Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"System Security 2012" Holding My Computer For Ransom Please H


  • This topic is locked This topic is locked

#1
Kennman

Kennman

    Member

  • Member
  • PipPip
  • 14 posts
Hi:

"System Security 2012" is holding my computer for ransom.

First showed up on November 6th.

Between all of the pop-ups and screen grey-outs,

I've managed to get Norton 360 installed and updated.

I've run NPE and FixTDSS.

Pop-ups have stopped but Norton is still reporting:

"Threat requiring manual removal detected: System Infected: Tidserv Activity 2."

I tried to post this from the infected computer twice last night but started getting redirects so I am posting from work. Computer is also bogged way down and slow to respond to mouse clicks.

Below is pasted OTL.txt - if you would like the EXTRAS file also, please let me know.

Anything you can do greatly appreciated.

Thanks and regards, Ken


OTL logfile created on: 11/13/2011 1:47:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Master\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.80 Mb Total Physical Memory | 99.43 Mb Available Physical Memory | 19.47% Memory free
1.22 Gb Paging File | 0.51 Gb Available in Paging File | 41.45% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 42.94 Gb Total Space | 27.91 Gb Free Space | 64.99% Space Free | Partition Type: NTFS
Drive D: | 19.86 Gb Total Space | 12.97 Gb Free Space | 65.31% Space Free | Partition Type: NTFS

Computer Name: MOBILEONE | User Name: Master | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/13 13:46:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Master\Desktop\OTLscr.scr
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/10/29 13:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/09/30 14:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/04/13 16:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 14:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 14:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/10/08 14:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/02/23 11:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2004/03/12 16:32:38 | 000,086,098 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
PRC - [2004/02/20 14:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2004/02/19 18:51:36 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\HotKey Utility\HKWnd.exe
PRC - [2004/02/12 23:01:24 | 000,098,304 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\HotKey Utility\HKServ.exe
PRC - [2004/01/17 03:36:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2003/12/11 23:03:06 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2003/12/05 12:32:56 | 000,077,824 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\shwserv.exe
PRC - [2003/12/05 12:32:06 | 000,090,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe
PRC - [2003/11/07 17:21:28 | 000,114,688 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2003/10/06 19:26:10 | 000,229,376 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\usbsircs\USBsircs.exe
PRC - [2003/09/19 17:42:00 | 000,974,848 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2003/09/19 17:42:00 | 000,061,440 | ---- | M] () -- C:\WINDOWS\ATK0100\Hcontrol.exe
PRC - [2003/06/25 10:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe
PRC - [2003/02/26 11:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2002/08/20 10:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
PRC - [2002/03/14 16:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe


========== Modules (No Company Name) ==========

MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/03/24 20:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007/10/08 14:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/05/17 14:42:26 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2004/03/03 12:29:58 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.dll
MOD - [2003/12/05 12:32:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony\Giga Pocket\RM_SVps.dll
MOD - [2003/09/19 17:42:00 | 000,974,848 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
MOD - [2003/09/19 17:42:00 | 000,061,440 | ---- | M] () -- C:\WINDOWS\ATK0100\Hcontrol.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2006/02/23 11:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/23 11:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe -- (SymWSC)
SRV - [2004/03/12 16:33:54 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/03/12 16:32:38 | 000,086,098 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -- (VAIO Entertainment File Import Service)
SRV - [2004/03/12 16:11:34 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/03/12 15:57:42 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -- (VAIO Entertainment UPnP Client Adapter)
SRV - [2004/03/12 11:20:34 | 001,691,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/03/05 12:35:34 | 000,184,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2004/02/25 04:22:06 | 000,737,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/02/25 04:22:06 | 000,737,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/02/25 04:12:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2004/02/25 04:12:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/02/04 13:29:58 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Giga Pocket\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/12/09 05:38:14 | 000,065,625 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR)
SRV - [2003/12/09 05:32:58 | 000,065,622 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)
SRV - [2003/12/05 12:32:56 | 000,077,824 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Giga Pocket\shwserv.exe -- (Giga Pocket Hardware Detector)
SRV - [2003/12/05 12:32:06 | 000,090,112 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe -- (Sony TV Tuner Manager)
SRV - [2003/10/30 11:48:10 | 001,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/08/11 00:07:38 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/11/10 19:55:22 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/10 19:55:21 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 20:25:23 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111112.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/08 20:25:18 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111112.009\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/07 21:05:02 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/11/04 15:36:18 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111111.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/10/27 23:14:16 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111027.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/30 19:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 19:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 16:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 18:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/26 22:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 17:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2009/10/20 10:10:08 | 000,040,552 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/07/25 17:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/07 17:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/03/19 18:10:54 | 000,224,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SONYTVC.sys -- (SONYTVC)
DRV - [2004/03/04 12:51:20 | 000,064,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2004/03/03 12:31:22 | 000,679,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/13 18:40:16 | 000,610,796 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/09 14:58:06 | 000,401,408 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/01/02 02:52:00 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel®
DRV - [2003/10/14 16:08:22 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/10/14 16:05:48 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/10/14 16:04:16 | 001,043,072 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/29 13:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 17:42:00 | 000,005,786 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2003/03/14 10:12:50 | 000,279,680 | ---- | M] (OPEN INTERFACE.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oivmvcom.sys -- (oibtvcom)
DRV - [2003/01/06 17:20:14 | 000,015,616 | ---- | M] (OPEN INTERFACE.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oivmctrl.sys -- (oivmctrl)
DRV - [2002/11/18 17:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/06/28 18:21:40 | 000,017,251 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001/08/17 04:51:22 | 000,037,040 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2001/07/24 10:34:34 | 000,007,520 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELUSBlf.SYS -- (pelusblf)
DRV - [2000/12/05 16:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Master\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Master\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/11/08 17:14:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_3_6 [2011/11/13 07:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2008/12/28 10:35:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/06/29 06:48:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Master\Application Data\Move Networks [2009/11/25 19:05:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2008/12/28 10:35:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/06/29 06:48:11 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/11/09 22:08:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" irprops.cpl,,BluetoothAuthenticationAgent File not found
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe ()
O4 - HKLM..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe (Sony Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [nH0qaTGzF8234A] C:\WINDOWS\system32\WfbIKedU1.exe File not found
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [ISMPack8] "C:\Program Files\ISM2\ISMPack8.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remocon Driver.lnk = C:\Program Files\Sony\usbsircs\USBsircs.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} http://supportsoft.a...ad/tgctlins.cab (Support.com Installer)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr...ads/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati.../00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1193877428180 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238513359353 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} http://ciscdb.sel.so...tect/PCInfo.CAB (PCInfo.CMClass)
O16 - DPF: {C77FB8C0-8B6D-440E-AC26-2BD39E97E8F2} http://speedtest.ade...TESTACTIVEX.CAB (SpdTCtl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ECCEF79-9DEE-4EE4-9179-745645BF2969}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Master\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Master\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/26 18:11:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c6118c00-a26d-11df-9f48-080046da2185}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/13 13:46:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Master\Desktop\OTLscr.scr
[2011/11/13 11:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Start Menu\Programs\HiJackThis
[2011/11/09 20:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\pvUJ1scHq
[2011/11/09 20:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\gQAX5jQXymZtOrI
[2011/11/08 20:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\P2edvJ1sY0aT9R8
[2011/11/08 20:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\NZ4tnL3fI2dUwY
[2011/11/08 20:38:42 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Master\Desktop\FixTDSS.exe
[2011/11/08 20:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\ZB8olFBoEViW
[2011/11/08 20:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\OAX5ymP4nLrb2v1
[2011/11/08 19:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\UTNpR8E7WCuQ5Q5
[2011/11/08 19:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\xL3rfIKevJw
[2011/11/08 17:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\DGN9pRF8lD7kCjX
[2011/11/08 17:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\cgnOLrfI3fI2v1c
[2011/11/08 16:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Local Settings\Application Data\NPE
[2011/11/08 16:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\Tific
[2011/11/08 16:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Local Settings\Application Data\Symantec
[2011/11/08 16:34:49 | 002,562,040 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Master\Desktop\NPE.exe
[2011/11/08 16:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\YyhmP4gO3fI2v
[2011/11/08 16:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\VnOL3Kv1s
[2011/11/07 22:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\r4tgO3rbKevJsHa
[2011/11/07 22:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\ElEFBolD7kS6Q5m
[2011/11/07 21:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\My Documents\Symantec
[2011/11/07 21:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\BV7iS6uQXym4n3b
[2011/11/07 21:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\HOL3rbI2fI2
[2011/11/07 21:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/11/07 21:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/07 21:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/07 21:05:03 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/11/07 21:05:03 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/11/07 21:04:37 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.sys
[2011/11/07 21:04:37 | 000,369,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys
[2011/11/07 21:04:37 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/11/07 21:04:37 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys
[2011/11/07 21:04:36 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/11/07 21:04:36 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.sys
[2011/11/07 21:04:36 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/11/07 21:04:35 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/11/07 21:02:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2011/11/07 21:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/11/07 20:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/11/07 20:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/11/07 20:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2011/11/07 20:57:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/11/07 20:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/11/07 20:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/11/07 20:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\NwscY0qxG9zFoD
[2011/11/07 20:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\fgnOLtgO3fKeU
[2011/11/07 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\BujQA5ymZtnLf
[2011/11/07 18:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\JkWSCikS6jA5m4n
[2011/11/07 16:44:12 | 000,000,000 | ---D | C] -- C:\NBRT
[2011/11/07 16:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\z4tgnL3fI2dUwYq
[2011/11/07 16:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\n8olEViW6jA5m4n
[2011/11/06 17:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\jFB8oED7kS6jXPt
[2011/11/06 17:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\KnOL3fbKrb
[2011/11/06 17:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\hlD7iWS7kSuQ5m4
[2011/11/06 17:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\B8VEk6A5hPOKJcq
[2011/11/06 17:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\jSC6uAXyZg3n3
[2011/11/06 17:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\DXym4gtLf2JsaGz
[2011/11/06 17:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\r7ikWC6jA5hPtOr
[2011/11/06 17:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\CxTGNpzF8lD
[2011/11/06 17:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\u4tnfedUwcHqT9R
[2011/11/06 17:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\UikWS6uQXymZgL
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/13 14:12:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/11/13 14:04:33 | 000,006,192 | ---- | M] () -- C:\{EF20FA85-E5E2-4BB0-94F0-75E394882A2A}
[2011/11/13 13:46:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Master\Desktop\OTLscr.scr
[2011/11/13 13:42:34 | 000,148,483 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\OTL.exe
[2011/11/13 13:41:34 | 000,031,016 | ---- | M] () -- C:\{D13AD4D8-E9F6-4C42-BDD6-CD9DCC7B0B5D}
[2011/11/13 13:25:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/13 12:56:43 | 000,031,128 | ---- | M] () -- C:\{11F85857-A17D-40BD-8405-1DE1D15CED7A}
[2011/11/13 12:49:10 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Lori email.lnk
[2011/11/13 11:57:20 | 000,006,192 | ---- | M] () -- C:\{925ADB1A-73F8-47D2-89C0-E3425BA2B0EC}
[2011/11/13 11:37:51 | 000,006,192 | ---- | M] () -- C:\{047A39B3-68A9-408E-AC83-F613C74A846F}
[2011/11/13 11:26:29 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\HiJackThis.lnk
[2011/11/13 09:51:33 | 000,006,192 | ---- | M] () -- C:\{6169566C-31EB-41A7-99B5-BDDE2BE3DCF6}
[2011/11/13 09:09:03 | 000,006,192 | ---- | M] () -- C:\{2A0DD5A0-5A3C-4745-8E31-1935DC3B937F}
[2011/11/13 07:08:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/13 07:08:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/13 07:08:29 | 535,678,976 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/12 21:41:14 | 000,006,192 | ---- | M] () -- C:\{E601309A-60D9-4CE0-A38F-506D400DD2C6}
[2011/11/12 21:26:31 | 000,031,744 | ---- | M] () -- C:\{132E73FA-5EE4-4E30-BE99-853A87AFDC14}
[2011/11/12 20:28:37 | 000,006,192 | ---- | M] () -- C:\{B88FDC18-95E4-4587-98F3-342200DA2942}
[2011/11/12 19:57:29 | 000,006,192 | ---- | M] () -- C:\{CF8F422B-442F-45FF-8330-AC0A1F87D283}
[2011/11/12 19:35:43 | 000,006,192 | ---- | M] () -- C:\{0D8712D4-B08C-4724-A3F3-4AF590282D6F}
[2011/11/12 19:25:40 | 000,006,192 | ---- | M] () -- C:\{A117FCBD-D698-4689-BBC9-D5F331B1CE2F}
[2011/11/12 19:15:28 | 000,006,192 | ---- | M] () -- C:\{A987ED71-8836-4D1D-9811-BFC50DA0F955}
[2011/11/12 18:32:09 | 000,006,192 | ---- | M] () -- C:\{55459539-6714-44B3-878B-8C487A3CC485}
[2011/11/12 18:11:00 | 000,006,192 | ---- | M] () -- C:\{A053E252-95C0-4E12-9EDA-ED3D46F93715}
[2011/11/12 17:49:58 | 000,006,192 | ---- | M] () -- C:\{2897AA25-8201-4BD3-9425-2A7D29BF29F2}
[2011/11/12 17:20:12 | 000,006,192 | ---- | M] () -- C:\{4F35E1EC-59E2-4A3B-AE7C-CF604C2CD533}
[2011/11/12 16:27:51 | 000,006,192 | ---- | M] () -- C:\{DA62E0B4-B167-45C4-801A-AA40823616F4}
[2011/11/12 16:16:55 | 000,006,192 | ---- | M] () -- C:\{36B769E7-162D-4099-A97D-02E8D7AF765F}
[2011/11/12 13:19:30 | 000,006,192 | ---- | M] () -- C:\{984B3819-E2C0-42EE-A63D-5A950CDC5374}
[2011/11/12 13:07:37 | 000,006,192 | ---- | M] () -- C:\{CC6DD585-3CEC-4B57-8E97-17016186DAB7}
[2011/11/12 12:57:54 | 000,006,192 | ---- | M] () -- C:\{4EA88700-BC29-4D9E-B7B9-A40BF2515B43}
[2011/11/11 16:51:37 | 000,006,192 | ---- | M] () -- C:\{D888FE9F-EF68-463C-A530-642FD4DAD660}
[2011/11/11 14:48:16 | 000,006,192 | ---- | M] () -- C:\{84DD3F56-806A-4469-A802-5BF17CADBC1E}
[2011/11/11 13:25:37 | 000,008,976 | ---- | M] () -- C:\{187640F1-E4B3-449C-8078-F78CC170F32F}
[2011/11/11 08:49:46 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/11/10 23:14:28 | 000,676,694 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/10 22:41:46 | 000,006,192 | ---- | M] () -- C:\{F4B0E654-1E47-4C65-8BCB-950CA5D8D1A0}
[2011/11/10 21:04:17 | 000,006,192 | ---- | M] () -- C:\{1C24970D-9E9B-44E5-A518-060201AA04B7}
[2011/11/09 22:26:48 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\SMRResults210.dat
[2011/11/09 22:09:36 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2011/11/09 22:08:24 | 000,001,260 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/11/09 22:08:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/08 20:38:50 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Master\Desktop\FixTDSS.exe
[2011/11/08 16:42:01 | 002,562,040 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Master\Desktop\NPE.exe
[2011/11/07 21:05:02 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/11/07 21:05:02 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/11/07 21:05:02 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/11/07 21:05:02 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/11/07 21:04:49 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/11/07 21:02:52 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\ldr.ini
[2011/11/07 18:42:36 | 606,076,928 | -HS- | M] () -- C:\NBRTPage.sys
[2011/11/06 17:14:40 | 000,445,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 17:14:40 | 000,072,792 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/27 20:44:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Master at 8 44 PM.job
[2011/10/22 15:56:39 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/22 15:56:39 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\Windows Media Player.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/13 13:42:16 | 000,148,483 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\OTL.exe
[2011/11/13 13:41:34 | 000,031,016 | ---- | C] () -- C:\{D13AD4D8-E9F6-4C42-BDD6-CD9DCC7B0B5D}
[2011/11/13 12:56:43 | 000,031,128 | ---- | C] () -- C:\{11F85857-A17D-40BD-8405-1DE1D15CED7A}
[2011/11/13 11:57:20 | 000,006,192 | ---- | C] () -- C:\{925ADB1A-73F8-47D2-89C0-E3425BA2B0EC}
[2011/11/13 11:37:51 | 000,006,192 | ---- | C] () -- C:\{047A39B3-68A9-408E-AC83-F613C74A846F}
[2011/11/13 09:51:33 | 000,006,192 | ---- | C] () -- C:\{6169566C-31EB-41A7-99B5-BDDE2BE3DCF6}
[2011/11/13 09:09:03 | 000,006,192 | ---- | C] () -- C:\{2A0DD5A0-5A3C-4745-8E31-1935DC3B937F}
[2011/11/12 21:41:14 | 000,006,192 | ---- | C] () -- C:\{E601309A-60D9-4CE0-A38F-506D400DD2C6}
[2011/11/12 21:26:31 | 000,031,744 | ---- | C] () -- C:\{132E73FA-5EE4-4E30-BE99-853A87AFDC14}
[2011/11/12 20:28:37 | 000,006,192 | ---- | C] () -- C:\{B88FDC18-95E4-4587-98F3-342200DA2942}
[2011/11/12 19:57:29 | 000,006,192 | ---- | C] () -- C:\{CF8F422B-442F-45FF-8330-AC0A1F87D283}
[2011/11/12 19:35:43 | 000,006,192 | ---- | C] () -- C:\{0D8712D4-B08C-4724-A3F3-4AF590282D6F}
[2011/11/12 19:25:40 | 000,006,192 | ---- | C] () -- C:\{A117FCBD-D698-4689-BBC9-D5F331B1CE2F}
[2011/11/12 19:15:28 | 000,006,192 | ---- | C] () -- C:\{A987ED71-8836-4D1D-9811-BFC50DA0F955}
[2011/11/12 18:32:09 | 000,006,192 | ---- | C] () -- C:\{55459539-6714-44B3-878B-8C487A3CC485}
[2011/11/12 18:11:00 | 000,006,192 | ---- | C] () -- C:\{A053E252-95C0-4E12-9EDA-ED3D46F93715}
[2011/11/12 17:49:58 | 000,006,192 | ---- | C] () -- C:\{2897AA25-8201-4BD3-9425-2A7D29BF29F2}
[2011/11/12 17:20:12 | 000,006,192 | ---- | C] () -- C:\{4F35E1EC-59E2-4A3B-AE7C-CF604C2CD533}
[2011/11/12 16:27:51 | 000,006,192 | ---- | C] () -- C:\{DA62E0B4-B167-45C4-801A-AA40823616F4}
[2011/11/12 16:16:55 | 000,006,192 | ---- | C] () -- C:\{36B769E7-162D-4099-A97D-02E8D7AF765F}
[2011/11/12 13:19:30 | 000,006,192 | ---- | C] () -- C:\{984B3819-E2C0-42EE-A63D-5A950CDC5374}
[2011/11/12 13:07:37 | 000,006,192 | ---- | C] () -- C:\{CC6DD585-3CEC-4B57-8E97-17016186DAB7}
[2011/11/12 12:57:49 | 000,006,192 | ---- | C] () -- C:\{4EA88700-BC29-4D9E-B7B9-A40BF2515B43}
[2011/11/11 16:51:37 | 000,006,192 | ---- | C] () -- C:\{D888FE9F-EF68-463C-A530-642FD4DAD660}
[2011/11/11 14:48:16 | 000,006,192 | ---- | C] () -- C:\{84DD3F56-806A-4469-A802-5BF17CADBC1E}
[2011/11/11 13:25:37 | 000,008,976 | ---- | C] () -- C:\{187640F1-E4B3-449C-8078-F78CC170F32F}
[2011/11/10 22:41:46 | 000,006,192 | ---- | C] () -- C:\{F4B0E654-1E47-4C65-8BCB-950CA5D8D1A0}
[2011/11/10 21:04:17 | 000,006,192 | ---- | C] () -- C:\{1C24970D-9E9B-44E5-A518-060201AA04B7}
[2011/11/09 22:26:47 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\Master\Application Data\SMRResults210.dat
[2011/11/08 16:09:48 | 535,678,976 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/07 21:15:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/07 21:05:32 | 000,676,694 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/11/07 21:05:03 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/11/07 21:05:03 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/11/07 21:04:49 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/11/07 21:04:37 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/11/07 21:04:37 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.cat
[2011/11/07 21:04:37 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.inf
[2011/11/07 21:04:37 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/11/07 21:04:37 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.inf
[2011/11/07 21:04:36 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.cat
[2011/11/07 21:04:36 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/11/07 21:04:36 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/11/07 21:04:36 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.inf
[2011/11/07 21:04:36 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/11/07 21:04:36 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/11/07 21:04:36 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini
[2011/11/07 21:04:35 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat
[2011/11/07 21:04:35 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.inf
[2011/11/07 21:03:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.cat
[2011/11/07 16:44:11 | 606,076,928 | -HS- | C] () -- C:\NBRTPage.sys
[2011/11/06 17:10:25 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\Master\Application Data\ldr.ini
[2011/09/05 09:39:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2011/08/21 14:23:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/06/01 21:10:22 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2010/04/25 13:03:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/02/21 09:19:57 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Multipressor
[2010/02/21 09:19:57 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Master\Application Data\Mallets
[2010/02/21 08:08:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\MediaFolder
[2010/02/21 08:08:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Master\Application Data\Machines
[2008/06/21 15:47:07 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2008/06/21 15:47:07 | 000,028,922 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2007/11/04 08:07:46 | 000,616,379 | -HS- | C] () -- C:\WINDOWS\System32\jfkolrqq.ini
[2007/11/02 14:46:19 | 000,578,905 | -HS- | C] () -- C:\WINDOWS\System32\inujqinv.ini
[2007/10/30 09:02:14 | 000,577,927 | -HS- | C] () -- C:\WINDOWS\System32\etsbpddq.ini
[2007/05/28 11:04:12 | 000,000,188 | ---- | C] () -- C:\WINDOWS\guitar.ini
[2007/03/22 18:11:06 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/03/07 22:08:13 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/05/22 15:09:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/04/07 16:15:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pnpchk.exe
[2006/04/07 16:10:11 | 000,000,008 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2005/10/29 12:51:08 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/10/29 12:51:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2004/10/02 13:10:10 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/02 12:36:11 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/09/18 19:51:20 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Master\Local Settings\Application Data\fusioncache.dat
[2004/09/11 11:18:08 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Master\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/12 21:02:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\System32\Sony XBRITE.ini
[2004/04/12 21:02:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/12 20:55:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2004/04/12 20:49:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/04/12 20:49:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/04/12 20:49:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/04/12 20:49:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/04/12 20:49:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/04/12 20:49:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/03/29 13:32:10 | 000,000,921 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/03/29 13:30:11 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/03/29 13:24:04 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2004/03/29 13:23:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/03/29 13:22:38 | 000,090,832 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2004/03/29 13:22:34 | 000,009,192 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/03/29 11:05:09 | 001,137,512 | ---- | C] () -- C:\WINDOWS\q323183_wxp_sp2_x86_enu.exe
[2004/03/29 10:53:40 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
[2004/03/29 10:46:52 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
[2004/03/29 10:44:37 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/29 10:38:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2004/03/26 18:43:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/26 18:23:07 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/03/26 18:18:00 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/26 18:13:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/03/26 18:09:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/03/26 16:59:46 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/03/26 16:59:42 | 000,372,428 | ---- | C] () -- C:\WINDOWS\System32\drivers\SNYTVC6.DAT
[2004/03/26 16:59:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/03/26 16:59:28 | 000,005,786 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2004/03/26 16:59:20 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/03/26 16:59:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/03/26 16:59:02 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/26 16:58:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/03/26 16:58:41 | 000,445,082 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/03/26 16:58:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/03/26 16:58:41 | 000,072,792 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/03/26 16:58:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/03/26 16:58:41 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/03/26 16:58:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/26 16:58:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/03/26 16:58:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/03/26 16:58:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/03/26 16:58:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/26 10:04:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/26 10:03:53 | 000,188,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/11 00:07:40 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/07/23 08:53:30 | 000,373,967 | ---- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/14 12:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 12:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 12:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/11/14 12:58:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/11/14 12:58:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/08/06 11:55:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
[2002/06/12 12:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 17:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/04/02 17:08:32 | 000,036,868 | ---- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe

========== LOP Check ==========

[2010/02/21 08:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Automatic Filter
[2010/02/21 09:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bubble Noise
[2010/08/07 13:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/06/03 12:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/08/07 14:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\copypart
[2010/02/21 09:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/08/07 14:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2010/08/07 14:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2010/02/21 08:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2004/09/18 11:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2010/08/07 14:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\redistpart
[2010/02/21 09:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/03/21 15:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/28 11:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2006/01/29 18:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\.bittorrent
[2011/11/06 17:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\B8VEk6A5hPOKJcq
[2011/11/07 18:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\BujQA5ymZtnLf
[2011/11/07 21:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\BV7iS6uQXym4n3b
[2011/11/08 17:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\cgnOLrfI3fI2v1c
[2005/05/14 11:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Common Files
[2011/11/06 17:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\CxTGNpzF8lD
[2011/11/08 17:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\DGN9pRF8lD7kCjX
[2011/11/06 17:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\DXym4gtLf2JsaGz
[2011/11/07 22:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\ElEFBolD7kS6Q5m
[2011/11/07 20:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\fgnOLtgO3fKeU
[2010/08/07 10:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\GARMIN
[2011/11/09 20:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\gQAX5jQXymZtOrI
[2011/11/06 17:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\hlD7iWS7kSuQ5m4
[2011/11/07 21:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\HOL3rbI2fI2
[2006/06/30 15:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\InterVideo
[2011/11/06 17:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\jFB8oED7kS6jXPt
[2011/11/07 18:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\JkWSCikS6jA5m4n
[2011/11/06 17:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\jSC6uAXyZg3n3
[2011/11/06 17:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\KnOL3fbKrb
[2004/09/11 11:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Leadertech
[2011/11/07 16:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\n8olEViW6jA5m4n
[2010/04/25 12:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Nikon
[2011/11/07 20:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\NwscY0qxG9zFoD
[2011/11/08 20:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\NZ4tnL3fI2dUwY
[2011/11/08 20:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\OAX5ymP4nLrb2v1
[2011/11/08 20:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\P2edvJ1sY0aT9R8
[2011/11/09 20:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\pvUJ1scHq
[2011/11/07 22:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\r4tgO3rbKevJsHa
[2011/11/06 17:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\r7ikWC6jA5hPtOr
[2006/12/31 14:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Roni Music
[2004/09/21 20:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Template
[2011/11/08 16:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Tific
[2011/11/06 17:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\u4tnfedUwcHqT9R
[2011/11/06 17:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\UikWS6uQXymZgL
[2011/11/08 19:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\UTNpR8E7WCuQ5Q5
[2008/03/21 15:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Viewpoint
[2011/11/08 16:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\VnOL3Kv1s
[2011/11/08 19:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\xL3rfIKevJw
[2011/11/08 16:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\YyhmP4gO3fI2v
[2011/11/07 16:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\z4tgnL3fI2dUwYq
[2011/11/08 20:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\ZB8olFBoEViW
[2011/10/27 20:44:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Master at 8 44 PM.job
[2004/10/01 17:50:01 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Step 1

Please uninstall Norton 360.

How to unistall program in Windows XP:

  • Click Start, click Control Panel, and then double-click Add or Remove Programs.
  • In the Currently installed programs box, click the program that you want to remove, and then click Remove.
  • If you are prompted to confirm the removal of the program, click Yes.

Step 2

Posted Image Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  • CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  • If you are using personal certificates I recommend you to export them before running ComboFix and save them to external media.
Please carefully follow all steps below:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes. ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofix. Use copy/paste.

Step 3

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply

When completed the above, please post back the following in the order asked for:
  • Combofix.txt log
  • aswMBR log

  • 0

#3
Kennman

Kennman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks Render:

I've got the recovery disks I made when first bought the computer - don't remember an actual Microsoft disk.

I will grind through the above when I get home tonight.

R,

Ken
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK.
  • 0

#5
Kennman

Kennman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Step 1 Norton 360 uninstalled.

Step 2 ComboFix downloaded.

ComboFix 11-11-14.03 - Master 11/14/2011 19:33:45.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.244 [GMT -8:00]
Running from: c:\documents and settings\Master\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Master\My Documents\DPE.DUS
c:\windows\$NtUninstallKB47931$\1852167518\@
c:\windows\$NtUninstallKB47931$\1852167518\bckfg.tmp
c:\windows\$NtUninstallKB47931$\1852167518\cfg.ini
c:\windows\$NtUninstallKB47931$\1852167518\Desktop.ini
c:\windows\$NtUninstallKB47931$\1852167518\keywords
c:\windows\$NtUninstallKB47931$\1852167518\kwrd.dll
c:\windows\$NtUninstallKB47931$\1852167518\L\apjjiyqi
c:\windows\$NtUninstallKB47931$\1852167518\U\[email protected]
c:\windows\$NtUninstallKB47931$\1852167518\U\[email protected]
c:\windows\$NtUninstallKB47931$\1852167518\U\[email protected]
c:\windows\$NtUninstallKB47931$\1852167518\U\[email protected]
c:\windows\$NtUninstallKB47931$\1852167518\U\[email protected]
c:\windows\$NtUninstallKB47931$\1852167518\U\[email protected]
c:\windows\$NtUninstallKB47931$\4032330123
c:\windows\system32\etsbpddq.ini
c:\windows\system32\inujqinv.ini
c:\windows\system32\jfkolrqq.ini
c:\windows\windowsmedia-kb828026-x86-enu.exe
c:\windows\windowsmedia9-kb819639-x86-enu.exe
c:\windows\windowsxp-kb817611-x86-enu.exe
c:\windows\windowsxp-kb820291-x86-enu.exe
c:\windows\windowsxp-kb822603-x86-enu.exe
c:\windows\windowsxp-kb822827-x86-enu.exe
c:\windows\windowsxp-kb823182-x86-enu.exe
c:\windows\windowsxp-kb824105-x86-enu.exe
c:\windows\windowsxp-kb824141-x86-enu.exe
c:\windows\windowsxp-kb824146-x86-enu.exe
c:\windows\windowsxp-kb825119-x86-enu.exe
c:\windows\windowsxp-kb825121-x86-enu.exe
c:\windows\windowsxp-kb826939-x86-enu.exe
c:\windows\windowsxp-kb826942-x86-enu.exe
c:\windows\windowsxp-kb826984-x86-enu.exe
c:\windows\windowsxp-kb828028-x86-enu.exe
c:\windows\windowsxp-kb828035-x86-enu.exe
c:\windows\$NtUninstallKB47931$ . . . . Failed to delete
.
c:\windows\system32\drivers\netbt.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-13 19:25 . 2011-11-13 19:25 388096 ----a-r- c:\documents and settings\Master\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-10 04:47 . 2011-11-10 04:52 -------- d-----w- c:\documents and settings\Master\Application Data\pvUJ1scHq
2011-11-10 04:47 . 2011-11-10 04:47 -------- d-----w- c:\documents and settings\Master\Application Data\gQAX5jQXymZtOrI
2011-11-09 04:59 . 2011-11-09 04:59 -------- d-----w- c:\documents and settings\Master\Application Data\P2edvJ1sY0aT9R8
2011-11-09 04:59 . 2011-11-09 04:59 -------- d-----w- c:\documents and settings\Master\Application Data\NZ4tnL3fI2dUwY
2011-11-09 04:13 . 2011-11-09 04:13 -------- d-----w- c:\documents and settings\Master\Application Data\ZB8olFBoEViW
2011-11-09 04:13 . 2011-11-09 04:13 -------- d-----w- c:\documents and settings\Master\Application Data\OAX5ymP4nLrb2v1
2011-11-09 03:59 . 2011-11-09 03:59 -------- d-----w- c:\documents and settings\Master\Application Data\UTNpR8E7WCuQ5Q5
2011-11-09 03:59 . 2011-11-09 03:59 -------- d-----w- c:\documents and settings\Master\Application Data\xL3rfIKevJw
2011-11-09 01:14 . 2011-11-09 01:14 -------- d-----w- c:\documents and settings\Master\Application Data\cgnOLrfI3fI2v1c
2011-11-09 01:14 . 2011-11-09 01:14 -------- d-----w- c:\documents and settings\Master\Application Data\DGN9pRF8lD7kCjX
2011-11-09 00:42 . 2011-11-10 06:07 -------- d-----w- c:\documents and settings\Master\Local Settings\Application Data\NPE
2011-11-09 00:39 . 2011-11-09 00:39 -------- d-----w- c:\documents and settings\Master\Application Data\Tific
2011-11-09 00:38 . 2011-11-09 00:38 -------- d-----w- c:\documents and settings\Master\Local Settings\Application Data\Symantec
2011-11-09 00:12 . 2011-11-09 00:12 -------- d-----w- c:\documents and settings\Master\Application Data\VnOL3Kv1s
2011-11-09 00:12 . 2011-11-09 00:12 -------- d-----w- c:\documents and settings\Master\Application Data\YyhmP4gO3fI2v
2011-11-08 06:05 . 2011-11-08 06:05 -------- d-----w- c:\documents and settings\Master\Application Data\r4tgO3rbKevJsHa
2011-11-08 06:05 . 2011-11-08 06:05 -------- d-----w- c:\documents and settings\Master\Application Data\ElEFBolD7kS6Q5m
2011-11-08 05:30 . 2011-11-08 05:30 -------- d-----w- c:\documents and settings\Master\Application Data\BV7iS6uQXym4n3b
2011-11-08 05:30 . 2011-11-08 05:30 -------- d-----w- c:\documents and settings\Master\Application Data\HOL3rbI2fI2
2011-11-08 05:13 . 2011-11-08 05:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-08 05:13 . 2011-11-08 05:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-11-08 04:59 . 2011-11-08 04:59 -------- d-----w- c:\program files\Windows Sidebar
2011-11-08 04:57 . 2011-11-15 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-11-08 04:45 . 2011-11-08 04:45 -------- d-----w- c:\documents and settings\Master\Application Data\NwscY0qxG9zFoD
2011-11-08 04:45 . 2011-11-08 04:45 -------- d-----w- c:\documents and settings\Master\Application Data\fgnOLtgO3fKeU
2011-11-08 02:30 . 2011-11-08 02:30 -------- d-----w- c:\documents and settings\Master\Application Data\BujQA5ymZtnLf
2011-11-08 02:30 . 2011-11-08 02:30 -------- d-----w- c:\documents and settings\Master\Application Data\JkWSCikS6jA5m4n
2011-11-08 00:44 . 2011-11-08 00:44 -------- d-----w- C:\NBRT
2011-11-08 00:39 . 2011-11-08 00:39 -------- d-----w- c:\documents and settings\Master\Application Data\z4tgnL3fI2dUwYq
2011-11-08 00:39 . 2011-11-08 00:39 -------- d-----w- c:\documents and settings\Master\Application Data\n8olEViW6jA5m4n
2011-11-07 01:32 . 2011-11-07 01:32 -------- d-----w- c:\documents and settings\Master\Application Data\jFB8oED7kS6jXPt
2011-11-07 01:32 . 2011-11-07 01:32 -------- d-----w- c:\documents and settings\Master\Application Data\KnOL3fbKrb
2011-11-07 01:18 . 2011-11-07 01:18 -------- d-----w- c:\documents and settings\Master\Application Data\hlD7iWS7kSuQ5m4
2011-11-07 01:18 . 2011-11-07 01:18 -------- d-----w- c:\documents and settings\Master\Application Data\B8VEk6A5hPOKJcq
2011-11-07 01:13 . 2011-11-07 01:13 -------- d-----w- c:\documents and settings\Master\Application Data\jSC6uAXyZg3n3
2011-11-07 01:13 . 2011-11-07 01:13 -------- d-----w- c:\documents and settings\Master\Application Data\DXym4gtLf2JsaGz
2011-11-07 01:10 . 2011-11-07 01:10 -------- d-----w- c:\documents and settings\Master\Application Data\r7ikWC6jA5hPtOr
2011-11-07 01:10 . 2011-11-07 01:10 -------- d-----w- c:\documents and settings\Master\Application Data\CxTGNpzF8lD
2011-11-07 01:10 . 2011-11-07 01:10 -------- d-----w- c:\documents and settings\Master\Application Data\u4tnfedUwcHqT9R
2011-11-07 01:10 . 2011-11-07 01:10 -------- d-----w- c:\documents and settings\Master\Application Data\UikWS6uQXymZgL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2003-03-03 23:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-03-29 19:01 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-03-27 00:58 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-03-27 00:58 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-03-27 00:58 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-01-22 00:16 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-03-27 00:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-03-27 00:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-03-27 00:58 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="c:\windows\ATK0100\Hcontrol.exe" [2003-09-20 61440]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 335872]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-15 45056]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-14 380416]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2003-12-12 167936]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2004-02-13 98304]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 135168]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-06 185632]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2008-11-20 290088]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-10-2 57344]
Remocon Driver.lnk - c:\program files\sony\usbsircs\usbsircs.exe [2004-4-12 229376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/7/2010 2:09 PM 40552]
R3 oibtvcom;Bluetooth Virtual COM Port;c:\windows\system32\drivers\oivmvcom.sys [3/29/2004 11:52 AM 279680]
R3 oivmctrl;VCOMM Device Controller;c:\windows\system32\drivers\oivmctrl.sys [3/29/2004 11:52 AM 15616]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [3/26/2004 10:06 AM 37040]
.
Contents of the 'Scheduled Tasks' folder
.
2004-10-02 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-03-27 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
mSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uCustomizeSearch =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8ECCEF79-9DEE-4EE4-9179-745645BF2969}: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - hxxp://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB
DPF: {C77FB8C0-8B6D-440E-AC26-2BD39E97E8F2} - hxxp://speedtest.adelphia.net/customerdiag/speedtest/SPEEDTESTACTIVEX.CAB
.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ISMPack8 - c:\program files\ISM2\ISMPack8.exe
HKLM-Run-nH0qaTGzF8234A - c:\windows\system32\WfbIKedU1.exe
SafeBoot-svcWRSSSDK
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-14 19:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Sony\Giga Pocket\shwserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
c:\program files\Sony\Giga Pocket\RM_SV.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\rundll32.exe
c:\program files\Sony\HotKey Utility\HKWnd.exe
c:\program files\Apoint\Apntex.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-11-14 20:12:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-15 04:11
ComboFix2.txt 2007-11-04 21:03
.
Pre-Run: 30,500,429,824 bytes free
Post-Run: 30,675,714,048 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - FFFFE01A5FAD6BDD8E40D17F5664C56E


Step 3: aswMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-14 20:16:39
-----------------------------
20:16:39.080 OS Version: Windows 5.1.2600 Service Pack 3
20:16:39.080 Number of processors: 1 586 0xD06
20:16:39.080 ComputerName: MOBILEONE UserName: Master
20:16:41.494 Initialize success
20:27:00.944 AVAST engine defs: 11111401
20:27:16.867 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:27:16.877 Disk 0 Vendor: HITACHI_DK23FA-80 00M3A0A2 Size: 76319MB BusType: 3
20:27:16.897 Disk 1 \Device\Harddisk1\DR4 -> \Device\00000085
20:27:16.907 Disk 1 Vendor: ( Size: 76319MB BusType: 0
20:27:18.960 Disk 0 MBR read successfully
20:27:18.970 Disk 0 MBR scan
20:27:19.141 Disk 0 Windows XP default MBR code
20:27:19.191 Disk 0 scanning sectors +142207380
20:27:19.411 Disk 0 scanning C:\WINDOWS\system32\drivers
20:27:31.478 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot [Rtk]
20:27:40.611 Service scanning
20:27:42.644 Modules scanning
20:27:52.038 Disk 0 trace - called modules:
20:27:52.458 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:27:52.478 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82eccab8]
20:27:52.509 3 CLASSPNP.SYS[f8516fd7] -> nt!IofCallDriver -> \Device\0000007c[0x82f409e8]
20:27:52.529 5 ACPI.sys[f846d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f06940]
20:27:54.101 AVAST engine scan C:\WINDOWS
20:28:30.984 AVAST engine scan C:\WINDOWS\system32
20:31:28.629 AVAST engine scan C:\WINDOWS\system32\drivers
20:31:41.578 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot [Rtk]
20:31:52.574 AVAST engine scan C:\Documents and Settings\Master
20:32:39.351 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Master\Desktop\MBR.dat"
20:32:39.381 The log file has been saved successfully to "C:\Documents and Settings\Master\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   525bytes   22 downloads

  • 0

#6
Kennman

Kennman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Render:

Sorry for the curt post above but not sure it was going to go so I did the minimum.

ComboFix did install the recovery console, ran partially, said bad things about my malware, rebooted, ran for 40 minutes and then reported.

Hope I am doing my part correctly.

Kenn
  • 0

#7
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes. You are doing good so don't worry. Please do the following now:

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK button.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.
  • 0

#8
Kennman

Kennman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks Render,

I don't get to go home until Thursday. I'll run the above and post the results Thursday night.

Thanks again,

Kenn
  • 0

#9
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK.
  • 0

#10
Kennman

Kennman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Render:

Back in the battle;

Kaspersky log:

****

17:41:26.0651 1920 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
17:41:28.0574 1920 ============================================================
17:41:28.0574 1920 Current date / time: 2011/11/17 17:41:28.0574
17:41:28.0574 1920 SystemInfo:
17:41:28.0574 1920
17:41:28.0574 1920 OS Version: 5.1.2600 ServicePack: 3.0
17:41:28.0574 1920 Product type: Workstation
17:41:28.0574 1920 ComputerName: MOBILEONE
17:41:28.0574 1920 UserName: Master
17:41:28.0574 1920 Windows directory: C:\WINDOWS
17:41:28.0574 1920 System windows directory: C:\WINDOWS
17:41:28.0574 1920 Processor architecture: Intel x86
17:41:28.0574 1920 Number of processors: 1
17:41:28.0574 1920 Page size: 0x1000
17:41:28.0574 1920 Boot type: Normal boot
17:41:28.0574 1920 ============================================================
17:41:40.0996 1920 Initialize success
17:42:16.0978 3316 ============================================================
17:42:16.0978 3316 Scan started
17:42:16.0978 3316 Mode: Manual; SigCheck; TDLFS;
17:42:16.0978 3316 ============================================================
17:42:20.0144 3316 Abiosdsk - ok
17:42:20.0184 3316 abp480n5 - ok
17:42:20.0484 3316 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:42:45.0668 3316 ACPI - ok
17:42:45.0889 3316 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:42:46.0069 3316 ACPIEC - ok
17:42:46.0089 3316 adpu160m - ok
17:42:46.0159 3316 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:42:46.0450 3316 aec - ok
17:42:46.0520 3316 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:42:46.0590 3316 AegisP - ok
17:42:46.0660 3316 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:42:46.0770 3316 AFD - ok
17:42:46.0950 3316 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
17:42:47.0101 3316 AFS2K - ok
17:42:47.0201 3316 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:42:47.0481 3316 agp440 - ok
17:42:47.0501 3316 Aha154x - ok
17:42:47.0521 3316 aic78u2 - ok
17:42:47.0642 3316 aic78xx - ok
17:42:48.0112 3316 ALCXSENS (8e716f8ebef9631d995067174204c716) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
17:42:48.0463 3316 ALCXSENS - ok
17:42:49.0475 3316 ALCXWDM (ec050353aa96dbedf3100128b903398a) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:42:50.0166 3316 ALCXWDM - ok
17:42:50.0677 3316 AliIde - ok
17:42:50.0927 3316 amsint - ok
17:42:51.0188 3316 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:42:51.0328 3316 ApfiltrService - ok
17:42:51.0639 3316 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:42:52.0059 3316 Arp1394 - ok
17:42:52.0129 3316 asc - ok
17:42:52.0159 3316 asc3350p - ok
17:42:52.0200 3316 asc3550 - ok
17:42:52.0520 3316 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:42:52.0700 3316 AsyncMac - ok
17:42:52.0761 3316 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:42:53.0041 3316 atapi - ok
17:42:53.0261 3316 Atdisk - ok
17:42:53.0422 3316 ati2mtag (bd7dc30df0679e99f65d8b310f6c8dfe) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:42:53.0592 3316 ati2mtag - ok
17:42:53.0652 3316 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:42:53.0913 3316 Atmarpc - ok
17:42:54.0223 3316 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:42:54.0373 3316 audstub - ok
17:42:54.0604 3316 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:42:54.0914 3316 Beep - ok
17:42:55.0215 3316 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17:42:55.0355 3316 BthEnum - ok
17:42:55.0505 3316 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
17:42:55.0615 3316 BTHPORT - ok
17:42:55.0856 3316 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
17:42:56.0156 3316 BTHUSB - ok
17:42:56.0267 3316 catchme - ok
17:42:56.0587 3316 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:42:56.0888 3316 cbidf2k - ok
17:42:57.0028 3316 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:42:57.0158 3316 CCDECODE - ok
17:42:57.0439 3316 cd20xrnt - ok
17:42:57.0579 3316 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:42:57.0879 3316 Cdaudio - ok
17:42:58.0100 3316 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:42:58.0260 3316 Cdfs - ok
17:42:58.0541 3316 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:42:58.0881 3316 Cdrom - ok
17:42:58.0981 3316 Changer - ok
17:42:59.0282 3316 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:42:59.0442 3316 CmBatt - ok
17:42:59.0522 3316 CmdIde - ok
17:42:59.0572 3316 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:42:59.0883 3316 Compbatt - ok
17:42:59.0993 3316 Cpqarray - ok
17:43:00.0023 3316 dac2w2k - ok
17:43:00.0043 3316 dac960nt - ok
17:43:00.0103 3316 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:43:00.0244 3316 Disk - ok
17:43:00.0584 3316 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:43:00.0995 3316 dmboot - ok
17:43:01.0305 3316 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
17:43:01.0666 3316 DMICall - ok
17:43:01.0796 3316 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:43:01.0987 3316 dmio - ok
17:43:02.0377 3316 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:43:02.0678 3316 dmload - ok
17:43:02.0988 3316 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:43:03.0319 3316 DMusic - ok
17:43:03.0609 3316 dpti2o - ok
17:43:03.0890 3316 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:43:04.0260 3316 drmkaud - ok
17:43:04.0371 3316 E1000 (4beb6f44b0dc94af9fb20e97ab7ad47c) C:\WINDOWS\system32\DRIVERS\e1000325.sys
17:43:04.0491 3316 E1000 - ok
17:43:04.0571 3316 E100B (afee15c5b16317ebf17f79cc1843465a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:43:04.0611 3316 E100B - ok
17:43:04.0912 3316 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:43:05.0292 3316 Fastfat - ok
17:43:05.0392 3316 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:43:05.0543 3316 Fdc - ok
17:43:05.0763 3316 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:43:06.0074 3316 Fips - ok
17:43:06.0324 3316 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:43:06.0484 3316 Flpydisk - ok
17:43:06.0715 3316 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:43:07.0075 3316 FltMgr - ok
17:43:07.0236 3316 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:43:07.0386 3316 Fs_Rec - ok
17:43:07.0616 3316 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:43:07.0917 3316 Ftdisk - ok
17:43:08.0247 3316 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:43:08.0618 3316 GEARAspiWDM - ok
17:43:09.0089 3316 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:43:09.0470 3316 Gpc - ok
17:43:09.0690 3316 gv3 (01cdb5b4649fae249e787a83be22916a) C:\WINDOWS\system32\DRIVERS\gv3.sys
17:43:09.0740 3316 gv3 - ok
17:43:09.0990 3316 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:43:10.0331 3316 HidUsb - ok
17:43:10.0581 3316 hotcore3 (bcc47d4138eed5c527fc17c9e9d339c4) C:\WINDOWS\system32\DRIVERS\hotcore3.sys
17:43:10.0591 3316 hotcore3 - ok
17:43:10.0752 3316 hpn - ok
17:43:10.0912 3316 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:43:11.0022 3316 HPZid412 - ok
17:43:11.0313 3316 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:43:11.0453 3316 HPZipr12 - ok
17:43:11.0874 3316 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:43:12.0224 3316 HPZius12 - ok
17:43:12.0875 3316 HSFHWICH (68329f53ebfd34abf268c42d98c830f3) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
17:43:12.0976 3316 HSFHWICH - ok
17:43:13.0617 3316 HSF_DP (7bbc0d5900a1fc9f69fa0950a149a1c6) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:43:14.0729 3316 HSF_DP - ok
17:43:15.0791 3316 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:43:16.0181 3316 HTTP - ok
17:43:16.0662 3316 i2omgmt - ok
17:43:16.0842 3316 i2omp - ok
17:43:17.0163 3316 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:43:17.0503 3316 i8042prt - ok
17:43:17.0864 3316 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:43:18.0004 3316 Imapi - ok
17:43:18.0105 3316 ini910u - ok
17:43:18.0165 3316 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:43:18.0435 3316 IntelIde - ok
17:43:18.0595 3316 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:43:18.0856 3316 intelppm - ok
17:43:19.0056 3316 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:43:19.0407 3316 ip6fw - ok
17:43:19.0667 3316 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:43:19.0948 3316 IpFilterDriver - ok
17:43:20.0158 3316 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:43:20.0328 3316 IpInIp - ok
17:43:20.0659 3316 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:43:20.0970 3316 IpNat - ok
17:43:21.0450 3316 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:43:21.0741 3316 IPSec - ok
17:43:22.0282 3316 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:43:22.0552 3316 IRENUM - ok
17:43:22.0913 3316 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:43:23.0153 3316 isapnp - ok
17:43:23.0394 3316 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:43:23.0674 3316 Kbdclass - ok
17:43:23.0905 3316 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:43:24.0155 3316 kbdhid - ok
17:43:24.0225 3316 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:43:24.0365 3316 kmixer - ok
17:43:24.0436 3316 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:43:24.0636 3316 KSecDD - ok
17:43:24.0736 3316 lbrtfdc - ok
17:43:24.0986 3316 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:43:25.0027 3316 mdmxsdk - ok
17:43:25.0217 3316 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:43:25.0537 3316 mnmdd - ok
17:43:25.0818 3316 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:43:25.0978 3316 Modem - ok
17:43:26.0058 3316 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:43:26.0359 3316 Mouclass - ok
17:43:26.0639 3316 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:43:26.0790 3316 mouhid - ok
17:43:26.0940 3316 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:43:27.0170 3316 MountMgr - ok
17:43:27.0190 3316 mraid35x - ok
17:43:27.0300 3316 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:43:27.0461 3316 MRxDAV - ok
17:43:27.0641 3316 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:43:28.0032 3316 MRxSmb - ok
17:43:28.0392 3316 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:43:28.0733 3316 Msfs - ok
17:43:28.0873 3316 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:43:29.0034 3316 MSKSSRV - ok
17:43:29.0224 3316 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:43:29.0484 3316 MSPCLOCK - ok
17:43:29.0615 3316 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:43:29.0775 3316 MSPQM - ok
17:43:29.0925 3316 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:43:30.0075 3316 mssmbios - ok
17:43:30.0246 3316 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:43:30.0446 3316 MSTEE - ok
17:43:30.0606 3316 MTsensor (f4271a6c98692794010068602fa1d5e6) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
17:43:30.0696 3316 MTsensor - ok
17:43:30.0967 3316 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:43:31.0077 3316 Mup - ok
17:43:31.0217 3316 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:43:31.0548 3316 NABTSFEC - ok
17:43:32.0109 3316 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:43:32.0510 3316 NDIS - ok
17:43:32.0930 3316 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:43:33.0351 3316 NdisIP - ok
17:43:33.0611 3316 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:43:33.0762 3316 NdisTapi - ok
17:43:34.0794 3316 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:43:35.0705 3316 Ndisuio - ok
17:43:40.0253 3316 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:43:41.0625 3316 NdisWan - ok
17:43:43.0128 3316 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:43:43.0388 3316 NDProxy - ok
17:43:43.0789 3316 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:43:44.0170 3316 NetBIOS - ok
17:43:44.0450 3316 NetBT (fc0f1944648e66e93198d119e5099e01) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:43:44.0450 3316 NetBT ( Rootkit.Win32.ZAccess.j ) - infected
17:43:44.0450 3316 NetBT - detected Rootkit.Win32.ZAccess.j (0)
17:43:45.0021 3316 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:43:45.0372 3316 NIC1394 - ok
17:43:45.0692 3316 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:43:45.0933 3316 Npfs - ok
17:43:46.0183 3316 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:43:46.0604 3316 Ntfs - ok
17:43:46.0714 3316 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:43:46.0995 3316 Null - ok
17:43:47.0335 3316 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:43:47.0476 3316 NwlnkFlt - ok
17:43:47.0536 3316 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:43:47.0946 3316 NwlnkFwd - ok
17:43:48.0247 3316 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:43:48.0417 3316 ohci1394 - ok
17:43:48.0567 3316 oibtvcom (f10f7d357e3ed67156e67a33945666eb) C:\WINDOWS\system32\Drivers\oivmvcom.sys
17:43:48.0628 3316 oibtvcom ( UnsignedFile.Multi.Generic ) - warning
17:43:48.0628 3316 oibtvcom - detected UnsignedFile.Multi.Generic (1)
17:43:48.0758 3316 oivmctrl (db7e57a6a6e82ce11482e7c72c4ca7ec) C:\WINDOWS\system32\Drivers\oivmctrl.sys
17:43:48.0798 3316 oivmctrl ( UnsignedFile.Multi.Generic ) - warning
17:43:48.0798 3316 oivmctrl - detected UnsignedFile.Multi.Generic (1)
17:43:48.0918 3316 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:43:49.0209 3316 Parport - ok
17:43:49.0309 3316 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:43:49.0489 3316 PartMgr - ok
17:43:49.0719 3316 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:43:50.0030 3316 ParVdm - ok
17:43:50.0230 3316 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:43:50.0501 3316 PCI - ok
17:43:50.0621 3316 PCIDump - ok
17:43:50.0761 3316 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:43:51.0022 3316 PCIIde - ok
17:43:51.0172 3316 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:43:51.0352 3316 Pcmcia - ok
17:43:51.0462 3316 PDCOMP - ok
17:43:51.0483 3316 PDFRAME - ok
17:43:51.0503 3316 PDRELI - ok
17:43:51.0573 3316 PDRFRAME - ok
17:43:51.0773 3316 pelmouse (59b3101f20056104c011e0c68aebb840) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
17:43:51.0893 3316 pelmouse - ok
17:43:52.0094 3316 pelusblf (f1ce775af376faf3ffefb4ff8cbdfbf3) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
17:43:52.0134 3316 pelusblf - ok
17:43:52.0404 3316 perc2 - ok
17:43:52.0474 3316 perc2hib - ok
17:43:52.0815 3316 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:43:53.0175 3316 PptpMiniport - ok
17:43:53.0326 3316 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:43:53.0496 3316 Processor - ok
17:43:53.0646 3316 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:43:53.0837 3316 PSched - ok
17:43:54.0047 3316 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:43:54.0287 3316 Ptilink - ok
17:43:54.0448 3316 PxHelp20 (25639ba81c01a3e0508901829479954f) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:43:54.0488 3316 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
17:43:54.0488 3316 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
17:43:54.0618 3316 ql1080 - ok
17:43:54.0708 3316 Ql10wnt - ok
17:43:54.0949 3316 ql12160 - ok
17:43:55.0039 3316 ql1240 - ok
17:43:55.0219 3316 ql1280 - ok
17:43:55.0389 3316 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:43:55.0750 3316 RasAcd - ok
17:43:55.0860 3316 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:43:56.0020 3316 Rasl2tp - ok
17:43:56.0101 3316 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:43:56.0221 3316 RasPppoe - ok
17:43:56.0381 3316 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:43:56.0591 3316 Raspti - ok
17:43:57.0222 3316 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:43:57.0563 3316 Rdbss - ok
17:43:57.0974 3316 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:43:58.0164 3316 RDPCDD - ok
17:43:58.0395 3316 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:43:58.0515 3316 RDPWD - ok
17:43:58.0715 3316 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:43:59.0006 3316 redbook - ok
17:43:59.0276 3316 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
17:43:59.0466 3316 RFCOMM - ok
17:43:59.0667 3316 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:43:59.0777 3316 s24trans - ok
17:44:00.0057 3316 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:44:00.0408 3316 Secdrv - ok
17:44:00.0558 3316 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:44:00.0729 3316 Serial - ok
17:44:00.0919 3316 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:44:01.0199 3316 Sfloppy - ok
17:44:01.0410 3316 Simbad - ok
17:44:01.0540 3316 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:44:01.0881 3316 SLIP - ok
17:44:02.0081 3316 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
17:44:02.0231 3316 SNC - ok
17:44:02.0712 3316 SONYTVC (30da5083735f5ba2a5d13b44b9278e9d) C:\WINDOWS\system32\DRIVERS\SONYTVC.sys
17:44:02.0872 3316 SONYTVC - ok
17:44:02.0922 3316 Sparrow - ok
17:44:03.0103 3316 SPI (bfd0e6f53957af8156084c436b825f70) C:\WINDOWS\system32\DRIVERS\SonyPI.sys
17:44:03.0423 3316 SPI - ok
17:44:03.0654 3316 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:44:03.0804 3316 splitter - ok
17:44:03.0954 3316 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:44:04.0285 3316 sr - ok
17:44:04.0776 3316 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:44:05.0006 3316 Srv - ok
17:44:05.0116 3316 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:44:05.0577 3316 streamip - ok
17:44:05.0978 3316 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:44:06.0198 3316 swenum - ok
17:44:06.0338 3316 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:44:06.0619 3316 swmidi - ok
17:44:06.0799 3316 symc810 - ok
17:44:06.0839 3316 symc8xx - ok
17:44:07.0009 3316 sym_hi - ok
17:44:07.0170 3316 sym_u3 - ok
17:44:07.0260 3316 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:44:07.0590 3316 sysaudio - ok
17:44:08.0071 3316 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:44:08.0482 3316 Tcpip - ok
17:44:08.0732 3316 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:44:09.0083 3316 TDPIPE - ok
17:44:09.0263 3316 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:44:09.0554 3316 TDTCP - ok
17:44:09.0714 3316 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:44:10.0025 3316 TermDD - ok
17:44:10.0125 3316 tifmsony (968fa2a57462fad77655388cd6c7f9b9) C:\WINDOWS\system32\drivers\tifmsony.sys
17:44:10.0235 3316 tifmsony - ok
17:44:10.0385 3316 TosIde - ok
17:44:10.0576 3316 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:44:10.0846 3316 Udfs - ok
17:44:10.0886 3316 ultra - ok
17:44:10.0986 3316 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:44:11.0257 3316 Update - ok
17:44:11.0487 3316 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:44:11.0597 3316 USBAAPL - ok
17:44:11.0738 3316 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:44:12.0088 3316 usbccgp - ok
17:44:12.0389 3316 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:44:12.0649 3316 usbehci - ok
17:44:12.0800 3316 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:44:12.0960 3316 usbhub - ok
17:44:13.0300 3316 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:44:13.0581 3316 usbohci - ok
17:44:13.0691 3316 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:44:14.0012 3316 usbprint - ok
17:44:14.0202 3316 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:44:14.0332 3316 usbscan - ok
17:44:14.0412 3316 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:44:14.0563 3316 usbstor - ok
17:44:14.0723 3316 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:44:14.0943 3316 usbuhci - ok
17:44:15.0214 3316 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:44:15.0484 3316 VgaSave - ok
17:44:15.0574 3316 ViaIde - ok
17:44:15.0725 3316 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:44:16.0045 3316 VolSnap - ok
17:44:16.0696 3316 w22n51 (4c009d4352849d79bf347846b6e03bfd) C:\WINDOWS\system32\DRIVERS\w22n51.sys
17:44:17.0157 3316 w22n51 ( UnsignedFile.Multi.Generic ) - warning
17:44:17.0157 3316 w22n51 - detected UnsignedFile.Multi.Generic (1)
17:44:17.0888 3316 w29n51 (a22abd73e0d6ba666cba4e86eeb001b3) C:\WINDOWS\system32\DRIVERS\w29n51.sys
17:44:18.0640 3316 w29n51 - ok
17:44:19.0090 3316 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:44:19.0421 3316 Wanarp - ok
17:44:19.0651 3316 WDICA - ok
17:44:19.0832 3316 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:44:20.0002 3316 wdmaud - ok
17:44:20.0413 3316 winachsf (e010c2588ed1c0ad0e8188ec0f46ced6) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:44:20.0693 3316 winachsf - ok
17:44:21.0134 3316 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:44:21.0445 3316 WS2IFSL - ok
17:44:21.0655 3316 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:44:21.0805 3316 WSTCODEC - ok
17:44:21.0905 3316 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:44:24.0991 3316 \Device\Harddisk0\DR0 - ok
17:44:25.0041 3316 Boot (0x1200) (9b94f709a2ab5a1377d7163fc23b952e) \Device\Harddisk0\DR0\Partition0
17:44:25.0051 3316 \Device\Harddisk0\DR0\Partition0 - ok
17:44:25.0091 3316 Boot (0x1200) (e35a740dd10fcedd50fa163475c2d8bb) \Device\Harddisk0\DR0\Partition1
17:44:25.0111 3316 \Device\Harddisk0\DR0\Partition1 - ok
17:44:25.0121 3316 ============================================================
17:44:25.0121 3316 Scan finished
17:44:25.0121 3316 ============================================================
17:44:25.0251 3376 Detected object count: 5
17:44:25.0251 3376 Actual detected object count: 5
17:44:36.0050 3376 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
17:44:37.0152 3376 Backup copy found, using it..
17:44:37.0392 3376 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
17:44:50.0986 3376 NetBT ( Rootkit.Win32.ZAccess.j ) - User select action: Cure
17:44:50.0996 3376 oibtvcom ( UnsignedFile.Multi.Generic ) - skipped by user
17:44:50.0996 3376 oibtvcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:44:51.0006 3376 oivmctrl ( UnsignedFile.Multi.Generic ) - skipped by user
17:44:51.0006 3376 oivmctrl ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:44:51.0006 3376 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
17:44:51.0006 3376 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:44:51.0016 3376 w22n51 ( UnsignedFile.Multi.Generic ) - skipped by user
17:44:51.0016 3376 w22n51 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:22.0641 0192 Deinitialize success



***********


If you want to know where I've been,

google Self defense test ship biofuel

Thanks and

Kennman sends
  • 0

Advertisements


#11
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

google Self defense test ship biofuel

That one here?

Looks like ZA rootkit is successfully removed. Let's see current condition of your machine:

Step 1

Posted Image Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here and double click on mbam-setup.exe to install the application

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Click on Check for Updates button.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2

Please delete your copy of OTL.exe.

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • MBAM log
  • OTL scan log
  • Extras log

  • 0

#12
Kennman

Kennman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yep, that was us.

MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8190

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/18/2011 12:47:18 PM
mbam-log-2011-11-18 (12-47-18).txt

Scan type: Quick scan
Objects scanned: 175328
Time elapsed: 14 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Master\application data\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.


********************

OTL logfile created on: 11/18/2011 12:57:57 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Master\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.80 Mb Total Physical Memory | 153.75 Mb Available Physical Memory | 30.10% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.88% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 42.94 Gb Total Space | 28.44 Gb Free Space | 66.22% Space Free | Partition Type: NTFS
Drive D: | 19.86 Gb Total Space | 12.97 Gb Free Space | 65.31% Space Free | Partition Type: NTFS

Computer Name: MOBILEONE | User Name: Master | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/18 12:54:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Master\Desktop\OTL.exe
PRC - [2010/10/29 13:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/09/30 14:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 14:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 14:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/10/08 14:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/02/23 11:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2004/03/12 16:32:38 | 000,086,098 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
PRC - [2004/02/20 14:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2004/02/19 18:51:36 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\HotKey Utility\HKWnd.exe
PRC - [2004/02/12 23:01:24 | 000,098,304 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\HotKey Utility\HKServ.exe
PRC - [2004/01/17 03:36:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2003/12/11 23:03:06 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2003/12/05 12:32:56 | 000,077,824 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\shwserv.exe
PRC - [2003/12/05 12:32:06 | 000,090,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe
PRC - [2003/11/07 17:21:28 | 000,114,688 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2003/10/06 19:26:10 | 000,229,376 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\usbsircs\USBsircs.exe
PRC - [2003/09/19 17:42:00 | 000,974,848 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2003/09/19 17:42:00 | 000,061,440 | ---- | M] () -- C:\WINDOWS\ATK0100\Hcontrol.exe
PRC - [2003/08/11 00:07:38 | 000,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe
PRC - [2003/06/25 10:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe
PRC - [2003/02/26 11:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2002/08/20 10:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
PRC - [2002/03/14 16:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe


========== Modules (No Company Name) ==========

MOD - [2008/03/24 20:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007/10/08 14:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/05/17 14:42:26 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2004/03/03 12:29:58 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.dll
MOD - [2003/12/05 12:32:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony\Giga Pocket\RM_SVps.dll
MOD - [2003/09/19 17:42:00 | 000,974,848 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
MOD - [2003/09/19 17:42:00 | 000,061,440 | ---- | M] () -- C:\WINDOWS\ATK0100\Hcontrol.exe
MOD - [2003/08/11 00:07:40 | 000,565,248 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2006/02/23 11:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/23 11:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe -- (SymWSC)
SRV - [2004/03/12 16:33:54 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/03/12 16:32:38 | 000,086,098 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -- (VAIO Entertainment File Import Service)
SRV - [2004/03/12 16:11:34 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/03/12 15:57:42 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -- (VAIO Entertainment UPnP Client Adapter)
SRV - [2004/03/12 11:20:34 | 001,691,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/03/05 12:35:34 | 000,184,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2004/02/25 04:22:06 | 000,737,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/02/25 04:22:06 | 000,737,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/02/25 04:12:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2004/02/25 04:12:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/02/04 13:29:58 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Giga Pocket\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/12/09 05:38:14 | 000,065,625 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR)
SRV - [2003/12/09 05:32:58 | 000,065,622 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)
SRV - [2003/12/05 12:32:56 | 000,077,824 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Giga Pocket\shwserv.exe -- (Giga Pocket Hardware Detector)
SRV - [2003/12/05 12:32:06 | 000,090,112 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe -- (Sony TV Tuner Manager)
SRV - [2003/10/30 11:48:10 | 001,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/08/11 00:07:38 | 000,065,795 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/10/20 10:10:08 | 000,040,552 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/07/25 17:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/07 17:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/03/19 18:10:54 | 000,224,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SONYTVC.sys -- (SONYTVC)
DRV - [2004/03/04 12:51:20 | 000,064,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2004/03/03 12:31:22 | 000,679,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/13 18:40:16 | 000,610,796 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/09 14:58:06 | 000,401,408 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/01/02 02:52:00 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel®
DRV - [2003/10/14 16:08:22 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/10/14 16:05:48 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/10/14 16:04:16 | 001,043,072 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/29 13:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 17:42:00 | 000,005,786 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2003/03/14 10:12:50 | 000,279,680 | ---- | M] (OPEN INTERFACE.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oivmvcom.sys -- (oibtvcom)
DRV - [2003/01/06 17:20:14 | 000,015,616 | ---- | M] (OPEN INTERFACE.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oivmctrl.sys -- (oivmctrl)
DRV - [2002/11/18 17:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/06/28 18:21:40 | 000,017,251 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001/08/17 04:51:22 | 000,037,040 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2001/07/24 10:34:34 | 000,007,520 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELUSBlf.SYS -- (pelusblf)
DRV - [2000/12/05 16:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-196185971-3809120377-2976720987-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKU\S-1-5-21-196185971-3809120377-2976720987-1005\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKU\S-1-5-21-196185971-3809120377-2976720987-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-196185971-3809120377-2976720987-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-196185971-3809120377-2976720987-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Master\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Master\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2008/12/28 10:35:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/06/29 06:48:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Master\Application Data\Move Networks [2009/11/25 19:05:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2008/12/28 10:35:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/06/29 06:48:11 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/11/14 19:57:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-196185971-3809120377-2976720987-1005\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-196185971-3809120377-2976720987-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" irprops.cpl,,BluetoothAuthenticationAgent File not found
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe ()
O4 - HKLM..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe (Sony Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remocon Driver.lnk = C:\Program Files\Sony\usbsircs\USBsircs.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-196185971-3809120377-2976720987-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-196185971-3809120377-2976720987-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-196185971-3809120377-2976720987-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-196185971-3809120377-2976720987-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} http://supportsoft.a...ad/tgctlins.cab (Support.com Installer)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr...ads/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati.../00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1193877428180 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238513359353 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} http://ciscdb.sel.so...tect/PCInfo.CAB (PCInfo.CMClass)
O16 - DPF: {C77FB8C0-8B6D-440E-AC26-2BD39E97E8F2} http://speedtest.ade...TESTACTIVEX.CAB (SpdTCtl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ECCEF79-9DEE-4EE4-9179-745645BF2969}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Master\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Master\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/26 18:11:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/18 12:54:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Master\Desktop\OTL.exe
[2011/11/18 12:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\Malwarebytes
[2011/11/18 12:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/18 12:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/18 12:28:45 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/18 12:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/18 12:26:39 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Master\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/17 17:40:52 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Master\Desktop\tdsskiller.exe
[2011/11/14 20:46:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/14 20:16:29 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Master\Desktop\aswMBR.exe
[2011/11/14 19:14:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/14 19:11:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/14 19:11:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/14 19:11:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/14 19:10:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/14 19:10:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Master\Start Menu\Programs\Administrative Tools
[2011/11/14 19:08:29 | 004,293,495 | R--- | C] (Swearware) -- C:\Documents and Settings\Master\Desktop\ComboFix.exe
[2011/11/13 11:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Start Menu\Programs\HiJackThis
[2011/11/09 20:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\pvUJ1scHq
[2011/11/09 20:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\gQAX5jQXymZtOrI
[2011/11/08 20:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\P2edvJ1sY0aT9R8
[2011/11/08 20:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\NZ4tnL3fI2dUwY
[2011/11/08 20:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\ZB8olFBoEViW
[2011/11/08 20:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\OAX5ymP4nLrb2v1
[2011/11/08 19:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\UTNpR8E7WCuQ5Q5
[2011/11/08 19:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\xL3rfIKevJw
[2011/11/08 17:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\DGN9pRF8lD7kCjX
[2011/11/08 17:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\cgnOLrfI3fI2v1c
[2011/11/08 16:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Local Settings\Application Data\NPE
[2011/11/08 16:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\Tific
[2011/11/08 16:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Local Settings\Application Data\Symantec
[2011/11/08 16:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\YyhmP4gO3fI2v
[2011/11/08 16:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\VnOL3Kv1s
[2011/11/07 22:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\r4tgO3rbKevJsHa
[2011/11/07 22:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\ElEFBolD7kS6Q5m
[2011/11/07 21:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\My Documents\Symantec
[2011/11/07 21:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\BV7iS6uQXym4n3b
[2011/11/07 21:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\HOL3rbI2fI2
[2011/11/07 21:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/11/07 21:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/07 21:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/07 20:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/11/07 20:57:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/11/07 20:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/11/07 20:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\NwscY0qxG9zFoD
[2011/11/07 20:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\fgnOLtgO3fKeU
[2011/11/07 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\BujQA5ymZtnLf
[2011/11/07 18:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\JkWSCikS6jA5m4n
[2011/11/07 16:44:12 | 000,000,000 | ---D | C] -- C:\NBRT
[2011/11/07 16:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\z4tgnL3fI2dUwYq
[2011/11/07 16:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\n8olEViW6jA5m4n
[2011/11/06 17:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\jFB8oED7kS6jXPt
[2011/11/06 17:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\KnOL3fbKrb
[2011/11/06 17:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\hlD7iWS7kSuQ5m4
[2011/11/06 17:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\B8VEk6A5hPOKJcq
[2011/11/06 17:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\jSC6uAXyZg3n3
[2011/11/06 17:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\DXym4gtLf2JsaGz
[2011/11/06 17:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\r7ikWC6jA5hPtOr
[2011/11/06 17:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\CxTGNpzF8lD
[2011/11/06 17:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\u4tnfedUwcHqT9R
[2011/11/06 17:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\UikWS6uQXymZgL
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/18 12:54:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Master\Desktop\OTL.exe
[2011/11/18 12:51:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/18 12:50:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/18 12:50:48 | 535,678,976 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/18 12:28:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/18 12:26:53 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Master\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/17 17:41:13 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Master\Desktop\tdsskiller.exe
[2011/11/17 17:36:31 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Lori email.lnk
[2011/11/14 21:41:21 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\Lori email.lnk
[2011/11/14 20:40:45 | 000,000,525 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\MBR.zip
[2011/11/14 20:16:38 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Master\Desktop\aswMBR.exe
[2011/11/14 19:57:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/14 19:22:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/14 19:14:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/14 19:08:29 | 004,293,495 | R--- | M] (Swearware) -- C:\Documents and Settings\Master\Desktop\ComboFix.exe
[2011/11/13 17:14:30 | 000,006,192 | ---- | M] () -- C:\{E4F98A39-9238-4533-A697-849CA473868A}
[2011/11/13 14:46:26 | 000,006,192 | ---- | M] () -- C:\{ECDB780B-1F56-4281-895F-7564678799C3}
[2011/11/13 14:24:14 | 000,006,192 | ---- | M] () -- C:\{755E84F9-BA0A-4642-A911-C0A0C13A075E}
[2011/11/13 14:14:07 | 000,007,888 | ---- | M] () -- C:\{4D7B2171-6C0F-40BC-965E-2F94AEFE2628}
[2011/11/13 14:14:00 | 000,006,192 | ---- | M] () -- C:\{52D1077B-565F-4795-8100-9EE7F638D569}
[2011/11/13 14:04:33 | 000,006,192 | ---- | M] () -- C:\{EF20FA85-E5E2-4BB0-94F0-75E394882A2A}
[2011/11/13 13:41:34 | 000,031,016 | ---- | M] () -- C:\{D13AD4D8-E9F6-4C42-BDD6-CD9DCC7B0B5D}
[2011/11/13 12:56:43 | 000,031,128 | ---- | M] () -- C:\{11F85857-A17D-40BD-8405-1DE1D15CED7A}
[2011/11/13 11:57:20 | 000,006,192 | ---- | M] () -- C:\{925ADB1A-73F8-47D2-89C0-E3425BA2B0EC}
[2011/11/13 11:37:51 | 000,006,192 | ---- | M] () -- C:\{047A39B3-68A9-408E-AC83-F613C74A846F}
[2011/11/13 11:26:29 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\HiJackThis.lnk
[2011/11/13 09:51:33 | 000,006,192 | ---- | M] () -- C:\{6169566C-31EB-41A7-99B5-BDDE2BE3DCF6}
[2011/11/13 09:09:03 | 000,006,192 | ---- | M] () -- C:\{2A0DD5A0-5A3C-4745-8E31-1935DC3B937F}
[2011/11/12 21:41:14 | 000,006,192 | ---- | M] () -- C:\{E601309A-60D9-4CE0-A38F-506D400DD2C6}
[2011/11/12 21:26:31 | 000,031,744 | ---- | M] () -- C:\{132E73FA-5EE4-4E30-BE99-853A87AFDC14}
[2011/11/12 20:28:37 | 000,006,192 | ---- | M] () -- C:\{B88FDC18-95E4-4587-98F3-342200DA2942}
[2011/11/12 19:57:29 | 000,006,192 | ---- | M] () -- C:\{CF8F422B-442F-45FF-8330-AC0A1F87D283}
[2011/11/12 19:35:43 | 000,006,192 | ---- | M] () -- C:\{0D8712D4-B08C-4724-A3F3-4AF590282D6F}
[2011/11/12 19:25:40 | 000,006,192 | ---- | M] () -- C:\{A117FCBD-D698-4689-BBC9-D5F331B1CE2F}
[2011/11/12 19:15:28 | 000,006,192 | ---- | M] () -- C:\{A987ED71-8836-4D1D-9811-BFC50DA0F955}
[2011/11/12 18:32:09 | 000,006,192 | ---- | M] () -- C:\{55459539-6714-44B3-878B-8C487A3CC485}
[2011/11/12 18:11:00 | 000,006,192 | ---- | M] () -- C:\{A053E252-95C0-4E12-9EDA-ED3D46F93715}
[2011/11/12 17:49:58 | 000,006,192 | ---- | M] () -- C:\{2897AA25-8201-4BD3-9425-2A7D29BF29F2}
[2011/11/12 17:20:12 | 000,006,192 | ---- | M] () -- C:\{4F35E1EC-59E2-4A3B-AE7C-CF604C2CD533}
[2011/11/12 16:27:51 | 000,006,192 | ---- | M] () -- C:\{DA62E0B4-B167-45C4-801A-AA40823616F4}
[2011/11/12 16:16:55 | 000,006,192 | ---- | M] () -- C:\{36B769E7-162D-4099-A97D-02E8D7AF765F}
[2011/11/12 13:19:30 | 000,006,192 | ---- | M] () -- C:\{984B3819-E2C0-42EE-A63D-5A950CDC5374}
[2011/11/12 13:07:37 | 000,006,192 | ---- | M] () -- C:\{CC6DD585-3CEC-4B57-8E97-17016186DAB7}
[2011/11/12 12:57:54 | 000,006,192 | ---- | M] () -- C:\{4EA88700-BC29-4D9E-B7B9-A40BF2515B43}
[2011/11/11 16:51:37 | 000,006,192 | ---- | M] () -- C:\{D888FE9F-EF68-463C-A530-642FD4DAD660}
[2011/11/11 14:48:16 | 000,006,192 | ---- | M] () -- C:\{84DD3F56-806A-4469-A802-5BF17CADBC1E}
[2011/11/11 13:25:37 | 000,008,976 | ---- | M] () -- C:\{187640F1-E4B3-449C-8078-F78CC170F32F}
[2011/11/11 08:49:46 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/11/10 22:41:46 | 000,006,192 | ---- | M] () -- C:\{F4B0E654-1E47-4C65-8BCB-950CA5D8D1A0}
[2011/11/10 21:04:17 | 000,006,192 | ---- | M] () -- C:\{1C24970D-9E9B-44E5-A518-060201AA04B7}
[2011/11/09 22:26:48 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\SMRResults210.dat
[2011/11/09 22:09:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/11/09 22:08:24 | 000,001,260 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/11/07 18:42:36 | 606,076,928 | -HS- | M] () -- C:\NBRTPage.sys
[2011/11/06 17:14:40 | 000,445,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 17:14:40 | 000,072,792 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/22 15:56:39 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/22 15:56:39 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\Windows Media Player.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/18 12:28:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 20:40:45 | 000,000,525 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\MBR.zip
[2011/11/14 19:14:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/14 19:14:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/14 19:11:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/14 19:11:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/14 19:11:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/14 19:11:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/14 19:11:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/13 17:14:29 | 000,006,192 | ---- | C] () -- C:\{E4F98A39-9238-4533-A697-849CA473868A}
[2011/11/13 14:46:26 | 000,006,192 | ---- | C] () -- C:\{ECDB780B-1F56-4281-895F-7564678799C3}
[2011/11/13 14:24:13 | 000,006,192 | ---- | C] () -- C:\{755E84F9-BA0A-4642-A911-C0A0C13A075E}
[2011/11/13 14:14:07 | 000,007,888 | ---- | C] () -- C:\{4D7B2171-6C0F-40BC-965E-2F94AEFE2628}
[2011/11/13 14:14:00 | 000,006,192 | ---- | C] () -- C:\{52D1077B-565F-4795-8100-9EE7F638D569}
[2011/11/13 14:04:33 | 000,006,192 | ---- | C] () -- C:\{EF20FA85-E5E2-4BB0-94F0-75E394882A2A}
[2011/11/13 13:41:34 | 000,031,016 | ---- | C] () -- C:\{D13AD4D8-E9F6-4C42-BDD6-CD9DCC7B0B5D}
[2011/11/13 12:56:43 | 000,031,128 | ---- | C] () -- C:\{11F85857-A17D-40BD-8405-1DE1D15CED7A}
[2011/11/13 11:57:20 | 000,006,192 | ---- | C] () -- C:\{925ADB1A-73F8-47D2-89C0-E3425BA2B0EC}
[2011/11/13 11:37:51 | 000,006,192 | ---- | C] () -- C:\{047A39B3-68A9-408E-AC83-F613C74A846F}
[2011/11/13 09:51:33 | 000,006,192 | ---- | C] () -- C:\{6169566C-31EB-41A7-99B5-BDDE2BE3DCF6}
[2011/11/13 09:09:03 | 000,006,192 | ---- | C] () -- C:\{2A0DD5A0-5A3C-4745-8E31-1935DC3B937F}
[2011/11/12 21:41:14 | 000,006,192 | ---- | C] () -- C:\{E601309A-60D9-4CE0-A38F-506D400DD2C6}
[2011/11/12 21:26:31 | 000,031,744 | ---- | C] () -- C:\{132E73FA-5EE4-4E30-BE99-853A87AFDC14}
[2011/11/12 20:28:37 | 000,006,192 | ---- | C] () -- C:\{B88FDC18-95E4-4587-98F3-342200DA2942}
[2011/11/12 19:57:29 | 000,006,192 | ---- | C] () -- C:\{CF8F422B-442F-45FF-8330-AC0A1F87D283}
[2011/11/12 19:35:43 | 000,006,192 | ---- | C] () -- C:\{0D8712D4-B08C-4724-A3F3-4AF590282D6F}
[2011/11/12 19:25:40 | 000,006,192 | ---- | C] () -- C:\{A117FCBD-D698-4689-BBC9-D5F331B1CE2F}
[2011/11/12 19:15:28 | 000,006,192 | ---- | C] () -- C:\{A987ED71-8836-4D1D-9811-BFC50DA0F955}
[2011/11/12 18:32:09 | 000,006,192 | ---- | C] () -- C:\{55459539-6714-44B3-878B-8C487A3CC485}
[2011/11/12 18:11:00 | 000,006,192 | ---- | C] () -- C:\{A053E252-95C0-4E12-9EDA-ED3D46F93715}
[2011/11/12 17:49:58 | 000,006,192 | ---- | C] () -- C:\{2897AA25-8201-4BD3-9425-2A7D29BF29F2}
[2011/11/12 17:20:12 | 000,006,192 | ---- | C] () -- C:\{4F35E1EC-59E2-4A3B-AE7C-CF604C2CD533}
[2011/11/12 16:27:51 | 000,006,192 | ---- | C] () -- C:\{DA62E0B4-B167-45C4-801A-AA40823616F4}
[2011/11/12 16:16:55 | 000,006,192 | ---- | C] () -- C:\{36B769E7-162D-4099-A97D-02E8D7AF765F}
[2011/11/12 13:19:30 | 000,006,192 | ---- | C] () -- C:\{984B3819-E2C0-42EE-A63D-5A950CDC5374}
[2011/11/12 13:07:37 | 000,006,192 | ---- | C] () -- C:\{CC6DD585-3CEC-4B57-8E97-17016186DAB7}
[2011/11/12 12:57:49 | 000,006,192 | ---- | C] () -- C:\{4EA88700-BC29-4D9E-B7B9-A40BF2515B43}
[2011/11/11 16:51:37 | 000,006,192 | ---- | C] () -- C:\{D888FE9F-EF68-463C-A530-642FD4DAD660}
[2011/11/11 14:48:16 | 000,006,192 | ---- | C] () -- C:\{84DD3F56-806A-4469-A802-5BF17CADBC1E}
[2011/11/11 13:25:37 | 000,008,976 | ---- | C] () -- C:\{187640F1-E4B3-449C-8078-F78CC170F32F}
[2011/11/10 22:41:46 | 000,006,192 | ---- | C] () -- C:\{F4B0E654-1E47-4C65-8BCB-950CA5D8D1A0}
[2011/11/10 21:04:17 | 000,006,192 | ---- | C] () -- C:\{1C24970D-9E9B-44E5-A518-060201AA04B7}
[2011/11/09 22:26:47 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\Master\Application Data\SMRResults210.dat
[2011/11/08 16:09:48 | 535,678,976 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/07 21:15:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/07 16:44:11 | 606,076,928 | -HS- | C] () -- C:\NBRTPage.sys
[2011/09/05 09:39:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2011/08/21 14:23:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/06/01 21:10:22 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2010/04/25 13:03:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/02/21 09:19:57 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Multipressor
[2010/02/21 09:19:57 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Master\Application Data\Mallets
[2010/02/21 08:08:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\MediaFolder
[2010/02/21 08:08:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Master\Application Data\Machines
[2008/06/21 15:47:07 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2008/06/21 15:47:07 | 000,028,922 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2007/05/28 11:04:12 | 000,000,188 | ---- | C] () -- C:\WINDOWS\guitar.ini
[2007/03/22 18:11:06 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/03/07 22:08:13 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/05/22 15:09:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/04/07 16:15:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pnpchk.exe
[2006/04/07 16:10:11 | 000,000,008 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2005/10/29 12:51:08 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/10/29 12:51:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2004/10/02 13:10:10 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/02 12:36:11 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/09/18 19:51:20 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Master\Local Settings\Application Data\fusioncache.dat
[2004/09/11 11:18:08 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Master\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/12 21:02:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\System32\Sony XBRITE.ini
[2004/04/12 21:02:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/12 20:55:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2004/04/12 20:49:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/04/12 20:49:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/04/12 20:49:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/04/12 20:49:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/04/12 20:49:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/04/12 20:49:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/03/29 13:32:10 | 000,000,921 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/03/29 13:30:11 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/03/29 13:24:04 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2004/03/29 13:23:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/03/29 13:22:38 | 000,090,832 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2004/03/29 13:22:34 | 000,009,192 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/03/29 11:05:09 | 001,137,512 | ---- | C] () -- C:\WINDOWS\q323183_wxp_sp2_x86_enu.exe
[2004/03/29 10:53:40 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
[2004/03/29 10:46:52 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
[2004/03/29 10:44:37 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/29 10:38:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2004/03/26 18:43:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/26 18:23:07 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/03/26 18:18:00 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/26 18:13:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/03/26 18:09:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/03/26 16:59:46 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/03/26 16:59:42 | 000,372,428 | ---- | C] () -- C:\WINDOWS\System32\drivers\SNYTVC6.DAT
[2004/03/26 16:59:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/03/26 16:59:28 | 000,005,786 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2004/03/26 16:59:20 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/03/26 16:59:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/03/26 16:59:02 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/26 16:58:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/03/26 16:58:41 | 000,445,082 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/03/26 16:58:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/03/26 16:58:41 | 000,072,792 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/03/26 16:58:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/03/26 16:58:41 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/03/26 16:58:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/26 16:58:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/03/26 16:58:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/03/26 16:58:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/03/26 16:58:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/26 10:04:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/26 10:03:53 | 000,188,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/11 00:07:40 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/07/23 08:53:30 | 000,373,967 | ---- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/06 11:55:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
[2002/06/12 12:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 17:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/04/02 17:08:32 | 000,036,868 | ---- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe

========== LOP Check ==========

[2010/02/21 08:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Automatic Filter
[2010/02/21 09:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bubble Noise
[2010/08/07 13:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/06/03 12:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/08/07 14:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\copypart
[2010/02/21 09:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/08/07 14:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2010/08/07 14:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2010/02/21 08:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2004/09/18 11:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2010/08/07 14:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\redistpart
[2010/02/21 09:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/03/21 15:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/28 11:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2006/01/29 18:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\.bittorrent
[2011/11/06 17:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\B8VEk6A5hPOKJcq
[2011/11/07 18:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\BujQA5ymZtnLf
[2011/11/07 21:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\BV7iS6uQXym4n3b
[2011/11/08 17:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\cgnOLrfI3fI2v1c
[2005/05/14 11:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Common Files
[2011/11/06 17:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\CxTGNpzF8lD
[2011/11/08 17:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\DGN9pRF8lD7kCjX
[2011/11/06 17:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\DXym4gtLf2JsaGz
[2011/11/07 22:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\ElEFBolD7kS6Q5m
[2011/11/07 20:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\fgnOLtgO3fKeU
[2010/08/07 10:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\GARMIN
[2011/11/09 20:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\gQAX5jQXymZtOrI
[2011/11/06 17:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\hlD7iWS7kSuQ5m4
[2011/11/07 21:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\HOL3rbI2fI2
[2006/06/30 15:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\InterVideo
[2011/11/06 17:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\jFB8oED7kS6jXPt
[2011/11/07 18:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\JkWSCikS6jA5m4n
[2011/11/06 17:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\jSC6uAXyZg3n3
[2011/11/06 17:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\KnOL3fbKrb
[2004/09/11 11:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Leadertech
[2011/11/07 16:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\n8olEViW6jA5m4n
[2010/04/25 12:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Nikon
[2011/11/07 20:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\NwscY0qxG9zFoD
[2011/11/08 20:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\NZ4tnL3fI2dUwY
[2011/11/08 20:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\OAX5ymP4nLrb2v1
[2011/11/08 20:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\P2edvJ1sY0aT9R8
[2011/11/09 20:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\pvUJ1scHq
[2011/11/07 22:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\r4tgO3rbKevJsHa
[2011/11/06 17:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\r7ikWC6jA5hPtOr
[2006/12/31 14:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Roni Music
[2004/09/21 20:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Template
[2011/11/08 16:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Tific
[2011/11/06 17:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\u4tnfedUwcHqT9R
[2011/11/06 17:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\UikWS6uQXymZgL
[2011/11/08 19:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\UTNpR8E7WCuQ5Q5
[2008/03/21 15:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Viewpoint
[2011/11/08 16:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\VnOL3Kv1s
[2011/11/08 19:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\xL3rfIKevJw
[2011/11/08 16:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\YyhmP4gO3fI2v
[2011/11/07 16:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\z4tgnL3fI2dUwYq
[2011/11/08 20:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\ZB8olFBoEViW
[2004/10/01 17:50:01 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/03 23:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/03 23:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 23:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 03:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 03:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 03:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 04:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape\uninstall\NSUninst.exe" /ms /ua "7.02 (en)" /hs browser [2004/03/29 13:22:38 | 000,090,832 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape\Netscp.exe" -silent -nosplash -setDefaultBrowser [2003/02/08 09:50:00 | 000,481,264 | ---- | M] (Mozilla, Netscape)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape\uninstall\NSUninst.exe" /ms /ua "7.02 (en)" /ss browser [2004/03/29 13:22:38 | 000,090,832 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\shell\open\command\\: C:\Program Files\Netscape\Netscape\Netscp.exe [2003/02/08 09:50:00 | 000,481,264 | ---- | M] (Mozilla, Netscape)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 03:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 03:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 03:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 04:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape\uninstall\NSUninst.exe" /ms /ua "7.02 (en)" /hs browser [2004/03/29 13:22:38 | 000,090,832 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape\Netscp.exe" -silent -nosplash -setDefaultBrowser [2003/02/08 09:50:00 | 000,481,264 | ---- | M] (Mozilla, Netscape)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape\uninstall\NSUninst.exe" /ms /ua "7.02 (en)" /ss browser [2004/03/29 13:22:38 | 000,090,832 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\shell\open\command\\: C:\Program Files\Netscape\Netscape\Netscp.exe [2003/02/08 09:50:00 | 000,481,264 | ---- | M] (Mozilla, Netscape)

< >

< >

< End of report >


*****************

OTL Extras logfile created on: 11/18/2011 12:57:58 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Master\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.80 Mb Total Physical Memory | 153.75 Mb Available Physical Memory | 30.10% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.88% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 42.94 Gb Total Space | 28.44 Gb Free Space | 66.22% Space Free | Partition Type: NTFS
Drive D: | 19.86 Gb Total Space | 12.97 Gb Free Space | 65.31% Space Free | Partition Type: NTFS

Computer Name: MOBILEONE | User Name: Master | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01AF4645-78E6-46C4-B528-54863679CC40}" = VAIO SLIT-C Screen Saver
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{1C8B929A-6507-455A-BEB8-F748AEA048F6}" = Giga Pocket Hardware Library 5.5
"{1CAD83B0-87A3-4206-BF70-644546808731}" = Overland
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 3.0
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{266AEE68-5718-4A31-BDD3-D356B1250C70}" = VAIO SLIT Pattern Wallpaper
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{30642CE1-217B-40C0-92E2-6BF849599D9E}" = Network Smart Capture
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48820099-ED7D-424B-890C-9A82EF00656C}" = VAIO Update 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C75086F-7753-41B9-8B4C-F38DE6CC8C20}" = VAIO Remote Commander Utility 6.2
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{545DB151-1514-4FFC-BF2F-FE8FBBD06987}" = VAIO Power Management
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{642a22b1-7ab8-44b5-84b9-e58eecf8ece2}" = 2400_2500Help
"{657DD6DA-B07B-40FF-9DBD-2116F7E83CF6}" = OpenMG Secure Module 3.4.00
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 3.0
"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.0.02
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 3.0
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8F1338C8-CA9E-4136-928B-453243AFE8F8}" = Giga Pocket Demo Movie
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{936FADC9-C609-471A-B6F2-A33E2E660D1A}" = Sony Notebook Setup
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{9441cb44-9729-4962-9ce1-c7752350fe52}" = 23_24_2500Tour
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{98e3d87f-6946-468d-b34e-9f89ac8da70a}" = 2400
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A01348CB-585D-472E-B071-60DF7A1C8A88}" = Bluetooth Virtual COM Port
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A6BFDF60-FD08-4EF9-8D26-B762A19DB9A0}" = Giga Pocket 5.5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{BB311F54-39D6-4A03-8E18-053D1B2833D7}" = HotKey Utility
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 1.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{CABAA5E1-66E4-11DE-B88A-005056C00008}" = Avanquest Partition Commander 11
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{DA7ECDA9-C6DD-4E4A-8EB8-9899E08C6740}" = SonicStage MP3 Add-on program
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins 1.0
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{f409f2fe-2567-446f-a220-e60cd7e016f4}" = 2400_2500trb
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_818C104D" = SoftV92 Data Fax Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"getPlus®_ocx" = getPlus®_ocx
"Hcontrol" = ATK0100 ACPI UTILITY
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoodLogic" = MoodLogic
"MouseSuite98" = Sony USB Mouse
"Netscape (7.02)" = Netscape (7.02)
"Netscape Online Setup" = Netscape Internet Service Setup
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix3.4-03-12-16-01" = OpenMG Limited Patch 3.4-03-12-16-01
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Adapters and Drivers
"RandyTab" = RandyTab
"RealPlayer 6.0" = RealPlayer
"SLIDE-LOK Design Center_is1" = SLIDE-LOK Design Center v3.0
"Sony XBRITE Screen Saver" = Sony XBRITE Screen Saver
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Welcome to VAIO life" = Welcome to VAIO life
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-196185971-3809120377-2976720987-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2011 9:13:39 PM | Computer Name = MOBILEONE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/6/2011 9:33:04 PM | Computer Name = MOBILEONE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2011 8:39:48 PM | Computer Name = MOBILEONE | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 11/9/2011 1:03:21 AM | Computer Name = MOBILEONE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/9/2011 1:03:21 AM | Computer Name = MOBILEONE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 12:47:47 AM | Computer Name = MOBILEONE | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 11/10/2011 12:50:28 AM | Computer Name = MOBILEONE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2011 1:24:34 AM | Computer Name = MOBILEONE | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 11/10/2011 1:27:31 AM | Computer Name = MOBILEONE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/13/2011 5:42:17 PM | Computer Name = MOBILEONE | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/14/2011 11:05:04 PM | Computer Name = MOBILEONE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/14/2011 11:05:08 PM | Computer Name = MOBILEONE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/14/2011 11:05:36 PM | Computer Name = MOBILEONE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/14/2011 11:09:26 PM | Computer Name = MOBILEONE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/14/2011 11:09:52 PM | Computer Name = MOBILEONE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/14/2011 11:28:45 PM | Computer Name = MOBILEONE | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/17/2011 9:48:51 PM | Computer Name = MOBILEONE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/17/2011 9:49:08 PM | Computer Name = MOBILEONE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 11/18/2011 4:51:04 PM | Computer Name = MOBILEONE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/18/2011 4:51:07 PM | Computer Name = MOBILEONE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.


< End of report >
  • 0

#13
Kennman

Kennman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Render:

Don't know if this means anything but outlook auto launches at startup and I can't get it to stop.

It would be fine with me if it didn't.

Regards,

Kennman
  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Do you have Office installation CD?

Please proceed with following steps:

Step 1

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
    [2011/11/09 20:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\pvUJ1scHq
    [2011/11/09 20:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\gQAX5jQXymZtOrI
    [2011/11/08 20:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\P2edvJ1sY0aT9R8
    [2011/11/08 20:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\NZ4tnL3fI2dUwY
    [2011/11/08 20:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\ZB8olFBoEViW
    [2011/11/08 20:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\OAX5ymP4nLrb2v1
    [2011/11/08 19:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\UTNpR8E7WCuQ5Q5
    [2011/11/08 19:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\xL3rfIKevJw
    [2011/11/08 17:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\DGN9pRF8lD7kCjX
    [2011/11/08 17:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\cgnOLrfI3fI2v1c
    [2011/11/08 16:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\YyhmP4gO3fI2v
    [2011/11/08 16:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\VnOL3Kv1s
    [2011/11/07 22:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\r4tgO3rbKevJsHa
    [2011/11/07 22:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\ElEFBolD7kS6Q5m
    [2011/11/07 21:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\BV7iS6uQXym4n3b
    [2011/11/07 21:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\HOL3rbI2fI2
    [2011/11/07 20:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\NwscY0qxG9zFoD
    [2011/11/07 20:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\fgnOLtgO3fKeU
    [2011/11/07 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\BujQA5ymZtnLf
    [2011/11/07 18:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\JkWSCikS6jA5m4n
    [2011/11/07 16:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\z4tgnL3fI2dUwYq
    [2011/11/07 16:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\n8olEViW6jA5m4n
    [2011/11/06 17:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\jFB8oED7kS6jXPt
    [2011/11/06 17:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\KnOL3fbKrb
    [2011/11/06 17:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\hlD7iWS7kSuQ5m4
    [2011/11/06 17:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\B8VEk6A5hPOKJcq
    [2011/11/06 17:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\jSC6uAXyZg3n3
    [2011/11/06 17:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\DXym4gtLf2JsaGz
    [2011/11/06 17:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\r7ikWC6jA5hPtOr
    [2011/11/06 17:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\CxTGNpzF8lD
    [2011/11/06 17:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\u4tnfedUwcHqT9R
    [2011/11/06 17:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\UikWS6uQXymZgL
    [2011/11/13 17:14:30 | 000,006,192 | ---- | M] () -- C:\{E4F98A39-9238-4533-A697-849CA473868A}
    [2011/11/13 14:46:26 | 000,006,192 | ---- | M] () -- C:\{ECDB780B-1F56-4281-895F-7564678799C3}
    [2011/11/13 14:24:14 | 000,006,192 | ---- | M] () -- C:\{755E84F9-BA0A-4642-A911-C0A0C13A075E}
    [2011/11/13 14:14:07 | 000,007,888 | ---- | M] () -- C:\{4D7B2171-6C0F-40BC-965E-2F94AEFE2628}
    [2011/11/13 14:14:00 | 000,006,192 | ---- | M] () -- C:\{52D1077B-565F-4795-8100-9EE7F638D569}
    [2011/11/13 14:04:33 | 000,006,192 | ---- | M] () -- C:\{EF20FA85-E5E2-4BB0-94F0-75E394882A2A}
    [2011/11/13 13:41:34 | 000,031,016 | ---- | M] () -- C:\{D13AD4D8-E9F6-4C42-BDD6-CD9DCC7B0B5D}
    [2011/11/13 12:56:43 | 000,031,128 | ---- | M] () -- C:\{11F85857-A17D-40BD-8405-1DE1D15CED7A}
    [2011/11/13 11:57:20 | 000,006,192 | ---- | M] () -- C:\{925ADB1A-73F8-47D2-89C0-E3425BA2B0EC}
    [2011/11/13 11:37:51 | 000,006,192 | ---- | M] () -- C:\{047A39B3-68A9-408E-AC83-F613C74A846F}
    [2011/11/13 09:51:33 | 000,006,192 | ---- | M] () -- C:\{6169566C-31EB-41A7-99B5-BDDE2BE3DCF6}
    [2011/11/13 09:09:03 | 000,006,192 | ---- | M] () -- C:\{2A0DD5A0-5A3C-4745-8E31-1935DC3B937F}
    [2011/11/12 21:41:14 | 000,006,192 | ---- | M] () -- C:\{E601309A-60D9-4CE0-A38F-506D400DD2C6}
    [2011/11/12 21:26:31 | 000,031,744 | ---- | M] () -- C:\{132E73FA-5EE4-4E30-BE99-853A87AFDC14}
    [2011/11/12 20:28:37 | 000,006,192 | ---- | M] () -- C:\{B88FDC18-95E4-4587-98F3-342200DA2942}
    [2011/11/12 19:57:29 | 000,006,192 | ---- | M] () -- C:\{CF8F422B-442F-45FF-8330-AC0A1F87D283}
    [2011/11/12 19:35:43 | 000,006,192 | ---- | M] () -- C:\{0D8712D4-B08C-4724-A3F3-4AF590282D6F}
    [2011/11/12 19:25:40 | 000,006,192 | ---- | M] () -- C:\{A117FCBD-D698-4689-BBC9-D5F331B1CE2F}
    [2011/11/12 19:15:28 | 000,006,192 | ---- | M] () -- C:\{A987ED71-8836-4D1D-9811-BFC50DA0F955}
    [2011/11/12 18:32:09 | 000,006,192 | ---- | M] () -- C:\{55459539-6714-44B3-878B-8C487A3CC485}
    [2011/11/12 18:11:00 | 000,006,192 | ---- | M] () -- C:\{A053E252-95C0-4E12-9EDA-ED3D46F93715}
    [2011/11/12 17:49:58 | 000,006,192 | ---- | M] () -- C:\{2897AA25-8201-4BD3-9425-2A7D29BF29F2}
    [2011/11/12 17:20:12 | 000,006,192 | ---- | M] () -- C:\{4F35E1EC-59E2-4A3B-AE7C-CF604C2CD533}
    [2011/11/12 16:27:51 | 000,006,192 | ---- | M] () -- C:\{DA62E0B4-B167-45C4-801A-AA40823616F4}
    [2011/11/12 16:16:55 | 000,006,192 | ---- | M] () -- C:\{36B769E7-162D-4099-A97D-02E8D7AF765F}
    [2011/11/12 13:19:30 | 000,006,192 | ---- | M] () -- C:\{984B3819-E2C0-42EE-A63D-5A950CDC5374}
    [2011/11/12 13:07:37 | 000,006,192 | ---- | M] () -- C:\{CC6DD585-3CEC-4B57-8E97-17016186DAB7}
    [2011/11/12 12:57:54 | 000,006,192 | ---- | M] () -- C:\{4EA88700-BC29-4D9E-B7B9-A40BF2515B43}
    [2011/11/11 16:51:37 | 000,006,192 | ---- | M] () -- C:\{D888FE9F-EF68-463C-A530-642FD4DAD660}
    [2011/11/11 14:48:16 | 000,006,192 | ---- | M] () -- C:\{84DD3F56-806A-4469-A802-5BF17CADBC1E}
    [2011/11/11 13:25:37 | 000,008,976 | ---- | M] () -- C:\{187640F1-E4B3-449C-8078-F78CC170F32F}
    [2011/11/10 22:41:46 | 000,006,192 | ---- | M] () -- C:\{F4B0E654-1E47-4C65-8BCB-950CA5D8D1A0}
    [2011/11/10 21:04:17 | 000,006,192 | ---- | M] () -- C:\{1C24970D-9E9B-44E5-A518-060201AA04B7}
      	
    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    :Reg
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYJAVA]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • OTL quick scan log
  • VRT scan log and attached zip file

  • 0

#15
Kennman

Kennman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I don't have an office disk but I have my restore disks. I can get a copy of office to reload no problem. Should I back up my data files before I run the OTL fix and the Kapersky?

Please verify that I paste everything in the box into OTL. (starting with :OTL and ending with [reboot] ).

Do I leave all of the other settings as they come up for both the fix and the scan?

Thanks again,

Kenn
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP