Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browers (both Firefox & IE)are EXTREMELY slow


  • Please log in to reply

#61
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Be back soon!!!

Edited by CompCav, 22 October 2011 - 08:10 AM.

  • 0

Advertisements


#62
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Norton Removal Tool


Download the Norton Removal and run it. You may have to restart your computer more than once as part of the process, the tool will let you know.

Post #37 lists the replacement tools for Norton SystemWorks.


Step 2.

This tool is a good uninstaller and it has a tool to stop the autostart of your WD programs.

Autorun manager Revo Uninstaller

Another excellent tool for your computer is a good uninstaller with extra tools.

  • Please download the free Revo Uninstaller.
  • Run the revosetup.exe to install Revo Uninstaller Free version.
  • Start Revo Uninstaller
  • Click Tools in the top menu bar.
  • Click Autorun Manager in the left window pane.
  • Uncheck the appropriate startup items for your WD*.exe
  • Close Revo Uninstaller.
  • Reboot your computer and WD startup items are gone!
  • Anytime you want them to autostart again just follow steps 3 through 5 and check the box next to the item for step 6.


Step 3.

To fix Word go here. Run the Fixit

The Fixit should correct your problem, if it does not go down the page and use Method 2: Repair Word in Maintenance Mode setup



Step 4.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image


Step 5.

Please post the log and attach the zip file from running AVP.


And tell me what issues remain
  • 0

#63
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

I'm stuck on Step 4. Kaspersky has run 8 hours and is only 24% complete. Is this normal?


js

Edited by jsaklas, 23 October 2011 - 08:17 AM.

  • 0

#64
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

Something hung Kaspersky up; I clicked on Delete in the ALARM pop-up window, and that seemed to kick-start the scan. It is moving along now.

As to the Word probem, I still have no fix. However, the problem is not with Word per se, but with my settings to it. I say this because when my wife gets on the computer via her link, and she loads up Word it loads perfectly fine.

Secondly, the Revo Uninstaller did not get rid of the three WD programs running in start up. THey were NOT listed in the Start Up Manager.

js
  • 0

#65
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Have you completed the run with AVP?
  • 0

#66
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

I ran AVP. It took some 16+ hours. As it found an infection is sent a pop-up asking me what to do. I chose what AVP recommended - therefore, of the nine infections some were deleted and some where quarantined.


The log is 82 Mb, so I can't get it to copy and paste on a reply.

The zip file was lost when I tried to cut and paste it to a different location
  • 0

#67
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Fopr the 82 mb file:

Upload File to MediaFire

If your attachment is to big to attach then go to Mediafire .
Register and upload your file.
Then reply with the link located to the right of your now uploaded file on Mediafire


Step 2.

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

Step 3.

Please Post:
link located to the right of your now uploaded file on Mediafire

Attach:
avptool_sysinfo.zip


How is the computer performing?
  • 0

#68
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

The Link is: http://www.mediafire...8417c7lk7w3kwdt

and the Manual Fix log is attached.

The computer seems actually slower than it did a few days ago.

Attached Files


  • 0

#69
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

  • Re-run AVPTool
  • Select the Manual Disinfection tab and press Script execution
    Posted Image
  • Where it states Insert text script in the following box copy the below script and press Run script
    Copy from Begin until End
    Posted Image
    begin
    SetAVZPMStatus(True); 
    SearchRootkit(true, true); 
    SetAVZGuardStatus(True); 
    DeleteFile('C:\DOCUME~1\Baba\LOCALS~1\Temp\A.tmp');
    BC_DeleteFile('C:\DOCUME~1\Baba\LOCALS~1\Temp\A.tmp');
    DeleteFile('C:\DOCUME~1\Baba\LOCALS~1\Temp\62.tmp');
    BC_DeleteFile('C:\DOCUME~1\Baba\LOCALS~1\Temp\62.tmp');
    BC_ImportDeletedList; 
    ExecuteSysClean; 
    BC_Activate; 
    RebootWindows(true); 
    end.

  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file


Step 2.


Please download SINO by Artellos.

  • Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
  • Then please check the following checkboxes:
    System Info
    Services
    Boot Check
    Tasklist
    Startup Items
    Event Log
    Ipconfig
    Ping
    Netstat
    Hosts file
    Shares
    Routing Table
  • Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  • A notepad window will pop up. Please copy all of the content into your next reply.
Note: If you try to interact with the program once it’s started scanning it might appear to hang. The scan however will continue.


Step 3.

Delete the old TDSSKiller on your desktop.
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 4.

Run OTL Scan

  • Please reopen Posted Image on your desktop.
  • Please check Scan All Users
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT

  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 5.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image




Step 6.



Please post:

Sino Log
TDSSKiller log
OTL.txt
Extras.txt
Eset log


How is the computer now?
  • 0

#70
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

I started Step 1 and ran the Manual Disinfection. It did not reboot; I did it manually. However you ask,"On completion please run another analysis scan and attach the zip file"

I don't understand. Do you mean run the Kaspersky Automatic Scan? If so,the output is not a zip file. The zip file was the output of the Manual Disinfection.

I apologize - I'm not real computer savvy.


js
  • 0

Advertisements


#71
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
No just reboot and go on to step 2 and we will do that only if necessary later :)
  • 0

#72
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

Here are the scans:

Sino Log
TDSSKiller log
OTL.txt
Extras.txt
Eset log

----------------------------------


System Investigator by Olrik
Log Created On: 1915_26-10-2011
SINO Version: 3.1.0.0

Total RAM: 1535 MB | Free RAM: 747 MB | Pagefile Size: 2152 MB
A: | None | 3 1/2 Inch Floppy Drive
C: | 16171 MB out of 76316 MB Free | Local Fixed Disk
D: | None | CD-ROM Disc
E: | None | CD-ROM Disc

<<<< System Information >>>>

Computer Name: JAMES-HOME
Username: Baba
Language Setting: ENU
Windows Directory: C:\WINDOW2
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[C:\WINDOW2\System32\smss.exe] - Process ID: 480
[csrss.exe] - Process ID: 548
[C:\WINDOW2\system32\winlogon.exe] - Process ID: 572
[C:\WINDOW2\system32\services.exe] - Process ID: 620
[C:\WINDOW2\system32\lsass.exe] - Process ID: 632
[C:\WINDOW2\system32\svchost.exe] - Process ID: 800
[svchost.exe] - Process ID: 856
[C:\WINDOW2\System32\svchost.exe] - Process ID: 924
[svchost.exe] - Process ID: 1064
[svchost.exe] - Process ID: 1136
[C:\WINDOW2\system32\spoolsv.exe] - Process ID: 1240
[C:\Program Files\Avira\AntiVir Desktop\sched.exe] - Process ID: 1288
[svchost.exe] - Process ID: 1372
[C:\Program Files\Avira\AntiVir Desktop\avguard.exe] - Process ID: 1772
[C:\Program Files\Java\jre6\bin\jqs.exe] - Process ID: 1812
[C:\WINDOW2\system32\nvsvc32.exe] - Process ID: 1852
[C:\WINDOW2\system32\svchost.exe] - Process ID: 1916
[C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe] - Process ID: 2036
[C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe] - Process ID: 176
[C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe] - Process ID: 220
[C:\Program Files\Canon\CAL\CALMAIN.exe] - Process ID: 360
[explorer.exe] - Process ID: 1408
[mixer.exe] - Process ID: 1664
[rundll32.exe] - Process ID: 1704
[issch.exe] - Process ID: 1884
[avgnt.exe] - Process ID: 1976
[thunderbird.exe] - Process ID: 1980
[C:\Program Files\Avira\AntiVir Desktop\avshadow.exe] - Process ID: 1540
[C:\Program Files\Avira\AntiVir Desktop\avmailc.exe] - Process ID: 1992
[C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE] - Process ID: 2092
[alg.exe] - Process ID: 3136
[csrss.exe] - Process ID: 1572
[C:\WINDOW2\system32\winlogon.exe] - Process ID: 1880
[C:\WINDOW2\Explorer.EXE] - Process ID: 2496
[C:\WINDOW2\Mixer.exe] - Process ID: 396
[C:\WINDOW2\system32\RUNDLL32.EXE] - Process ID: 1968
[C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe] - Process ID: 2400
[C:\Program Files\Avira\AntiVir Desktop\avgnt.exe] - Process ID: 2676
[C:\PANDA\Panda USB Vaccine\USBVaccine.exe] - Process ID: 2892
[C:\Program Files\Mozilla Thunderbird\thunderbird.exe] - Process ID: 1144
[C:\Program Files\Mozilla Firefox\firefox.exe] - Process ID: 3728
[C:\Program Files\Mozilla Firefox\plugin-container.exe] - Process ID: 3408
[C:\Program Files\Gyula's Windows Navigator\WinNav.exe] - Process ID: 1912
[C:\DOCUME~1\Baba\LOCALS~1\Temp\SINO\SINO.exe] - Process ID: 3960
[wmiprvse.exe] - Process ID: 3184

<<<< Startup Items >>>>

[PandaUSBVaccine.lnk] - <Startup> - C:\PANDA\Panda USB Vaccine\USBVaccine.exe
[_uninst_90032672.lnk] - <Startup> - C:\Documents and Settings\Baba\Local Settings\temp\_uninst_90032672.bat
[Adobe Gamma Loader.lnk] - <Common Startup> - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[C-Media Mixer] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - Mixer.exe /startup
[NvCplDaemon] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - RUNDLL32.EXE C:\WINDOW2\system32\NvCpl.dll,NvStartup
[nwiz] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - nwiz.exe /install
[NvMediaCenter] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - RUNDLL32.EXE C:\WINDOW2\system32\NvMcTray.dll,NvTaskbarInit
[QuickTime Task] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\QuickTime\qttask.exe" -atboottime
[TkBellExe] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[ISUSPM Startup] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[ISUSScheduler] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[SunJavaUpdateSched] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
[Adobe ARM] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[avgnt] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

<<<< MS Services >>>>

Application Layer Gateway Service (ALG) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOW2\System32\alg.exe
Windows Audio (AudioSrv) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
CryptSvc (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k NetworkService
Error Reporting Service (ERSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
Event Log (Eventlog) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\services.exe
COM+ Event System (EventSystem) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
Help and Support (helpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
Server (lanmanserver) - Running [Auto | Stoppable | Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
Workstation (lanmanworkstation) - Running [Auto | Stoppable | Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper (LmHosts) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k LocalService
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) (Nla) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\services.exe
IPSEC Services (PolicyAgent) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\system32\lsass.exe
Protected Storage (ProtectedStorage) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\system32\lsass.exe
Remote Access Connection Manager (RasMan) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\lsass.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
System Event Notification (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\system32\spoolsv.exe
System Restore Service (srservice) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
SSDP Discovery Service (SSDPSRV) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k LocalService
Windows Image Acquisition (WIA) (stisvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k imgsvc
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
Terminal Services (TermService) - Running [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k DComLaunch
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
Windows Time (W32Time) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
WebClient (WebClient) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k LocalService
Windows Management Instrumentation (winmgmt) - Running [Auto | Stoppable | Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
Security Center (wscsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
Wireless Zero Configuration (WZCSVC) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
Alerter (Alerter) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k LocalService
Application Management (AppMgmt) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
ASP.NET State Service (aspnet_state) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Background Intelligent Transfer Service (BITS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
Computer Browser (Browser) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
Indexing Service (CiSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\cisvc.exe
ClipBook (ClipSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\clipsrv.exe
.NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Logical Disk Manager Administrative Service (dmadmin) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\System32\dmadmin.exe /com
Logical Disk Manager (dmserver) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
Wired AutoConfig (Dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k dot3svc
Extensible Authentication Protocol Service (EapHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k eapsvcs
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - c:\WINDOW2\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
Human Interface Device Access (HidServ) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
Health Key and Certificate Management Service (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
HTTP SSL (HTTPFilter) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k HTTPFilter
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\WINDOW2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
IMAPI CD-Burning COM Service (ImapiService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\imapi.exe
Messenger (Messenger) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
NetMeeting Remote Desktop Sharing (mnmsrvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\mnmsrvc.exe
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\msdtc.exe
Windows Installer (MSIServer) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\msiexec.exe /V
Network Access Protection Agent (napagent) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
Network DDE (NetDDE) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\netdde.exe
Network DDE DSDM (NetDDEdsdm) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\netdde.exe
Net Logon (Netlogon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\lsass.exe
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "C:\WINDOW2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
NT LM Security Support Provider (NtLmSsp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\lsass.exe
Removable Storage (NtmsSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
Office Source Engine (ose) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager (RDSessMgr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\sessmgr.exe
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\locator.exe
QoS RSVP (RSVP) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\rsvp.exe
Smart Card (SCardSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\System32\SCardSvr.exe
MS Software Shadow Copy Provider (SwPrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\dllhost.exe /Processid:{C2DE1F6A-AB0F-4F87-8931-18C415C358F4}
Performance Logs and Alerts (SysmonLog) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\smlogsvc.exe
Universal Plug and Play Device Host (upnphost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k LocalService
Uninterruptible Power Supply (UPS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\System32\ups.exe
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\System32\vssvc.exe
Portable Media Serial Number Service (WmdmPmSN) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs
WMI Performance Adapter (WmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\wbem\wmiapsrv.exe
Windows Media Player Network Sharing Service (WMPNetworkSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Automatic Updates (wuauserv) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k netsvcs
Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\system32\svchost.exe -k WudfServiceGroup
Network Provisioning Service (xmlprov) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOW2\System32\svchost.exe -k netsvcs

<<<< Non-MS Services >>>>

Avira Mail Protection (AntiVirMailService) - Running [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\Avira\AntiVir Desktop\avmailc.exe"
Avira Scheduler (AntiVirSchedulerService) - Running [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
Avira Realtime Protection (AntiVirService) - Running [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
Avira Web Protection (AntiVirWebService) - Running [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE"
Canon Camera Access Library 8 (CCALib8) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\Canon\CAL\CALMAIN.exe
Java Quick Starter (JavaQuickStarterService) - Running [Auto | Stoppable | Pausable] - "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
NVIDIA Display Driver Service (NVSvc) - Running [Auto | Stoppable | Pausable] - C:\WINDOW2\system32\nvsvc32.exe
WDDMService (WDDMService) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe"
WD File Management Engine (WDFME) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe"
WD File Management Shadow Engine (WDSC) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe"
PuranDefrag (PuranDefrag) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "C:\WINDOW2\system32\PuranDefragS.exe"
Symantec RemoteAssist (Symantec RemoteAssist) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe"

<<<< Boot.ini >>>>

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW2
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOW2="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

<<<< Last 5 Application Errors or Warnings >>>>

Computer Name: JAMES-HOME | ID: 1517 | Source: Userenv | Type: Warning | Date: 25-10-11 23:43:12 | Log: Application
Message: Windows saved user JAMES-HOME\Luli registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.





This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.


Computer Name: JAMES-HOME | ID: 1524 | Source: Userenv | Type: Warning | Date: 25-10-11 23:43:8 | Log: Application
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.






Computer Name: JAMES-HOME | ID: 1517 | Source: Userenv | Type: Warning | Date: 25-10-11 21:32:3 | Log: Application
Message: Windows saved user JAMES-HOME\Baba registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.





This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.


Computer Name: JAMES-HOME | ID: 1524 | Source: Userenv | Type: Warning | Date: 25-10-11 21:32:0 | Log: Application
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.






Computer Name: JAMES-HOME | ID: 11 | Source: crypt32 | Type: Error | Date: 25-10-11 21:18:10 | Log: Application
Message: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: The process cannot access the file because it is being used by another process.




<<<< Last 5 System Errors or Warnings >>>>

Computer Name: JAMES-HOME | ID: 7011 | Source: Service Control Manager | Type: Error | Date: 26-10-11 17:17:37 | Log: System
Message: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.


Computer Name: JAMES-HOME | ID: 18 | Source: avipbb | Type: Warning | Date: 26-10-11 17:16:53 | Log: System
Message: TIMEOUT: event=8 PID=1272


Computer Name: JAMES-HOME | ID: 23 | Source: Print | Type: Error | Date: 26-10-11 17:15:51 | Log: System
Message: Printer Corel Barista failed to initialize because a suitable Corel Barista driver could not be found.


Computer Name: JAMES-HOME | ID: 7023 | Source: Service Control Manager | Type: Error | Date: 26-10-11 17:15:9 | Log: System
Message: The Automatic Updates service terminated with the following error:

%%126


Computer Name: JAMES-HOME | ID: 23 | Source: Print | Type: Error | Date: 26-10-11 8:32:42 | Log: System
Message: Printer Corel Barista failed to initialize because a suitable Corel Barista driver could not be found.


<<<< Special Events >>>>

There were no special events found

<<<< Ipconfig >>>>

Windows IP Configuration

Host Name . . . . . . . . . . . . : james-home
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-50-8D-FD-20-30
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Wednesday, October 26, 2011 5:14:23 PM
Lease Expires . . . . . . . . . . : Thursday, October 27, 2011 5:14:23 PM


<<<< Pinging >>>>

OpenDNS Domain Test
Pinging to www.opendns.com [208.69.38.150]:
Response - 108ms
Response - 109ms
Response - 109ms
Response - 93msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 93ms - Maximum = 109ms

OpenDNS IP Test
Pinging to 208.69.38.150 [208.69.38.150]:
Response - 125ms
Response - 141ms
Response - 157ms
Response - 140msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 125ms - Maximum = 157ms

Kaspersky Domain Test
Pinging to www.kaspersky.com [195.27.252.18]:
Response - 156ms
Response - 141ms
Response - 141ms
Response - 140msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 140ms - Maximum = 156ms

Kaspersky IP Test
Pinging to 195.27.181.10 [195.27.181.10]:
Response - 141ms
Response - 108ms
Response - 108ms
Response - 109msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 108ms - Maximum = 141ms

YouTube Domain Test
Pinging to www.youtube.com [72.14.204.91]:
Response - 32ms
Response - None
Response - 30ms
Response - 16msPackets: Sent = 4, Received = 3, Lost = 1
Minimum = 16ms - Maximum = 32ms

YouTube IP Test
Pinging to 66.102.9.136 [66.102.9.136]:
Response - None
Response - None
Response - None
Response - NonePackets: Sent = 4, Received = 0, Lost = 4
Minimum = 0ms - Maximum = 0ms

localhost Test
Pinging to 127.0.0.1 [127.0.0.1]:
Response - 0ms
Response - 0ms
Response - 0ms
Response - 0msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 0ms - Maximum = 0ms


<<<< Netstat >>>>

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 856
c:\window2\system32\WS2_32.dll
C:\WINDOW2\system32\RPCRT4.dll
c:\window2\system32\rpcss.dll
C:\WINDOW2\system32\svchost.exe
C:\WINDOW2\system32\ADVAPI32.dll
[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 0.0.0.0:44080 0.0.0.0:0 LISTENING 2092
[AVWEBGRD.EXE]

TCP 0.0.0.0:44081 0.0.0.0:0 LISTENING 2092
[AVWEBGRD.EXE]

TCP 0.0.0.0:44110 0.0.0.0:0 LISTENING 1992
[avmailc.exe]

TCP 127.0.0.1:1030 0.0.0.0:0 LISTENING 3136
[alg.exe]

TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 1812
[jqs.exe]

TCP 192.168.0.2:139 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:1026 127.0.0.1:1027 ESTABLISHED 1980
[thunderbird.exe]

TCP 127.0.0.1:1027 127.0.0.1:1026 ESTABLISHED 1980
[thunderbird.exe]

TCP 127.0.0.1:1031 127.0.0.1:1032 ESTABLISHED 1980
[thunderbird.exe]

TCP 127.0.0.1:1032 127.0.0.1:1031 ESTABLISHED 1980
[thunderbird.exe]

TCP 127.0.0.1:1207 127.0.0.1:1208 ESTABLISHED 1144
[thunderbird.exe]

TCP 127.0.0.1:1208 127.0.0.1:1207 ESTABLISHED 1144
[thunderbird.exe]

TCP 127.0.0.1:1211 127.0.0.1:1212 ESTABLISHED 1144
[thunderbird.exe]

TCP 127.0.0.1:1212 127.0.0.1:1211 ESTABLISHED 1144
[thunderbird.exe]

TCP 127.0.0.1:1296 127.0.0.1:1297 ESTABLISHED 3728
[firefox.exe]

TCP 127.0.0.1:1297 127.0.0.1:1296 ESTABLISHED 3728
[firefox.exe]

TCP 127.0.0.1:1298 127.0.0.1:1299 ESTABLISHED 3728
[firefox.exe]

TCP 127.0.0.1:1299 127.0.0.1:1298 ESTABLISHED 3728
[firefox.exe]

TCP 192.168.0.2:1033 128.8.237.24:993 ESTABLISHED 1980
[thunderbird.exe]

TCP 127.0.0.1:1995 127.0.0.1:44080 TIME_WAIT 0
TCP 127.0.0.1:1997 127.0.0.1:44080 TIME_WAIT 0
TCP 127.0.0.1:1999 127.0.0.1:44080 TIME_WAIT 0
TCP 127.0.0.1:2001 127.0.0.1:44110 TIME_WAIT 0
TCP 127.0.0.1:2003 127.0.0.1:44110 TIME_WAIT 0
TCP 192.168.0.2:1996 72.14.204.138:80 TIME_WAIT 0
TCP 192.168.0.2:1998 72.14.204.102:80 TIME_WAIT 0
TCP 192.168.0.2:2000 69.163.234.194:80 TIME_WAIT 0
UDP 0.0.0.0:500 *:* 632
[lsass.exe]

UDP 0.0.0.0:4500 *:* 632
[lsass.exe]

UDP 0.0.0.0:445 *:* 4
[System]

UDP 127.0.0.1:1900 *:* 1136
c:\window2\system32\WS2_32.dll
c:\window2\system32\ssdpsrv.dll
C:\WINDOW2\system32\ADVAPI32.dll
C:\WINDOW2\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:123 *:* 924
c:\window2\system32\WS2_32.dll
c:\window2\system32\w32time.dll
ntdll.dll
-- unknown component(s) --
[svchost.exe]

UDP 192.168.0.2:123 *:* 924
c:\window2\system32\WS2_32.dll
c:\window2\system32\w32time.dll
ntdll.dll
-- unknown component(s) --
[svchost.exe]

UDP 192.168.0.2:138 *:* 4
[System]

UDP 192.168.0.2:137 *:* 4
[System]

UDP 192.168.0.2:1900 *:* 1136
c:\window2\system32\WS2_32.dll
c:\window2\system32\ssdpsrv.dll
C:\WINDOW2\system32\ADVAPI32.dll
C:\WINDOW2\system32\kernel32.dll
[svchost.exe]


<<<< Routing Table >>>>

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 8d fd 20 30 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 20
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 20
224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 20
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

Route Table

<<<< Hosts File >>>>

The HOSTS file is 27 Bytes in size.

There were 0 lines which refer to an external IP address.

<<<< Active Shares >>>>

Share: IPC$ - Path:


------ End of File ------


-----------------------------


20:28:39.0062 3308 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
20:28:39.0593 3308 ============================================================
20:28:39.0593 3308 Current date / time: 2011/10/26 20:28:39.0593
20:28:39.0593 3308 SystemInfo:
20:28:39.0593 3308
20:28:39.0593 3308 OS Version: 5.1.2600 ServicePack: 3.0
20:28:39.0593 3308 Product type: Workstation
20:28:39.0593 3308 ComputerName: JAMES-HOME
20:28:39.0593 3308 UserName: Baba
20:28:39.0593 3308 Windows directory: C:\WINDOW2
20:28:39.0593 3308 System windows directory: C:\WINDOW2
20:28:39.0593 3308 Processor architecture: Intel x86
20:28:39.0593 3308 Number of processors: 1
20:28:39.0593 3308 Page size: 0x1000
20:28:39.0593 3308 Boot type: Normal boot
20:28:39.0593 3308 ============================================================
20:28:41.0718 3308 Initialize success
20:29:39.0296 2428 ============================================================
20:29:39.0296 2428 Scan started
20:29:39.0296 2428 Mode: Manual; SigCheck; TDLFS;
20:29:39.0296 2428 ============================================================
20:29:40.0453 2428 90032672 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOW2\system32\DRIVERS\90032672.sys
20:29:40.0890 2428 90032672 - ok
20:29:41.0171 2428 Abiosdsk - ok
20:29:41.0453 2428 abp480n5 - ok
20:29:41.0843 2428 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOW2\system32\DRIVERS\ACPI.sys
20:29:42.0125 2428 ACPI - ok
20:29:42.0437 2428 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOW2\system32\drivers\ACPIEC.sys
20:29:42.0671 2428 ACPIEC - ok
20:29:42.0953 2428 adpu160m - ok
20:29:43.0312 2428 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOW2\system32\drivers\aec.sys
20:29:43.0656 2428 aec - ok
20:29:44.0046 2428 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOW2\System32\drivers\afd.sys
20:29:44.0203 2428 AFD - ok
20:29:44.0515 2428 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOW2\system32\DRIVERS\agp440.sys
20:29:44.0718 2428 agp440 - ok
20:29:45.0031 2428 Aha154x - ok
20:29:45.0312 2428 aic78u2 - ok
20:29:45.0609 2428 aic78xx - ok
20:29:45.0906 2428 AliIde - ok
20:29:46.0187 2428 amsint - ok
20:29:46.0578 2428 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOW2\system32\DRIVERS\arp1394.sys
20:29:46.0828 2428 Arp1394 - ok
20:29:47.0187 2428 asc - ok
20:29:47.0515 2428 asc3350p - ok
20:29:47.0781 2428 asc3550 - ok
20:29:48.0125 2428 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOW2\system32\DRIVERS\asyncmac.sys
20:29:48.0359 2428 AsyncMac - ok
20:29:48.0750 2428 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOW2\system32\DRIVERS\atapi.sys
20:29:48.0984 2428 atapi - ok
20:29:49.0265 2428 Atdisk - ok
20:29:49.0593 2428 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOW2\system32\DRIVERS\atmarpc.sys
20:29:49.0921 2428 Atmarpc - ok
20:29:50.0250 2428 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOW2\system32\DRIVERS\audstub.sys
20:29:50.0468 2428 audstub - ok
20:29:50.0828 2428 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOW2\system32\DRIVERS\avgntflt.sys
20:29:50.0843 2428 avgntflt - ok
20:29:51.0203 2428 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOW2\system32\DRIVERS\avipbb.sys
20:29:51.0218 2428 avipbb - ok
20:29:51.0515 2428 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOW2\system32\DRIVERS\avkmgr.sys
20:29:51.0546 2428 avkmgr - ok
20:29:51.0875 2428 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOW2\system32\drivers\Beep.sys
20:29:52.0140 2428 Beep - ok
20:29:52.0296 2428 catchme - ok
20:29:52.0656 2428 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOW2\system32\drivers\cbidf2k.sys
20:29:52.0937 2428 cbidf2k - ok
20:29:53.0250 2428 cd20xrnt - ok
20:29:53.0562 2428 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOW2\system32\drivers\Cdaudio.sys
20:29:53.0890 2428 Cdaudio - ok
20:29:54.0234 2428 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOW2\system32\drivers\Cdfs.sys
20:29:54.0437 2428 Cdfs - ok
20:29:54.0765 2428 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOW2\system32\DRIVERS\cdrom.sys
20:29:54.0984 2428 Cdrom - ok
20:29:55.0265 2428 Changer - ok
20:29:55.0578 2428 CmdIde - ok
20:29:56.0046 2428 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOW2\system32\drivers\cmaudio.sys
20:29:56.0328 2428 cmpci - ok
20:29:56.0625 2428 Cpqarray - ok
20:29:56.0781 2428 d8a4fef9-85c1-448f-a6f9-2570fb195020 (7f109ab3e0251d73dcb56130bab7826e) C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys
20:29:56.0796 2428 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - warning
20:29:56.0796 2428 d8a4fef9-85c1-448f-a6f9-2570fb195020 - detected UnsignedFile.Multi.Generic (1)
20:29:57.0078 2428 dac2w2k - ok
20:29:57.0375 2428 dac960nt - ok
20:29:57.0718 2428 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOW2\system32\DRIVERS\disk.sys
20:29:57.0906 2428 Disk - ok
20:29:58.0531 2428 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOW2\system32\drivers\dmboot.sys
20:29:59.0281 2428 dmboot - ok
20:29:59.0703 2428 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOW2\system32\drivers\dmio.sys
20:30:00.0031 2428 dmio - ok
20:30:00.0343 2428 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOW2\system32\drivers\dmload.sys
20:30:00.0640 2428 dmload - ok
20:30:00.0968 2428 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOW2\system32\drivers\DMusic.sys
20:30:01.0171 2428 DMusic - ok
20:30:01.0468 2428 dpti2o - ok
20:30:01.0765 2428 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOW2\system32\drivers\drmkaud.sys
20:30:01.0968 2428 drmkaud - ok
20:30:02.0359 2428 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOW2\system32\drivers\Fastfat.sys
20:30:02.0625 2428 Fastfat - ok
20:30:02.0953 2428 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOW2\system32\DRIVERS\fdc.sys
20:30:03.0171 2428 Fdc - ok
20:30:03.0531 2428 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOW2\system32\drivers\Fips.sys
20:30:03.0890 2428 Fips - ok
20:30:04.0203 2428 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOW2\system32\DRIVERS\flpydisk.sys
20:30:04.0421 2428 Flpydisk - ok
20:30:04.0781 2428 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOW2\system32\drivers\fltmgr.sys
20:30:05.0000 2428 FltMgr - ok
20:30:05.0312 2428 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOW2\system32\drivers\Fs_Rec.sys
20:30:05.0546 2428 Fs_Rec - ok
20:30:05.0937 2428 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOW2\system32\DRIVERS\ftdisk.sys
20:30:06.0234 2428 Ftdisk - ok
20:30:06.0546 2428 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOW2\system32\DRIVERS\gameenum.sys
20:30:06.0718 2428 gameenum - ok
20:30:07.0046 2428 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOW2\system32\DRIVERS\msgpc.sys
20:30:07.0234 2428 Gpc - ok
20:30:07.0625 2428 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOW2\system32\DRIVERS\hidusb.sys
20:30:07.0812 2428 HidUsb - ok
20:30:08.0093 2428 hpn - ok
20:30:08.0515 2428 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOW2\system32\Drivers\HTTP.sys
20:30:08.0671 2428 HTTP - ok
20:30:09.0031 2428 i2omgmt - ok
20:30:09.0312 2428 i2omp - ok
20:30:09.0656 2428 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOW2\system32\DRIVERS\i8042prt.sys
20:30:09.0921 2428 i8042prt - ok
20:30:10.0265 2428 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOW2\system32\DRIVERS\imapi.sys
20:30:10.0468 2428 Imapi - ok
20:30:10.0781 2428 ini910u - ok
20:30:11.0078 2428 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOW2\system32\DRIVERS\intelide.sys
20:30:11.0250 2428 IntelIde - ok
20:30:11.0562 2428 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOW2\system32\DRIVERS\intelppm.sys
20:30:11.0750 2428 intelppm - ok
20:30:12.0109 2428 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOW2\system32\drivers\ip6fw.sys
20:30:12.0375 2428 Ip6Fw - ok
20:30:12.0718 2428 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOW2\system32\DRIVERS\ipfltdrv.sys
20:30:13.0031 2428 IpFilterDriver - ok
20:30:13.0359 2428 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOW2\system32\DRIVERS\ipinip.sys
20:30:13.0593 2428 IpInIp - ok
20:30:14.0000 2428 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOW2\system32\DRIVERS\ipnat.sys
20:30:14.0250 2428 IpNat - ok
20:30:14.0593 2428 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOW2\system32\DRIVERS\ipsec.sys
20:30:14.0781 2428 IPSec - ok
20:30:15.0093 2428 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOW2\system32\DRIVERS\irenum.sys
20:30:15.0328 2428 IRENUM - ok
20:30:15.0718 2428 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOW2\system32\DRIVERS\isapnp.sys
20:30:15.0953 2428 isapnp - ok
20:30:16.0234 2428 ivusb - ok
20:30:16.0843 2428 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOW2\system32\DRIVERS\kbdclass.sys
20:30:17.0093 2428 Kbdclass - ok
20:30:17.0484 2428 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOW2\system32\drivers\kmixer.sys
20:30:17.0750 2428 kmixer - ok
20:30:18.0125 2428 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOW2\system32\drivers\KSecDD.sys
20:30:18.0234 2428 KSecDD - ok
20:30:18.0531 2428 lbrtfdc - ok
20:30:18.0984 2428 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOW2\system32\drivers\mnmdd.sys
20:30:19.0234 2428 mnmdd - ok
20:30:19.0609 2428 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOW2\system32\drivers\Modem.sys
20:30:19.0843 2428 Modem - ok
20:30:20.0187 2428 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOW2\system32\DRIVERS\mouclass.sys
20:30:20.0406 2428 Mouclass - ok
20:30:20.0734 2428 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOW2\system32\DRIVERS\mouhid.sys
20:30:21.0000 2428 mouhid - ok
20:30:21.0328 2428 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOW2\system32\drivers\MountMgr.sys
20:30:21.0531 2428 MountMgr - ok
20:30:21.0812 2428 mraid35x - ok
20:30:22.0171 2428 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOW2\system32\DRIVERS\mrxdav.sys
20:30:22.0437 2428 MRxDAV - ok
20:30:22.0921 2428 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOW2\system32\DRIVERS\mrxsmb.sys
20:30:23.0218 2428 MRxSmb - ok
20:30:23.0546 2428 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOW2\system32\drivers\Msfs.sys
20:30:23.0750 2428 Msfs - ok
20:30:24.0140 2428 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOW2\system32\drivers\MSKSSRV.sys
20:30:24.0359 2428 MSKSSRV - ok
20:30:24.0687 2428 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOW2\system32\drivers\MSPCLOCK.sys
20:30:24.0921 2428 MSPCLOCK - ok
20:30:25.0265 2428 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOW2\system32\drivers\MSPQM.sys
20:30:25.0484 2428 MSPQM - ok
20:30:25.0890 2428 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOW2\system32\DRIVERS\mssmbios.sys
20:30:26.0140 2428 mssmbios - ok
20:30:26.0781 2428 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOW2\system32\drivers\Mup.sys
20:30:26.0859 2428 Mup - ok
20:30:27.0328 2428 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOW2\system32\drivers\NDIS.sys
20:30:27.0609 2428 NDIS - ok
20:30:27.0921 2428 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOW2\system32\DRIVERS\ndistapi.sys
20:30:28.0156 2428 NdisTapi - ok
20:30:28.0484 2428 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOW2\system32\DRIVERS\ndisuio.sys
20:30:28.0687 2428 Ndisuio - ok
20:30:29.0062 2428 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOW2\system32\DRIVERS\ndiswan.sys
20:30:29.0343 2428 NdisWan - ok
20:30:29.0656 2428 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOW2\system32\drivers\NDProxy.sys
20:30:29.0718 2428 NDProxy - ok
20:30:30.0062 2428 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOW2\system32\DRIVERS\netbios.sys
20:30:30.0265 2428 NetBIOS - ok
20:30:30.0656 2428 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOW2\system32\DRIVERS\netbt.sys
20:30:30.0875 2428 NetBT - ok
20:30:31.0328 2428 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOW2\system32\DRIVERS\nic1394.sys
20:30:31.0515 2428 NIC1394 - ok
20:30:31.0906 2428 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOW2\system32\drivers\Npfs.sys
20:30:32.0187 2428 Npfs - ok
20:30:32.0718 2428 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOW2\system32\drivers\Ntfs.sys
20:30:33.0234 2428 Ntfs - ok
20:30:33.0562 2428 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOW2\system32\drivers\Null.sys
20:30:33.0796 2428 Null - ok
20:30:36.0656 2428 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOW2\system32\DRIVERS\nv4_mini.sys
20:30:41.0437 2428 nv - ok
20:30:41.0937 2428 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOW2\system32\DRIVERS\nwlnkflt.sys
20:30:42.0265 2428 NwlnkFlt - ok
20:30:42.0593 2428 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOW2\system32\DRIVERS\nwlnkfwd.sys
20:30:43.0015 2428 NwlnkFwd - ok
20:30:43.0343 2428 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOW2\system32\DRIVERS\ohci1394.sys
20:30:43.0562 2428 ohci1394 - ok
20:30:44.0000 2428 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOW2\system32\drivers\Parport.sys
20:30:44.0218 2428 Parport - ok
20:30:44.0593 2428 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOW2\system32\drivers\PartMgr.sys
20:30:44.0781 2428 PartMgr - ok
20:30:45.0093 2428 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOW2\system32\drivers\ParVdm.sys
20:30:45.0375 2428 ParVdm - ok
20:30:45.0921 2428 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOW2\system32\DRIVERS\pci.sys
20:30:46.0203 2428 PCI - ok
20:30:46.0703 2428 PCIDump - ok
20:30:47.0031 2428 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOW2\system32\drivers\PCIIde.sys
20:30:47.0375 2428 PCIIde - ok
20:30:47.0750 2428 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOW2\system32\drivers\Pcmcia.sys
20:30:48.0015 2428 Pcmcia - ok
20:30:48.0359 2428 PDCOMP - ok
20:30:48.0640 2428 PDFRAME - ok
20:30:48.0937 2428 PDRELI - ok
20:30:49.0234 2428 PDRFRAME - ok
20:30:49.0546 2428 perc2 - ok
20:30:49.0843 2428 perc2hib - ok
20:30:50.0218 2428 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOW2\system32\DRIVERS\raspptp.sys
20:30:50.0453 2428 PptpMiniport - ok
20:30:50.0796 2428 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOW2\system32\DRIVERS\psched.sys
20:30:51.0000 2428 PSched - ok
20:30:51.0343 2428 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOW2\system32\DRIVERS\ptilink.sys
20:30:52.0093 2428 Ptilink - ok
20:30:52.0390 2428 ql1080 - ok
20:30:52.0687 2428 Ql10wnt - ok
20:30:52.0984 2428 ql12160 - ok
20:30:53.0281 2428 ql1240 - ok
20:30:53.0593 2428 ql1280 - ok
20:30:53.0875 2428 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOW2\system32\DRIVERS\rasacd.sys
20:30:54.0171 2428 RasAcd - ok
20:30:54.0500 2428 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOW2\system32\DRIVERS\rasl2tp.sys
20:30:54.0750 2428 Rasl2tp - ok
20:30:55.0078 2428 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOW2\system32\DRIVERS\raspppoe.sys
20:30:55.0250 2428 RasPppoe - ok
20:30:55.0562 2428 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOW2\system32\DRIVERS\raspti.sys
20:30:55.0828 2428 Raspti - ok
20:30:56.0203 2428 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOW2\system32\DRIVERS\rdbss.sys
20:30:56.0500 2428 Rdbss - ok
20:30:56.0812 2428 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOW2\system32\DRIVERS\RDPCDD.sys
20:30:57.0062 2428 RDPCDD - ok
20:30:57.0484 2428 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOW2\system32\drivers\RDPWD.sys
20:30:57.0781 2428 RDPWD - ok
20:30:58.0187 2428 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOW2\system32\DRIVERS\redbook.sys
20:30:58.0421 2428 redbook - ok
20:30:58.0843 2428 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOW2\system32\DRIVERS\RTL8139.SYS
20:30:59.0000 2428 rtl8139 - ok
20:30:59.0375 2428 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOW2\system32\DRIVERS\secdrv.sys
20:30:59.0640 2428 Secdrv - ok
20:30:59.0968 2428 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOW2\system32\drivers\Serial.sys
20:31:00.0187 2428 Serial - ok
20:31:00.0578 2428 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOW2\system32\drivers\Sfloppy.sys
20:31:00.0781 2428 Sfloppy - ok
20:31:01.0078 2428 Simbad - ok
20:31:01.0406 2428 Sparrow - ok
20:31:01.0781 2428 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOW2\system32\drivers\splitter.sys
20:31:01.0984 2428 splitter - ok
20:31:02.0328 2428 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOW2\system32\DRIVERS\sr.sys
20:31:02.0546 2428 sr - ok
20:31:03.0031 2428 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOW2\system32\DRIVERS\srv.sys
20:31:03.0312 2428 Srv - ok
20:31:03.0703 2428 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOW2\system32\DRIVERS\ssmdrv.sys
20:31:03.0718 2428 ssmdrv - ok
20:31:04.0015 2428 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOW2\system32\DRIVERS\swenum.sys
20:31:04.0218 2428 swenum - ok
20:31:04.0562 2428 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOW2\system32\drivers\swmidi.sys
20:31:04.0796 2428 swmidi - ok
20:31:05.0140 2428 symc810 - ok
20:31:05.0421 2428 symc8xx - ok
20:31:05.0718 2428 sym_hi - ok
20:31:06.0000 2428 sym_u3 - ok
20:31:06.0343 2428 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOW2\system32\drivers\sysaudio.sys
20:31:06.0578 2428 sysaudio - ok
20:31:07.0078 2428 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOW2\system32\DRIVERS\tcpip.sys
20:31:07.0453 2428 Tcpip - ok
20:31:07.0796 2428 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOW2\system32\drivers\TDPIPE.sys
20:31:08.0031 2428 TDPIPE - ok
20:31:08.0375 2428 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOW2\system32\drivers\TDTCP.sys
20:31:08.0609 2428 TDTCP - ok
20:31:08.0968 2428 TermDD (88155247177638048422893737429d9e) C:\WINDOW2\system32\DRIVERS\termdd.sys
20:31:09.0156 2428 TermDD - ok
20:31:09.0468 2428 TosIde - ok
20:31:09.0875 2428 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\window2\system32\drivers\TrueSight.sys
20:31:09.0984 2428 TrueSight ( UnsignedFile.Multi.Generic ) - warning
20:31:09.0984 2428 TrueSight - detected UnsignedFile.Multi.Generic (1)
20:31:10.0343 2428 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOW2\system32\drivers\Udfs.sys
20:31:10.0625 2428 Udfs - ok
20:31:10.0984 2428 uji3otqy (ff1774e78b914e36e603f790ca72d8a7) C:\WINDOW2\system32\Drivers\uji3otqy.sys
20:31:11.0031 2428 uji3otqy ( UnsignedFile.Multi.Generic ) - warning
20:31:11.0031 2428 uji3otqy - detected UnsignedFile.Multi.Generic (1)
20:31:11.0406 2428 ultra - ok
20:31:11.0875 2428 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOW2\system32\DRIVERS\update.sys
20:31:12.0296 2428 Update - ok
20:31:12.0656 2428 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOW2\system32\DRIVERS\usbehci.sys
20:31:12.0859 2428 usbehci - ok
20:31:13.0203 2428 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOW2\system32\DRIVERS\usbhub.sys
20:31:13.0406 2428 usbhub - ok
20:31:13.0781 2428 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOW2\system32\DRIVERS\usbprint.sys
20:31:13.0968 2428 usbprint - ok
20:31:14.0296 2428 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOW2\system32\DRIVERS\usbscan.sys
20:31:14.0562 2428 usbscan - ok
20:31:14.0937 2428 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOW2\system32\DRIVERS\USBSTOR.SYS
20:31:15.0140 2428 USBSTOR - ok
20:31:15.0468 2428 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOW2\system32\DRIVERS\usbuhci.sys
20:31:15.0656 2428 usbuhci - ok
20:31:15.0968 2428 uti3otqy (524d8d450622db4a7875b111c299a76b) C:\WINDOW2\system32\Drivers\uti3otqy.sys
20:31:16.0015 2428 uti3otqy ( UnsignedFile.Multi.Generic ) - warning
20:31:16.0015 2428 uti3otqy - detected UnsignedFile.Multi.Generic (1)
20:31:16.0359 2428 uzi3otqy (d565ad44c6c4d934afad3ca4196b09aa) C:\WINDOW2\system32\Drivers\uzi3otqy.sys
20:31:16.0359 2428 uzi3otqy ( UnsignedFile.Multi.Generic ) - warning
20:31:16.0359 2428 uzi3otqy - detected UnsignedFile.Multi.Generic (1)
20:31:16.0703 2428 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOW2\System32\drivers\vga.sys
20:31:16.0875 2428 VgaSave - ok
20:31:17.0171 2428 ViaIde - ok
20:31:17.0500 2428 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOW2\system32\drivers\VolSnap.sys
20:31:17.0703 2428 VolSnap - ok
20:31:18.0093 2428 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOW2\system32\DRIVERS\wanarp.sys
20:31:18.0281 2428 Wanarp - ok
20:31:18.0640 2428 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOW2\system32\DRIVERS\wdcsam.sys
20:31:18.0718 2428 WDC_SAM - ok
20:31:19.0046 2428 WDICA - ok
20:31:19.0406 2428 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOW2\system32\drivers\wdmaud.sys
20:31:19.0640 2428 wdmaud - ok
20:31:20.0093 2428 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOW2\System32\drivers\ws2ifsl.sys
20:31:20.0328 2428 WS2IFSL - ok
20:31:20.0718 2428 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOW2\system32\DRIVERS\WudfPf.sys
20:31:20.0843 2428 WudfPf - ok
20:31:20.0890 2428 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:31:21.0281 2428 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:31:21.0281 2428 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:31:21.0296 2428 Boot (0x1200) (fc650981a1f3f179c87399ce78457b07) \Device\Harddisk0\DR0\Partition0
20:31:21.0296 2428 \Device\Harddisk0\DR0\Partition0 - ok
20:31:21.0296 2428 ============================================================
20:31:21.0296 2428 Scan finished
20:31:21.0296 2428 ============================================================
20:31:21.0437 0896 Detected object count: 6
20:31:21.0437 0896 Actual detected object count: 6
20:31:51.0078 0896 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:51.0078 0896 d8a4fef9-85c1-448f-a6f9-2570fb195020 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:51.0078 0896 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:51.0078 0896 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:51.0078 0896 uji3otqy ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:51.0078 0896 uji3otqy ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:51.0078 0896 uti3otqy ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:51.0078 0896 uti3otqy ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:51.0093 0896 uzi3otqy ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:51.0093 0896 uzi3otqy ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:51.0093 0896 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:31:51.0093 0896 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip




-------------------------------------



OTL logfile created on: 10/26/2011 8:39:04 PM - Run 12
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 47.36% Memory free
2.10 Gb Paging File | 1.33 Gb Available in Paging File | 63.41% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 15.82 Gb Free Space | 21.23% Space Free | Partition Type: NTFS

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/26 20:36:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Desktop\OTL.exe
PRC - [2011/10/26 20:28:17 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Desktop\tdsskiller.exe
PRC - [2011/10/05 10:24:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/05 10:24:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/05 10:24:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/05 10:24:15 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/10/05 10:24:14 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/05 10:24:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/03 23:11:28 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/10/02 18:35:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\PANDA\Panda USB Vaccine\USBVaccine.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOW2\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/02/28 08:00:00 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOW2\system32\sol.exe
PRC - [2002/10/15 14:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOW2\mixer.exe
PRC - [2002/04/11 14:55:46 | 000,204,288 | ---- | M] (Wanari Ltd.) -- C:\Program Files\Gyula's Windows Navigator\WinNav.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/05 10:24:28 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/03 23:11:40 | 001,833,112 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2011/10/03 23:11:38 | 000,161,944 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2011/10/03 23:11:38 | 000,021,656 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2011/10/02 18:35:30 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/28 10:40:36 | 006,277,280 | ---- | M] () -- C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/02 02:42:23 | 000,998,400 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
MOD - [2011/07/02 02:33:33 | 017,403,904 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll
MOD - [2011/07/02 02:00:06 | 000,141,312 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll
MOD - [2011/07/02 02:00:04 | 000,212,992 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2011/07/02 01:57:03 | 000,771,584 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
MOD - [2011/07/02 01:56:50 | 000,627,712 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll
MOD - [2011/07/02 01:56:39 | 000,627,200 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
MOD - [2011/07/02 01:56:26 | 006,616,576 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
MOD - [2011/07/02 01:51:26 | 000,015,872 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
MOD - [2011/07/02 01:49:56 | 005,450,752 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
MOD - [2011/07/02 01:49:45 | 000,971,264 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
MOD - [2011/07/02 01:49:36 | 007,950,848 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011/07/02 01:49:17 | 011,490,816 | ---- | M] () -- C:\WINDOW2\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/07/02 01:46:46 | 002,933,248 | ---- | M] () -- C:\WINDOW2\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/07/02 01:46:24 | 000,261,632 | ---- | M] () -- C:\WINDOW2\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010/11/08 14:16:50 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2009/04/23 22:55:14 | 000,176,235 | ---- | M] () -- C:\WINDOW2\system32\Primomonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/05 10:24:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/05 10:24:17 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/05 10:24:15 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/10/05 10:24:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 12:43:16 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 12:40:14 | 000,237,568 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2008/01/29 19:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/10/25 21:26:10 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\uji3otqy.sys -- (uji3otqy)
DRV - [2011/10/25 21:26:09 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\uti3otqy.sys -- (uti3otqy)
DRV - [2011/10/25 21:25:57 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\uzi3otqy.sys -- (uzi3otqy)
DRV - [2011/10/23 09:43:16 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOW2\system32\DRIVERS\90032672.sys -- (90032672)
DRV - [2011/10/20 16:46:46 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOW2\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOW2\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/13 23:57:18 | 000,003,584 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\WINDOW2\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys -- (d8a4fef9-85c1-448f-a6f9-2570fb195020)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOW2\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/11/18 11:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOW2\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW2\system32\blank.htm
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D3 0F B1 07 4F 69 43 4B 86 6D 7F EF 0E 39 65 25 [binary data]
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\S-1-5-21-299502267-115176313-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOW2\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOW2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Baba\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 18:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 23:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 23:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Baba\Application Data\Move Networks [2009/12/02 02:06:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Components: C:\Netscape 6\Components
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2.3\Extensions\\Plugins: C:\Netscape 6\Plugins

[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions
[2010/09/03 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/07 23:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions
[2010/06/25 22:04:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/28 23:57:29 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Mozilla\Firefox\Profiles\g7tscgnb.default\searchplugins\imdb.xml
[2011/03/23 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 12:47:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/24 12:46:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/02 18:35:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 19:36:22 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/06/24 12:46:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/05/28 07:15:00 | 000,110,592 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/09/05 09:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/20 19:28:09 | 000,000,027 | ---- | M]) - C:\WINDOW2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOW2\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOW2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOW2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOW2\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ US DOT VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Baba\Start Menu\Programs\Startup\PandaUSBVaccine.lnk = C:\PANDA\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O4 - Startup: C:\Documents and Settings\Baba\Start Menu\Programs\Startup\_uninst_90032672.lnk = C:\Documents and Settings\Baba\Local Settings\temp\_uninst_90032672.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKU\S-1-5-21-299502267-115176313-839522115-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sra.dot.gov/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17B7A976-DB18-48C7-AD20-F583F7824731}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOW2\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOW2\system32\userinit.exe) -C:\WINDOW2\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOW2\dors2.bmp
O24 - Desktop BackupWallPaper: C:\WINDOW2\dors2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 17:16:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/02 07:48:02 | 000,001,688 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-115176313-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-299502267-115176313-839522115-1004\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/25 21:26:10 | 000,010,240 | ---- | C] (Zaitsev Oleg, 2006) -- C:\WINDOW2\System32\drivers\uji3otqy.sys
[2011/10/25 00:47:37 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOW2\System32\drivers\90032672.sys
[2011/10/23 01:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\Revo Uninstaller
[2011/10/23 01:38:00 | 000,000,000 | ---D | C] -- C:\UNINSTALLER-Revo
[2011/10/22 00:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/22 00:25:05 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOW2\System32\drivers\mbam.sys
[2011/10/20 01:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Application Data\Panda Security
[2011/10/20 01:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Panda Security
[2011/10/20 01:47:56 | 000,000,000 | ---D | C] -- C:\PANDA
[2011/10/18 19:55:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Baba\Recent
[2011/10/18 17:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\System Restore
[2011/10/17 15:40:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/17 15:33:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWREG.exe
[2011/10/17 15:33:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWSC.exe
[2011/10/17 15:33:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOW2\SWXCACLS.exe
[2011/10/17 15:33:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOW2\NIRCMD.exe
[2011/10/17 15:32:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/17 15:32:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Baba\Start Menu\Programs\Administrative Tools
[2011/10/16 09:54:23 | 000,000,000 | ---D | C] -- C:\Danae Saklas
[2011/10/16 09:54:06 | 000,000,000 | ---D | C] -- C:\Danae
[2011/10/13 18:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Puran Defrag
[2011/10/13 18:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/10/12 23:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baba\Application Data\Avira
[2011/10/12 23:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Avira
[2011/10/12 23:01:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\ssmdrv.sys
[2011/10/12 23:01:08 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avipbb.sys
[2011/10/12 23:01:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avkmgr.sys
[2011/10/12 23:01:07 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOW2\System32\drivers\avgntflt.sys
[2011/10/12 22:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/12 01:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/07 23:30:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/06 09:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW2\Local Settings
[2011/10/01 12:23:41 | 000,000,000 | ---D | C] -- C:\Computer

========== Files - Modified Within 30 Days ==========

[2011/10/26 18:39:22 | 000,186,097 | ---- | M] () -- C:\WINDOW2\System32\nvapps.xml
[2011/10/26 18:39:10 | 000,013,646 | ---- | M] () -- C:\WINDOW2\System32\wpa.dbl
[2011/10/26 17:14:18 | 000,002,048 | --S- | M] () -- C:\WINDOW2\bootstat.dat
[2011/10/26 17:14:15 | 1610,145,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/25 21:26:10 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) -- C:\WINDOW2\System32\drivers\uji3otqy.sys
[2011/10/25 21:26:09 | 000,007,168 | ---- | M] () -- C:\WINDOW2\System32\drivers\uti3otqy.sys
[2011/10/25 21:25:57 | 000,011,264 | ---- | M] () -- C:\WINDOW2\System32\drivers\uzi3otqy.sys
[2011/10/25 00:49:32 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\Baba\Start Menu\Programs\Startup\_uninst_90032672.lnk
[2011/10/23 09:43:16 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOW2\System32\drivers\90032672.sys
[2011/10/23 01:58:20 | 000,000,376 | ---- | M] () -- C:\WINDOW2\ODBC.INI
[2011/10/23 01:38:20 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Baba\Desktop\Revo Uninstaller.lnk
[2011/10/22 12:02:51 | 000,000,223 | ---- | M] () -- C:\WINDOW2\Prestopm.INI
[2011/10/22 12:00:44 | 000,000,051 | ---- | M] () -- C:\NsScanforTest.ini
[2011/10/22 11:13:42 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dors2.bmp
[2011/10/22 11:10:38 | 001,045,394 | ---- | M] () -- C:\WINDOW2\dors1.bmp
[2011/10/22 11:03:41 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dunne2.bmp
[2011/10/22 10:55:52 | 001,045,230 | ---- | M] () -- C:\WINDOW2\dunne1.bmp
[2011/10/22 10:51:50 | 001,045,550 | ---- | M] () -- C:\WINDOW2\drescher2.bmp
[2011/10/22 10:49:54 | 001,045,514 | ---- | M] () -- C:\WINDOW2\drescher1.bmp
[2011/10/21 19:08:07 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2011/10/20 19:28:09 | 000,000,027 | ---- | M] () -- C:\WINDOW2\System32\drivers\etc\hosts
[2011/10/20 16:46:46 | 000,111,872 | ---- | M] () -- C:\WINDOW2\System32\drivers\TrueSight.sys
[2011/10/20 01:48:54 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Baba\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2011/10/17 15:41:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/15 12:32:20 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/12 23:02:29 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/07 22:45:59 | 001,045,466 | ---- | M] () -- C:\WINDOW2\dietrich2.bmp
[2011/10/07 22:42:35 | 001,045,558 | ---- | M] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:13 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:53 | 001,045,558 | ---- | M] () -- C:\WINDOW2\doody1.bmp
[2011/09/28 11:30:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOW2\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/10/25 21:26:03 | 000,007,168 | ---- | C] () -- C:\WINDOW2\System32\drivers\uti3otqy.sys
[2011/10/25 21:25:57 | 000,011,264 | ---- | C] () -- C:\WINDOW2\System32\drivers\uzi3otqy.sys
[2011/10/25 00:49:32 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\Baba\Start Menu\Programs\Startup\_uninst_90032672.lnk
[2011/10/23 01:38:20 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Baba\Desktop\Revo Uninstaller.lnk
[2011/10/22 11:13:40 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dors2.bmp
[2011/10/22 11:03:39 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dunne2.bmp
[2011/10/22 10:55:50 | 001,045,230 | ---- | C] () -- C:\WINDOW2\dunne1.bmp
[2011/10/22 10:51:43 | 001,045,550 | ---- | C] () -- C:\WINDOW2\drescher2.bmp
[2011/10/22 10:49:51 | 001,045,514 | ---- | C] () -- C:\WINDOW2\drescher1.bmp
[2011/10/21 19:08:07 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2011/10/20 01:48:54 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Baba\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2011/10/19 23:48:07 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Desktop\Avira Control Center.lnk
[2011/10/19 23:48:06 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/19 23:48:06 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyula's Commander.lnk
[2011/10/19 23:48:06 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/19 23:48:06 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Thunderbird.lnk
[2011/10/19 23:48:06 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/10/19 23:48:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/10/19 23:48:04 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/10/19 23:47:57 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/19 23:47:57 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\MSN.lnk
[2011/10/19 23:47:57 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Apple Software Update.lnk
[2011/10/19 23:47:57 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Adobe Photoshop Elements 2.0.lnk
[2011/10/19 23:47:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/19 23:47:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Windows Movie Maker.lnk
[2011/10/19 23:47:57 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW2\Start Menu\Programs\Windows Messenger.lnk
[2011/10/18 21:57:08 | 000,111,872 | ---- | C] () -- C:\WINDOW2\System32\drivers\TrueSight.sys
[2011/10/17 15:41:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/17 15:40:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/17 15:33:15 | 000,256,000 | ---- | C] () -- C:\WINDOW2\PEV.exe
[2011/10/17 15:33:15 | 000,208,896 | ---- | C] () -- C:\WINDOW2\MBR.exe
[2011/10/17 15:33:15 | 000,098,816 | ---- | C] () -- C:\WINDOW2\sed.exe
[2011/10/17 15:33:15 | 000,080,412 | ---- | C] () -- C:\WINDOW2\grep.exe
[2011/10/17 15:33:15 | 000,068,096 | ---- | C] () -- C:\WINDOW2\zip.exe
[2011/10/07 22:48:57 | 001,045,394 | ---- | C] () -- C:\WINDOW2\dors1.bmp
[2011/10/07 22:42:32 | 001,045,558 | ---- | C] () -- C:\WINDOW2\dietrich1.bmp
[2011/10/07 22:12:11 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody2.bmp
[2011/10/07 22:10:50 | 001,045,558 | ---- | C] () -- C:\WINDOW2\doody1.bmp
[2011/10/02 00:06:09 | 000,302,592 | ---- | C] () -- C:\gmer.exe
[2010/10/05 19:15:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/12/13 19:01:29 | 000,000,066 | ---- | C] () -- C:\WINDOW2\GDINST.INI
[2009/10/01 23:33:34 | 000,000,223 | ---- | C] () -- C:\WINDOW2\Prestopm.INI
[2009/10/01 23:32:22 | 000,036,291 | ---- | C] () -- C:\WINDOW2\CSTBox.INI
[2009/08/20 00:28:34 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PrimoPDFSet.xml
[2009/08/19 23:45:06 | 000,176,235 | ---- | C] () -- C:\WINDOW2\System32\Primomonnt.dll
[2009/08/13 18:23:41 | 000,075,776 | ---- | C] () -- C:\WINDOW2\cadkasdeinst01e.exe
[2009/07/14 04:35:33 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 03:17:34 | 000,000,235 | ---- | C] () -- C:\WINDOW2\EXCEL4.INI
[2009/07/11 15:13:24 | 000,022,480 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI16.DLL
[2009/07/11 15:13:24 | 000,020,992 | ---- | C] () -- C:\WINDOW2\System32\PFMAPI32.DLL
[2009/07/10 21:26:01 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JPR.{PB
[2009/07/10 21:26:01 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Baba\Application Data\PFP120JCM.{PB
[2009/07/09 21:54:40 | 000,000,532 | ---- | C] () -- C:\WINDOW2\MAXLINK.INI
[2009/07/09 21:52:13 | 000,000,105 | ---- | C] () -- C:\WINDOW2\UMXADDIN.INI
[2009/07/09 21:52:12 | 000,040,960 | ---- | C] () -- C:\WINDOW2\System32\IPPCPUID.DLL
[2009/07/09 21:51:55 | 000,011,776 | ---- | C] () -- C:\WINDOW2\System32\pmsbfn32.dll
[2009/07/09 21:50:49 | 000,000,074 | ---- | C] () -- C:\WINDOW2\PMINI.ini
[2009/07/08 01:14:23 | 000,024,501 | ---- | C] () -- C:\WINDOW2\mozver.dat
[2009/07/06 21:13:13 | 000,000,376 | ---- | C] () -- C:\WINDOW2\ODBC.INI
[2009/07/06 19:05:29 | 000,000,335 | ---- | C] () -- C:\WINDOW2\nsreg.dat
[2009/07/06 19:03:10 | 000,000,025 | ---- | C] () -- C:\WINDOW2\mixerdef.ini
[2009/07/06 18:56:15 | 000,002,048 | --S- | C] () -- C:\WINDOW2\bootstat.dat
[2009/07/06 18:43:58 | 000,021,640 | ---- | C] () -- C:\WINDOW2\System32\emptyregdb.dat
[2009/07/06 11:30:20 | 000,004,161 | ---- | C] () -- C:\WINDOW2\ODBCINST.INI
[2009/07/06 11:27:26 | 000,929,280 | ---- | C] () -- C:\WINDOW2\System32\FNTCACHE.DAT
[2009/07/06 10:34:13 | 000,039,104 | ---- | C] () -- C:\WINDOW2\cmijack.dat
[2009/07/06 10:34:13 | 000,022,178 | ---- | C] () -- C:\WINDOW2\cmaudio.dat
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOW2\primopdf.ini
[2008/05/16 17:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOW2\System32\nvwdmcpl.dll
[2008/05/16 17:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOW2\System32\nwiz.exe
[2008/05/16 17:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOW2\System32\nview.dll
[2008/05/16 17:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOW2\System32\nvdspsch.exe
[2008/05/16 17:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOW2\System32\nvwimg.dll
[2008/05/16 17:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOW2\System32\nvshell.dll
[2008/05/16 17:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOW2\System32\nvappbar.exe
[2008/05/16 17:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOW2\System32\keystone.exe
[2008/05/16 17:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOW2\System32\nvnt4cpl.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOW2\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOW2\System32\mlang.dat
[2006/02/28 08:00:00 | 000,432,622 | ---- | C] () -- C:\WINDOW2\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOW2\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOW2\System32\dssec.dat
[2006/02/28 08:00:00 | 000,067,578 | ---- | C] () -- C:\WINDOW2\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOW2\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOW2\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOW2\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOW2\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOW2\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOW2\System32\noise.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/09/19 19:07:48 | 000,045,568 | ---- | M] (Atribune.org) -- C:\ATF-Cleaner.exe
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\gmer.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOW2\ServicePackFiles\i386\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOW2\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOW2\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOW2\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOW2\system32\svchost.exe
[2006/02/28 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOW2\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOW2\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOW2\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOW2\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOW2\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >



-----------------------------------



OTL Extras logfile created on: 10/26/2011 8:39:04 PM - Run 12
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 47.36% Memory free
2.10 Gb Paging File | 1.33 Gb Available in Paging File | 63.41% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW2 | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 15.82 Gb Free Space | 21.23% Space Free | Partition Type: NTFS

Computer Name: JAMES-HOME | User Name: Baba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Baba\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\Documents and Settings\Baba\Local Settings\temp\7zSCD.tmp\SymNRT.exe" = C:\Documents and Settings\Baba\Local Settings\temp\7zSCD.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07CEC3B0-83D0-422A-BE6D-63633C5063BB}" = TurboCAD Symbols
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EEF331B-6AC8-471A-84AE-6A9ED940EDC2}" = TurboCAD Deluxe v11.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39468292-5D68-4E93-9E09-5D9D5CA00E7A}" = FileOpen Client Installer
"{444B6A7B-0E26-4416-A43F-D1C9AAE6075D}" = Canon CanoScan Toolbox 4.8
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50CD421F-CAFD-46C4-BEFD-E1C46FE63062}" = Manual CanoScan 8400F
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.11
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C9736CA-121C-427E-A2AC-E2125B0D362D}" = 1st Pricing
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7EFB99A8-465B-4B2F-B97F-F9C687449081}" = WinBASIC 2.0
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{DC5F786F-0733-46AC-8160-972A6906A872}" = WD SmartWare
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FL 2001 Registration" = FL 2001 Registration
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreeZip" = FreeZip
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Java Web Start" = Java Web Start
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PCI Audio Driver" = PCI Audio Driver
"PDF Editor 2" = PDF Editor 2
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PrimoPDF3.1" = PrimoPDF
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Quicken Family Lawyer 2001" = Quicken Family Lawyer 2001
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.93
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"VisualFortran60" = Visual Fortran 6.6.a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-115176313-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2011 8:44:03 PM | Computer Name = JAMES-HOME | Source = ESENT | ID = 490
Description = svchost (940) An attempt to open the file "C:\WINDOW2\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/18/2011 10:25:04 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application OTL(1).exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/18/2011 11:15:18 PM | Computer Name = JAMES-HOME | Source = ESENT | ID = 485
Description = HelpSvc (1296) An attempt to delete the file "C:\WINDOW2\PCHealth\HelpCtr\Config\CheckPoint\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 10/18/2011 11:15:18 PM | Computer Name = JAMES-HOME | Source = ESENT | ID = 485
Description = HelpSvc (3084) An attempt to delete the file "C:\WINDOW2\PCHealth\HelpCtr\Config\CheckPoint\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 10/19/2011 6:26:00 PM | Computer Name = JAMES-HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The process cannot access the file because it is being used by another
process.

Error - 10/20/2011 5:58:38 PM | Computer Name = JAMES-HOME | Source = Application Hang | ID = 1002
Description = Hanging application WinNav.exe, version 1.27.0.208, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2011 6:13:28 PM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application avguard.exe, version 12.1.0.18, faulting module
avbb.dll, version 12.1.0.18, fault address 0x000414c0.

Error - 10/22/2011 1:40:49 AM | Computer Name = JAMES-HOME | Source = Application Error | ID = 1000
Description = Faulting application NPROTECT.EXE, version 19.1.0.9, faulting module
NPROTECT.EXE, version 19.1.0.9, fault address 0x000078c7.

Error - 10/23/2011 2:16:42 AM | Computer Name = JAMES-HOME | Source = ESENT | ID = 490
Description = svchost (976) An attempt to open the file "C:\WINDOW2\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/25/2011 9:18:10 PM | Computer Name = JAMES-HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The process cannot access the file because it is being used by another
process.

[ System Events ]
Error - 10/25/2011 9:39:55 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 10/25/2011 9:39:55 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 10/25/2011 9:39:56 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 10/26/2011 8:31:11 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 10/26/2011 8:32:37 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10/26/2011 8:32:39 AM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 10/26/2011 8:32:42 AM | Computer Name = JAMES-HOME | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 10/26/2011 5:15:09 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 10/26/2011 5:15:51 PM | Computer Name = JAMES-HOME | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 10/26/2011 5:17:37 PM | Computer Name = JAMES-HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.


< End of report >



-------------------------------


C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\allComes.jar-2367d1b3-6da7b282.zip a variant of Java/TrojanDownloader.Agent.NCT trojan
C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\jvmseria.jar-1e32bd68-7edcad93.zip Java/Agent.AV trojan
C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\jvmusafe.jar-6cdbf472-4287a518.zip Java/Agent.AU trojan
  • 0

#73
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1,

Please download the following programs to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn

  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd


Now you have a bootable ISO of Dr. Web Live.


  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.
    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on “Start”.
    Posted Image
  • The program will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist


Step 2.

Fresh OTL Scan

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Documents and Settings\Baba\.jpi_cache\jar\1.0\*.* /s
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open one notepad window. OTL.Txt . It is saved in the same location as OTL.



Step 3.

Please post:

OTL.txt

How is the computer performing now??
  • 0

#74
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
CompCav,

I'm having problems. I downloaded ImageBurn and Dr. Web Live. The former I don't think is problem, however Dr. Web Live is. First, I downloaded it and got a zip file: drweb-livecd-600.iso

What am I supposed to do with this? I clicked on Extract and I get four folders: boot; [Boot]; module and isolinuxl What am I supposed to do with these?

You instruct me to
1. Double click Dr Web - I ask, "Double click on what?"
2. IMGBurn will open - No it didn't
3. Burn the ISO to a cd -- HOW?


js
  • 0

#75
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Install IMGBurn first it is a cd iso burner.

Double click on the drweb-livecd-600.iso file. Then it should open IMGBurn to burn a bootable CD.



If this does not work go here for picture directions!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP