bytes 10/11/2011 03:04:31
VBASE016.VDF : 7.11.16.1 163328 Bytes 10/14/2011 12:01:14
VBASE017.VDF : 7.11.16.34 187904 Bytes 10/18/2011 01:49:12
VBASE018.VDF : 7.11.16.77 139264 Bytes 10/20/2011 11:41:14
VBASE019.VDF : 7.11.16.78 2048 Bytes 10/20/2011 11:41:14
VBASE020.VDF : 7.11.16.79 2048 Bytes 10/20/2011 11:41:14
VBASE021.VDF : 7.11.16.80 2048 Bytes 10/20/2011 11:41:14
VBASE022.VDF : 7.11.16.81 2048 Bytes 10/20/2011 11:41:15
VBASE023.VDF : 7.11.16.82 2048 Bytes 10/20/2011 11:41:15
VBASE024.VDF : 7.11.16.83 2048 Bytes 10/20/2011 11:41:15
VBASE025.VDF : 7.11.16.84 2048 Bytes 10/20/2011 11:41:15
VBASE026.VDF : 7.11.16.85 2048 Bytes 10/20/2011 11:41:15
VBASE027.VDF : 7.11.16.86 2048 Bytes 10/20/2011 11:41:15
VBASE028.VDF : 7.11.16.87 2048 Bytes 10/20/2011 11:41:15
VBASE029.VDF : 7.11.16.88 2048 Bytes 10/20/2011 11:41:16
VBASE030.VDF : 7.11.16.89 2048 Bytes 10/20/2011 11:41:16
VBASE031.VDF : 7.11.16.106 86016 Bytes 10/21/2011 17:23:33
Engineversion : 8.2.6.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 9/2/2011 03:46:02
AESCRIPT.DLL : 8.1.3.81 467322 Bytes 10/4/2011 23:01:31
AESCN.DLL : 8.1.7.2 127349 Bytes 9/2/2011 03:46:02
AESBX.DLL : 8.2.1.34 323957 Bytes 9/2/2011 03:46:02
AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 03:16:06
AEPACK.DLL : 8.2.10.11 684408 Bytes 9/22/2011 20:18:45
AEOFFICE.DLL : 8.1.2.15 201083 Bytes 9/16/2011 05:17:25
AEHEUR.DLL : 8.1.2.180 3748217 Bytes 10/13/2011 03:04:40
AEHELP.DLL : 8.1.17.7 254327 Bytes 9/2/2011 03:46:01
AEGEN.DLL : 8.1.5.9 401780 Bytes 9/2/2011 03:46:01
AEEMU.DLL : 8.1.3.0 393589 Bytes 9/2/2011 03:46:01
AECORE.DLL : 8.1.23.0 196983 Bytes 9/2/2011 03:46:01
AEBB.DLL : 8.1.1.0 53618 Bytes 9/2/2011 03:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 10/5/2011 14:24:18
AVPREF.DLL : 12.1.0.17 51920 Bytes 10/5/2011 14:24:15
AVREP.DLL : 12.1.0.17 179920 Bytes 10/5/2011 14:24:15
AVARKT.DLL : 12.1.0.17 223184 Bytes 10/5/2011 14:24:12
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 10/5/2011 14:24:14
SQLITE3.DLL : 3.7.0.0 398288 Bytes 10/5/2011 14:24:28
AVSMTP.DLL : 12.1.0.17 63440 Bytes 10/5/2011 14:24:16
NETNT.DLL : 12.1.0.17 17104 Bytes 10/5/2011 14:24:25
RCIMAGE.DLL : 12.1.0.17 4493520 Bytes 10/5/2011 14:24:33
RCTEXT.DLL : 12.1.0.16 96208 Bytes 9/23/2011 17:37:28

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\Documents and Settings\All Users.WINDOW2\Application Data\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Saturday, October 22, 2011 00:38

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'F:\'
[INFO] No virus was found!

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'USBVaccine.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'OpwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'Mixer.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'WDSC.exe' - '1' Module(s) have been scanned
Scan process 'WDFME.exe' - '1' Module(s) have been scanned
Scan process 'WDDMService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NOPDB.EXE' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NPROTECT.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '5229' files ).


Starting the file scan:

Begin scan in 'F:\'


End of the scan: Saturday, October 22, 2011 00:43
Used time: 04:18 Minute(s)

The scan has been done completely.

96 Scanned directories
7993 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
7993 Files not concerned
15 Archives were scanned
0 Warnings
0 Notes

---------------------------


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7996

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/22/2011 1:46:12 AM
mbam-log-2011-10-22 (01-46-12).txt

Scan type: Full scan (F:\|)
Objects scanned: 343869
Time elapsed: 13 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP