Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVG found black hole exploit as of recent but thats not even half the


  • Please log in to reply

#1
valgalvez

valgalvez

    Member

  • Member
  • PipPip
  • 32 posts
I hope you can help.

About two months ago a fake windows security infected my computer...(BTW as I started to write this, my screen went blue talking about a physical memory dump and a bunch else, the only thing I can ever do when that happens is manually power down and reboot. It was like it knew what I was doing :o) it wouldnt let me do anything, it blocked me from going into any programs, I couldnt do system restore, after googling it on my tablet, I somehow was able to reboot in safe mode, and I think I did a system restore (something I do when I dont know what else to do!)..I was able to get it back to normal, well kind of not really.

After that, there was no sign of the fake microsoft security, but I started getting alot of pop ups, which I was NEVER getting, I started using firefox to see if it helped with the popups..NOT..and a few times a day it will just go into a black screen that you cant get out of unless you power down.

I've had AVG on it for about 2 years, never had any problems, but I noticed it had been about a year since I had last updated it..(after I was able to get rid of the fake microsoft thing, I thought maybe I should do a scan. -__-)my bad, but honestly, I've always kind of felt like if you browse smart and dont click on ANYTHING suspicious, you should be fine..kinda like dont take medicine if your not sick. idk. AND, I really never had any problems up until recently when the kids started using it more frequently.

NOW AVG constantly keeps telling that trojans are found, viruses are found, tracking cookies are found, and no matter how many times I delete, move to vault, heal, burn, I still get the same S**t, everyday. I downloaded Amigo 360 to try and clean up the registry. I just downloaded Malwarebytes today, it found 63 problems..viruses..trojans. I dont know what to do because I cant even get a specific name. Finally today AVG alerted me about Black Hole Exploit. At this point I'm numb. Its like finding out you have cancer when you have aids. :(

I would like to be able to repair my computer if possible. I'm a fighter not a quitter. I'm somewhat computer saavy. But you can give it to me straight if its unsalvagable, please let me know. It was a little hand me down computer that was good to me for a good while and theres no important documents that I need to worry about losing, it's used for web browsing, that's it. I really dont want my kids to use the GOOD computer after this. But if its a waste of time, I would like to know.

Thank you.

BTW, the physical dump thing happened while I was running the OTL SCAN. After reboot went back to scan, froze. Currently scanning with OTL.com *fingers crossed* hopefully, here's the log:

fail. I got the black screen this time, had to manually power down and reboot. thank god for firefox saving my session.

This is a log I saved about an hour ago when I ran Malwarebytes scan will this help? If not I will walk thru the other steps when OTL does not work...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8396

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2011 1:13:37 AM
mbam-log-2011-12-19 (01-13-37).txt

Scan type: Quick scan
Objects scanned: 190465
Time elapsed: 23 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 51
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\RXResult.RXResultFilter (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ABD42510-9B22-41cd-9DCD-8182A2D07C63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD42510-9B22-41CD-9DCD-8182A2D07C63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ABD42510-9B22-41CD-9DCD-8182A2D07C63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1037B06C-84B7-4240-8D80-485810A0497D} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E3EA4FD1-CADE-4AE5-84F7-086EEE888BE4} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3EA4FD1-CADE-4AE5-84F7-086EEE888BE4} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\RXResult.RXResultTracker (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (Trojan.BHO) -> Value: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (Trojan.BHO) -> Value: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Value: wxfw.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SSODL (Trojan.Agent) -> Value: SSODL -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\all users\application data\Seekeen (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.


Run OTL, Quickscan and post the log.

Ron
  • 0

#3
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ron! Thank you for your reply! here are my logs:

Combo fix:

ComboFix 11-12-22.04 - Katey Turner 12/22/2011 22:53:28.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.322 [GMT -8:00]
Running from: c:\documents and settings\Katey Turner\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\Katey Turner\WINDOWS
C:\LOG1E.tmp
C:\LOG2A.tmp
C:\LOG34.tmp
C:\LOG50.tmp
C:\LOG54.tmp
C:\LOG5A.tmp
C:\LOG5C.tmp
c:\program files\LP
c:\program files\LP\CE97\122.tmp
c:\program files\LP\CE97\123.tmp
c:\program files\LP\CE97\1C.tmp
c:\program files\LP\CE97\1D.tmp
c:\windows\$NtUninstallKB46498$
c:\windows\$NtUninstallKB46498$\2237916491
c:\windows\$NtUninstallKB46498$\2989361036\@
c:\windows\$NtUninstallKB46498$\2989361036\bckfg.tmp
c:\windows\$NtUninstallKB46498$\2989361036\cfg.ini
c:\windows\$NtUninstallKB46498$\2989361036\Desktop.ini
c:\windows\$NtUninstallKB46498$\2989361036\keywords
c:\windows\$NtUninstallKB46498$\2989361036\kwrd.dll
c:\windows\$NtUninstallKB46498$\2989361036\L\slcaanne
c:\windows\$NtUninstallKB46498$\2989361036\lsflt7.ver
c:\windows\$NtUninstallKB46498$\2989361036\U\[email protected]
c:\windows\$NtUninstallKB46498$\2989361036\U\[email protected]
c:\windows\$NtUninstallKB46498$\2989361036\U\[email protected]
c:\windows\$NtUninstallKB46498$\2989361036\U\[email protected]
c:\windows\$NtUninstallKB46498$\2989361036\U\[email protected]
c:\windows\$NtUninstallKB46498$\2989361036\U\[email protected]
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\abawagur.ini
c:\windows\system32\abitokin.ini
c:\windows\system32\agunihik.ini
c:\windows\system32\ahatuled.ini
c:\windows\system32\ajayopoz.ini
c:\windows\system32\amozored.ini
c:\windows\system32\anusival.ini
c:\windows\system32\avafiyer.ini
c:\windows\system32\ayezutim.ini
c:\windows\system32\azitoher.ini
c:\windows\system32\azoyojap.ini
c:\windows\system32\azozuwiw.ini
c:\windows\system32\azulezor.ini
c:\windows\system32\eduwiyod.ini
c:\windows\system32\efipitaj.ini
c:\windows\system32\efiyolol.ini
c:\windows\system32\ehopekih.ini
c:\windows\system32\ejimeren.ini
c:\windows\system32\ekefuvog.ini
c:\windows\system32\ekupikub.ini
c:\windows\system32\emutidan.ini
c:\windows\system32\epuwejot.ini
c:\windows\system32\erijiduh.ini
c:\windows\system32\esojupab.ini
c:\windows\system32\eweduwih.ini
c:\windows\system32\eweleniv.ini
c:\windows\system32\eyidekoz.ini
c:\windows\system32\ibedarow.ini
c:\windows\system32\ibujihon.ini
c:\windows\system32\ibuzunih.ini
c:\windows\system32\ifufubaj.ini
c:\windows\system32\ihuyepoz.ini
c:\windows\system32\ikegilok.ini
c:\windows\system32\odenetim.ini
c:\windows\system32\odoronid.ini
c:\windows\system32\odunomat.ini
c:\windows\system32\ofedawiv.ini
c:\windows\system32\ofomijoj.ini
c:\windows\system32\ohezolep.ini
c:\windows\system32\ohokurib.ini
c:\windows\system32\ojegibiw.ini
c:\windows\system32\okirusoz.ini
c:\windows\system32\onelabiy.ini
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
c:\windows\system32\opihasab.ini
c:\windows\system32\oyirewof.ini
c:\windows\system32\ozedegun.ini
c:\windows\system32\ozilerek.ini
c:\windows\system32\SET25C.tmp
c:\windows\system32\SET268.tmp
c:\windows\system32\ubipuler.ini
c:\windows\system32\udokalul.ini
c:\windows\system32\ufilitil.ini
c:\windows\system32\ugutuwur.ini
c:\windows\system32\ujozimug.ini
c:\windows\system32\uleloyaw.ini
c:\windows\system32\unimosem.ini
c:\windows\system32\utigadur.ini
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IAS
-------\Service_Ias
.
.
((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))
.
.
2011-12-23 06:49 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-19 12:00 . 2011-12-19 12:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-19 08:45 . 2011-12-19 08:45 -------- d-----w- c:\documents and settings\Katey Turner\Application Data\Malwarebytes
2011-12-19 08:44 . 2011-12-19 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-19 08:44 . 2011-12-23 06:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-02 01:14 . 2011-12-02 01:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 01:12 . 2011-07-26 01:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 06:31 . 2011-11-15 06:31 25248 ----a-w- c:\windows\system32\drivers\AmgHips.sys
2011-11-15 05:55 . 2011-11-15 05:55 4554 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2006-02-28 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2006-12-31 04:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-05 06:53 . 2011-11-17 06:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe" [2011-07-26 243360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-11-4 1507431]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 10:41 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-08-27 23:59 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-03-13 01:41 762736 ----a-w- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ssstars.scr"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqApkil.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\HPQPSXP.exe"=
"c:\\Program Files\\Windows Media Player\\wmpshare.exe"=
"c:\\Program Files\\Windows Media Player\\setup_wm.exe"=
"c:\\Program Files\\Windows Media Player\\wmpenc.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqdstcp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\DocProc\\DocProc.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkiosk.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 AmgHips;AmgHips;c:\windows\system32\drivers\AmgHips.sys [11/14/2011 10:31 PM 25248]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 11:10 AM 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 3:45 PM 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [1/14/2009 1:23 AM 458752]
S2 necusb;NEC USB Device Service;c:\windows\System32\svchost.exe -k necusb3 [2/28/2006 4:00 AM 14336]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [4/17/2007 11:44 PM 96256]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 10:54 AM 360547]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/20/2010 10:06 PM 30576]
S3 XDva190;XDva190; [x]
S3 XDva201;XDva201; [x]
S3 XDva212;XDva212; [x]
S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
necusb3 REG_MULTI_SZ necusb
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Katey Turner\Application Data\Mozilla\Firefox\Profiles\52dh9s4c.default\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-necusb - nwusbw32.dll
Notify-nwusbw32 - nwusbw32.dll
MSConfigStartUp-360Amigo - c:\program files\360Amigo\360Amigo.exe
MSConfigStartUp-CPM731f80ea - c:\windows\system32\vowuzehu.dll
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-22 23:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\sand.jar-72b37d6d-1be3849d.idx 176 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\sand.jar-72b37d6d-1be3849d.zip 317564 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\sand7.mp3-5c0fe339-1c8cd20c.idx 83 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\sand7.mp3-5c0fe339-1c8cd20c.zip 317495 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\sand7.mp3-5c0fe339-29ca71f0.idx 83 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\sand7.mp3-5c0fe339-29ca71f0.zip 317495 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\sand7.mp3-5c0fe339-5491ef76.idx 83 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\sand7.mp3-5c0fe339-5491ef76.zip 317495 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\sand7.mp3-5c0fe339-61a42bad.idx 83 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\sand7.mp3-5c0fe339-61a42bad.zip 317500 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\sand7.mp3-5c0fe339-6a3c37dd.idx 83 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\sand7.mp3-5c0fe339-6a3c37dd.zip 317495 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1395679233.jar-783d64df-277ec4e1.zip 35345 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-1076e776-7f5536dd.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-42c71961-7324cd94.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-6a7bd0cc-36d09de0.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-567450fb.idx 84 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-567450fb.zip 337495 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-578f3736.idx 84 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-578f3736.zip 337490 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\tictactoe.jar-456ae3ef-587872d2.idx 88 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\tictactoe.jar-456ae3ef-587872d2.zip 20583 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\treasury.jar-496f9afd-252b151c.idx 166 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\treasury.jar-496f9afd-252b151c.zip 190815 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\xfsg.jar-1869e6e0-6e7b90ee.idx 147 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\xfsg.jar-1869e6e0-6e7b90ee.zip 812660 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-10289ea6.idx 84 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-10289ea6.zip 337490 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-21c9add6.idx 84 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-21c9add6.zip 337490 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-27e685c0.idx 84 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-27e685c0.zip 337490 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-3257ea9d.idx 84 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-3257ea9d.zip 337490 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-38f3e591.idx 84 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-38f3e591.zip 337490 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-42ad7ed7.idx 84 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-42ad7ed7.zip 337490 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-53c84b2b.idx 84 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\meezengine-3.4.1.1.jar-34a225ba-4cb9873b.zip 482095 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\meezengine-3.7.0.5.jar-3cc19580-2311b4c6.idx 430 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\meezengine-3.7.0.5.jar-3cc19580-2311b4c6.zip 319708 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\newsday01.jar-bf19090-66839f23.idx 3222 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\newsday01.jar-bf19090-66839f23.zip 122607 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-7d3168a1-490b2db0.idx 6012 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\panoapplet.jar-3d5854bd-43111691.idx 1387 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\panoapplet.jar-3d5854bd-43111691.zip 75925 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\panoapplet.jar-4fead0c6-1d52798f.idx 1383 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\panoapplet.jar-4fead0c6-1d52798f.zip 75925 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\PS.jar-14024e61-6d79c1b3.idx 145 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet--2b8c6207-1032415347.jar-7b40cee8-6a85bcb0.idx 8195 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet--2b8c6207-1032415347.jar-7b40cee8-6a85bcb0.zip 180835 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet--2b8c6207-552391003.jar-691b1a78-72065ffe.idx 8194 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet--2b8c6207-552391003.jar-691b1a78-72065ffe.zip 180835 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet--2b8c6207-866765922.jar-23397859-679fb50f.idx 8194 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet--2b8c6207-866765922.jar-23397859-679fb50f.zip 180835 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet--2b8c6207-87442469.jar-506b7f90-7b7df0c3.idx 8193 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet--2b8c6207-87442469.jar-506b7f90-7b7df0c3.zip 180835 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-1079016650.jar-28c2b50e-57b2cc0e.idx 8194 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-1079016650.jar-28c2b50e-57b2cc0e.zip 187149 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-1491680448.jar-384c94a1-54d93da0.idx 8195 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-1491680448.jar-384c94a1-54d93da0.zip 187149 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mario_01.jar-4bdb0c06-2667c17e.idx 163 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mario_01.jar-4bdb0c06-2667c17e.zip 455973 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\meezapplet-3.4.1.1.jar-4842afd2-77905ecb.idx 92 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\meezapplet-3.4.1.1.jar-4842afd2-77905ecb.zip 51273 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\meezapplet-3.7.0.5.jar-50621f98-610107a0.idx 92 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\meezapplet-3.7.0.5.jar-50621f98-610107a0.zip 46491 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-2b21e865-584c2c97.idx 7812 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-2b21e865-584c2c97.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-2d9354fe-63ecdba5.idx 7573 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-2d9354fe-63ecdba5.zip 204565 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-31db4207-23993f90.idx 7812 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-31db4207-23993f90.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-35560319-643e8b4b.idx 7572 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-35560319-643e8b4b.zip 204565 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-36a669c2-719f7e97.idx 7571 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-36a669c2-719f7e97.zip 204345 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-36e3a5b9-27a1c889.idx 7576 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-36e3a5b9-27a1c889.zip 203007 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-3c40b041-74b967ac.idx 7575 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-587041c2-55c2293c.idx 7813 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-587041c2-55c2293c.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-61ac78e-21d1edb7.idx 7572 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-61ac78e-21d1edb7.zip 204565 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-62d82920-669854a3.idx 7577 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-62d82920-669854a3.zip 202533 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-62f51ad-5ecb4b8a.idx 7573 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-62f51ad-5ecb4b8a.zip 204565 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-6983550c-7f828d5d.idx 7577 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-6983550c-7f828d5d.zip 202533 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-69ee5a12-1f18741c.idx 7577 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-69ee5a12-1f18741c.zip 202533 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-6a23802a-6d132ef0.idx 7572 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-6a23802a-6d132ef0.zip 204345 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-6e354370-7aa28625.idx 7810 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-6e354370-7aa28625.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-71030433-2f6b2983.idx 7571 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-71030433-2f6b2983.zip 204345 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-72ff35f6-73c6c5b7.idx 7812 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-72ff35f6-73c6c5b7.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-4d67f0b8-4c2d7a91.zip 203007 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-50317f62-177dab80.idx 7811 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-50317f62-177dab80.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-5073275c-767b25ff.idx 7569 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-5073275c-767b25ff.zip 204231 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-50916c38-7eb280ee.idx 7575 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-50916c38-7eb280ee.zip 202533 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-51f04713-16ca708f.idx 7576 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-51f04713-16ca708f.zip 203007 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-5355e693-712b2fbe.idx 7574 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-5355e693-712b2fbe.zip 203007 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-5514099b-6647d57e.idx 7577 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-5514099b-6647d57e.zip 202533 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-5637e229-6ad9a773.idx 7812 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-5637e229-6ad9a773.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-582d1f41-334d764d.idx 7575 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-43e32ca0-35dcd25c.idx 4965 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-43e32ca0-35dcd25c.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-5b39aa58-252e03ce.idx 4966 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-5b39aa58-252e03ce.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-5f4192c0-67568634.idx 4968 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-5f4192c0-67568634.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-652157f4-756f3c74.idx 4965 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-652157f4-756f3c74.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-6a5251b7-40793ee4.idx 4966 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-6a5251b7-40793ee4.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-6a7bd0cc-36d09de0.idx 4966 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-13395ea7-3c541960.idx 7812 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-13395ea7-3c541960.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-13d7eeea-4047dac8.idx 7572 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-13d7eeea-4047dac8.zip 204565 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-182c1ade-7a3706e9.idx 7571 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-182c1ade-7a3706e9.zip 204345 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-18cdd389-5d65626d.idx 7813 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-18cdd389-5d65626d.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-1ec9ca20-250e6a73.idx 7576 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-1ec9ca20-250e6a73.zip 202533 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-1ecf3232-7f15132e.idx 7576 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-1ecf3232-7f15132e.zip 202533 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-2048dba6-3ea5c456.idx 7576 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-2048dba6-3ea5c456.zip 203007 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-2137532e-3d890f2b.idx 7572 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-2137532e-3d890f2b.zip 204345 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-241b7dcb-289d952c.idx 7577 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-241b7dcb-289d952c.zip 202533 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-26902801-4d876b5d.idx 7571 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-26902801-4d876b5d.zip 204345 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-2963b39d-5b62ae59.idx 7576 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-73055f72-32115546.zip 203007 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-73168048-5b8ff7b1.idx 7813 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-73168048-5b8ff7b1.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-763e9c59-77d9db59.idx 7812 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-763e9c59-77d9db59.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-76afd5c2-6c52c27f.idx 7579 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-76afd5c2-6c52c27f.zip 203422 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-7bc31b4a-5f26ac00.idx 7813 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-7bc31b4a-5f26ac00.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-91a7f84-157b2b8f.idx 7579 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-91a7f84-157b2b8f.zip 203422 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-b5b4d38-36536497.idx 7812 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-b5b4d38-36536497.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-1665235068.jar-528b319e-5033b82b.idx 8195 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-124843e6-73277c0f.zip 204565 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-2963b39d-5b62ae59.zip 202533 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-3c40b041-74b967ac.zip 203007 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-4d67f0b8-4c2d7a91.idx 7575 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-582d1f41-334d764d.zip 203007 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-73055f72-32115546.idx 7575 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-c74e636-590176cc.idx 7577 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\meezengine-3.4.1.1.jar-34a225ba-4cb9873b.idx 430 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\PS.jar-14024e61-6d79c1b3.zip 259419 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\SaSaSa.mp3-33b5a488-53c84b2b.zip 337490 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-74a0a924-12e3559b.idx 4965 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-74a0a924-12e3559b.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-9963d4-3c983418.idx 4967 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-9963d4-3c983418.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader989830788.jar-7b11b5fe-4780ca4d.idx 4970 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader989830788.jar-7b11b5fe-4780ca4d.zip 34583 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv593.jar-6d70a207-4e6b844b.idx 83 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv593.jar-6d70a207-6365e044.idx 83 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-112b2d06-2e3670cc.idx 4965 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-112b2d06-2e3670cc.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-1dbe96e1-54939aca.idx 4965 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-1dbe96e1-54939aca.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-327ee908-6e203923.idx 4965 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-327ee908-6e203923.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-3534da9e-5f06afb0.idx 4967 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-3534da9e-5f06afb0.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-3870a4c0-17c767bb.idx 4966 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-3870a4c0-17c767bb.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-42c71961-7324cd94.idx 4967 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1395679233.jar-7deb6d2e-73f3e88b.idx 4974 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1395679233.jar-7deb6d2e-73f3e88b.zip 35345 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1572176953.jar-6071154f-286d9ac8.idx 4968 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1572176953.jar-6071154f-286d9ac8.zip 35377 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1572176953.jar-7b1be4d-3b711eea.idx 4966 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1572176953.jar-7b1be4d-3b711eea.zip 35377 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader265378740.jar-63808055-478cc72a.idx 4967 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader265378740.jar-63808055-478cc72a.zip 35445 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader355144091.jar-334083f8-729024c8.idx 4973 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader355144091.jar-334083f8-729024c8.zip 35317 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-102c581e-24f67ae3.idx 4965 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-102c581e-24f67ae3.zip 35331 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader724275542.jar-1076e776-7f5536dd.idx 4966 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-3d67e675-31472b49.idx 7576 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-3d67e675-31472b49.zip 202533 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-4023b51c-5411b265.idx 7813 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-4023b51c-5411b265.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-42010f5f-6d4e7b2e.idx 7812 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-42010f5f-6d4e7b2e.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-421daa28-7e98e510.idx 7812 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-421daa28-7e98e510.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-4556300d-42e8a55e.idx 7575 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-4556300d-42e8a55e.zip 203007 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-48735899-6987e2e0.idx 7573 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-48735899-6987e2e0.zip 204565 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-4a369059-542e1ab3.idx 7578 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-4a369059-542e1ab3.zip 203422 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-4ac00032-2015fa28.idx 7570 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-4ac00032-2015fa28.zip 204231 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-4d1efdce-67a4b830.idx 7813 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-4d1efdce-67a4b830.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-1665235068.jar-528b319e-5033b82b.zip 187149 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-1955173850.jar-4874d64a-12406792.idx 8195 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-1955173850.jar-4874d64a-12406792.zip 187149 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-2107453803.jar-6581174b-4d58cf8b.idx 8195 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-2107453803.jar-6581174b-4d58cf8b.zip 187149 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-269502451.jar-3c389907-7b3ec472.idx 8193 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-269502451.jar-3c389907-7b3ec472.zip 187149 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-365955243.jar-59e32bee-79d681af.idx 8194 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-365955243.jar-59e32bee-79d681af.zip 187149 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-574581045.jar-c28b7ae-38ba6230.idx 8193 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-574581045.jar-c28b7ae-38ba6230.zip 187149 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-57921311.jar-140e2c2e-7513c24f.idx 8192 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-57921311.jar-140e2c2e-7513c24f.zip 187149 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-621486031.jar-26b4a3aa-1ad05825.idx 8193 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loginapplet-67b91c0b-621486031.jar-26b4a3aa-1ad05825.zip 187149 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1395679233.jar-6db75408-7365aa4c.zip 35345 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1395679233.jar-6e403a8c-78ac8b75.idx 4969 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1395679233.jar-6e403a8c-78ac8b75.zip 35345 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1395679233.jar-7062a8ea-43279e3b.idx 4971 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1395679233.jar-7062a8ea-43279e3b.zip 35345 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1395679233.jar-71e52d4-2265a0dc.idx 4970 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1395679233.jar-71e52d4-2265a0dc.zip 35345 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader1395679233.jar-783d64df-277ec4e1.idx 4973 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-124843e6-73277c0f.idx 7572 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-c74e636-590176cc.zip 202533 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-d4ecb9f-32d86703.idx 7812 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-d4ecb9f-32d86703.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-d667117-191b6550.idx 7571 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-d667117-191b6550.zip 204345 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-dd91aad-4504d852.idx 7572 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-dd91aad-4504d852.zip 204565 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-e612006-28ae8cee.idx 7813 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-e612006-28ae8cee.zip 209783 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-f318126-49cbb5c7.idx 7812 bytes
c:\documents and settings\Katey Turner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mapview.jar-f318126-49cbb5c7.zip 209783 bytes
.
scan completed successfully
hidden files: 258
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,83,9a,22,2f,ed,43,41,b9,04,91,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,83,9a,22,2f,ed,43,41,b9,04,91,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(8004)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\windows\ALCXMNTR.EXE
.
**************************************************************************
.
Completion time: 2011-12-22 23:15:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-23 07:15
.
Pre-Run: 104,320,401,408 bytes free
Post-Run: 104,457,961,472 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DC367847892B491A81CFC3DCE442614F

TDSS without checked boxes:

23:41:38.0750 5260 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27
23:41:39.0281 5260 ============================================================
23:41:39.0281 5260 Current date / time: 2011/12/22 23:41:39.0281
23:41:39.0281 5260 SystemInfo:
23:41:39.0281 5260
23:41:39.0281 5260 OS Version: 5.1.2600 ServicePack: 3.0
23:41:39.0281 5260 Product type: Workstation
23:41:39.0281 5260 ComputerName: KATEY
23:41:39.0281 5260 UserName: Katey Turner
23:41:39.0281 5260 Windows directory: C:\WINDOWS
23:41:39.0281 5260 System windows directory: C:\WINDOWS
23:41:39.0281 5260 Processor architecture: Intel x86
23:41:39.0281 5260 Number of processors: 1
23:41:39.0281 5260 Page size: 0x1000
23:41:39.0281 5260 Boot type: Normal boot
23:41:39.0281 5260 ============================================================
23:41:40.0140 5260 Initialize success
23:41:52.0812 7108 ============================================================
23:41:52.0812 7108 Scan started
23:41:52.0812 7108 Mode: Manual;
23:41:52.0812 7108 ============================================================
23:41:54.0390 7108 Abiosdsk - ok
23:41:54.0421 7108 abp480n5 - ok
23:41:54.0515 7108 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:41:54.0515 7108 ACPI - ok
23:41:54.0640 7108 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:41:54.0656 7108 ACPIEC - ok
23:41:54.0734 7108 adpu160m - ok
23:41:54.0828 7108 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:41:54.0828 7108 aec - ok
23:41:54.0906 7108 AegisP - ok
23:41:55.0031 7108 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:41:55.0031 7108 AFD - ok
23:41:55.0140 7108 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:41:55.0140 7108 agp440 - ok
23:41:55.0218 7108 Aha154x - ok
23:41:55.0265 7108 aic78u2 - ok
23:41:55.0312 7108 aic78xx - ok
23:41:55.0484 7108 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:41:55.0578 7108 ALCXWDM - ok
23:41:55.0687 7108 AliIde - ok
23:41:55.0765 7108 AmgHips (81ef334cda7a222ce88f41b7697b86f4) C:\WINDOWS\system32\Drivers\AmgHips.sys
23:41:55.0765 7108 AmgHips - ok
23:41:55.0859 7108 amsint - ok
23:41:55.0968 7108 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:41:55.0968 7108 Arp1394 - ok
23:41:56.0046 7108 asc - ok
23:41:56.0078 7108 asc3350p - ok
23:41:56.0125 7108 asc3550 - ok
23:41:56.0218 7108 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:41:56.0218 7108 AsyncMac - ok
23:41:56.0312 7108 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:41:56.0312 7108 atapi - ok
23:41:56.0359 7108 Atdisk - ok
23:41:56.0453 7108 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:41:56.0453 7108 Atmarpc - ok
23:41:56.0546 7108 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:41:56.0546 7108 audstub - ok
23:41:56.0625 7108 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:41:56.0625 7108 Beep - ok
23:41:56.0656 7108 catchme - ok
23:41:56.0734 7108 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:41:56.0734 7108 cbidf2k - ok
23:41:56.0859 7108 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:41:56.0859 7108 CCDECODE - ok
23:41:56.0937 7108 cd20xrnt - ok
23:41:57.0046 7108 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:41:57.0046 7108 Cdaudio - ok
23:41:57.0125 7108 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:41:57.0125 7108 Cdfs - ok
23:41:57.0250 7108 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:41:57.0250 7108 Cdrom - ok
23:41:57.0343 7108 Changer - ok
23:41:57.0421 7108 CmdIde - ok
23:41:57.0484 7108 Cpqarray - ok
23:41:57.0578 7108 ctlsb16 (e2b1aedb62845581d848037f0a614ee6) C:\WINDOWS\system32\drivers\ctlsb16.sys
23:41:57.0578 7108 ctlsb16 - ok
23:41:57.0671 7108 dac2w2k - ok
23:41:57.0703 7108 dac960nt - ok
23:41:57.0812 7108 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:41:57.0812 7108 Disk - ok
23:41:57.0968 7108 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:41:58.0031 7108 dmboot - ok
23:41:58.0140 7108 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:41:58.0156 7108 dmio - ok
23:41:58.0265 7108 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:41:58.0265 7108 dmload - ok
23:41:58.0359 7108 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:41:58.0359 7108 DMusic - ok
23:41:58.0468 7108 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
23:41:58.0468 7108 DNINDIS5 - ok
23:41:58.0562 7108 dpti2o - ok
23:41:58.0656 7108 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:41:58.0656 7108 drmkaud - ok
23:41:58.0796 7108 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:41:58.0812 7108 Fastfat - ok
23:41:58.0921 7108 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:41:58.0921 7108 Fdc - ok
23:41:59.0031 7108 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:41:59.0031 7108 Fips - ok
23:41:59.0140 7108 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:41:59.0140 7108 Flpydisk - ok
23:41:59.0234 7108 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:41:59.0234 7108 FltMgr - ok
23:41:59.0328 7108 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:41:59.0328 7108 Fs_Rec - ok
23:41:59.0390 7108 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:41:59.0390 7108 Ftdisk - ok
23:41:59.0500 7108 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
23:41:59.0500 7108 GEARAspiWDM - ok
23:41:59.0593 7108 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:41:59.0593 7108 Gpc - ok
23:41:59.0718 7108 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:41:59.0718 7108 HidUsb - ok
23:41:59.0812 7108 hpn - ok
23:41:59.0890 7108 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:41:59.0890 7108 HPZid412 - ok
23:41:59.0984 7108 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:41:59.0984 7108 HPZipr12 - ok
23:42:00.0093 7108 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:42:00.0093 7108 HPZius12 - ok
23:42:00.0218 7108 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:42:00.0234 7108 HTTP - ok
23:42:00.0312 7108 i2omgmt - ok
23:42:00.0359 7108 i2omp - ok
23:42:00.0437 7108 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:42:00.0437 7108 i8042prt - ok
23:42:00.0546 7108 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:42:00.0546 7108 Imapi - ok
23:42:00.0593 7108 ini910u - ok
23:42:00.0671 7108 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:42:00.0687 7108 IntelIde - ok
23:42:00.0765 7108 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:42:00.0765 7108 intelppm - ok
23:42:00.0843 7108 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:42:00.0843 7108 Ip6Fw - ok
23:42:00.0921 7108 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:42:00.0921 7108 IpFilterDriver - ok
23:42:01.0015 7108 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:42:01.0015 7108 IpInIp - ok
23:42:01.0062 7108 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:42:01.0078 7108 IpNat - ok
23:42:01.0171 7108 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:42:01.0187 7108 IPSec - ok
23:42:01.0312 7108 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:42:01.0312 7108 IRENUM - ok
23:42:01.0437 7108 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:42:01.0437 7108 isapnp - ok
23:42:01.0546 7108 ISODrive (c53dd6a48d45d61e84bf8a069416b139) C:\Program Files\UltraISO\drivers\ISODrive.sys
23:42:01.0546 7108 ISODrive - ok
23:42:01.0687 7108 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
23:42:01.0687 7108 JSWSCIMD - ok
23:42:01.0796 7108 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:42:01.0796 7108 Kbdclass - ok
23:42:01.0890 7108 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:42:01.0890 7108 kbdhid - ok
23:42:01.0968 7108 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:42:01.0984 7108 kmixer - ok
23:42:02.0093 7108 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:42:02.0093 7108 KSecDD - ok
23:42:02.0187 7108 lbrtfdc - ok
23:42:02.0328 7108 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
23:42:02.0390 7108 ltmodem5 - ok
23:42:02.0515 7108 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:42:02.0515 7108 mnmdd - ok
23:42:02.0656 7108 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:42:02.0656 7108 Modem - ok
23:42:02.0796 7108 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:42:02.0796 7108 Mouclass - ok
23:42:02.0921 7108 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:42:02.0921 7108 mouhid - ok
23:42:03.0046 7108 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:42:03.0062 7108 MountMgr - ok
23:42:03.0140 7108 mraid35x - ok
23:42:03.0218 7108 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:42:03.0218 7108 MRxDAV - ok
23:42:03.0359 7108 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:42:03.0375 7108 MRxSmb - ok
23:42:03.0515 7108 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:42:03.0515 7108 Msfs - ok
23:42:03.0640 7108 MSHUSBVideo (0a8f9c579c14a9364af84eb7106ceae5) C:\WINDOWS\system32\Drivers\nx6000.sys
23:42:03.0640 7108 MSHUSBVideo - ok
23:42:03.0718 7108 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:42:03.0718 7108 MSKSSRV - ok
23:42:03.0828 7108 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:42:03.0843 7108 MSPCLOCK - ok
23:42:03.0953 7108 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:42:03.0953 7108 MSPQM - ok
23:42:04.0031 7108 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:42:04.0046 7108 mssmbios - ok
23:42:04.0125 7108 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:42:04.0125 7108 MSTEE - ok
23:42:04.0218 7108 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:42:04.0218 7108 Mup - ok
23:42:04.0312 7108 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:42:04.0312 7108 NABTSFEC - ok
23:42:04.0421 7108 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:42:04.0437 7108 NDIS - ok
23:42:04.0546 7108 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:42:04.0546 7108 NdisIP - ok
23:42:04.0656 7108 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:42:04.0656 7108 NdisTapi - ok
23:42:04.0734 7108 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:42:04.0734 7108 Ndisuio - ok
23:42:04.0859 7108 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:42:04.0859 7108 NdisWan - ok
23:42:04.0953 7108 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:42:04.0953 7108 NDProxy - ok
23:42:05.0062 7108 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:42:05.0062 7108 NetBIOS - ok
23:42:05.0171 7108 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:42:05.0171 7108 NetBT - ok
23:42:05.0296 7108 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:42:05.0296 7108 NIC1394 - ok
23:42:05.0421 7108 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:42:05.0421 7108 Npfs - ok
23:42:05.0437 7108 npkcrypt - ok
23:42:05.0593 7108 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:42:05.0625 7108 Ntfs - ok
23:42:05.0750 7108 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:42:05.0750 7108 Null - ok
23:42:05.0937 7108 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:42:06.0031 7108 nv - ok
23:42:06.0140 7108 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:42:06.0140 7108 NwlnkFlt - ok
23:42:06.0250 7108 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:42:06.0250 7108 NwlnkFwd - ok
23:42:06.0343 7108 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:42:06.0343 7108 ohci1394 - ok
23:42:06.0468 7108 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:42:06.0468 7108 Parport - ok
23:42:06.0546 7108 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:42:06.0546 7108 PartMgr - ok
23:42:06.0640 7108 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:42:06.0640 7108 ParVdm - ok
23:42:06.0718 7108 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:42:06.0718 7108 PCI - ok
23:42:06.0812 7108 PCIDump - ok
23:42:06.0890 7108 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
23:42:06.0890 7108 PCIIde - ok
23:42:07.0031 7108 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:42:07.0031 7108 Pcmcia - ok
23:42:07.0109 7108 PDCOMP - ok
23:42:07.0171 7108 PDFRAME - ok
23:42:07.0218 7108 PDRELI - ok
23:42:07.0250 7108 PDRFRAME - ok
23:42:07.0312 7108 perc2 - ok
23:42:07.0359 7108 perc2hib - ok
23:42:07.0484 7108 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:42:07.0484 7108 PptpMiniport - ok
23:42:07.0609 7108 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:42:07.0625 7108 PSched - ok
23:42:07.0734 7108 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:42:07.0734 7108 Ptilink - ok
23:42:07.0796 7108 ql1080 - ok
23:42:07.0843 7108 Ql10wnt - ok
23:42:07.0890 7108 ql12160 - ok
23:42:07.0968 7108 ql1240 - ok
23:42:08.0046 7108 ql1280 - ok
23:42:08.0093 7108 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:42:08.0093 7108 RasAcd - ok
23:42:08.0203 7108 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:42:08.0203 7108 Rasl2tp - ok
23:42:08.0312 7108 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:42:08.0312 7108 RasPppoe - ok
23:42:08.0390 7108 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:42:08.0390 7108 Raspti - ok
23:42:08.0484 7108 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:42:08.0484 7108 Rdbss - ok
23:42:08.0562 7108 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:42:08.0562 7108 RDPCDD - ok
23:42:08.0656 7108 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:42:08.0656 7108 rdpdr - ok
23:42:08.0781 7108 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:42:08.0781 7108 RDPWD - ok
23:42:08.0906 7108 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:42:08.0906 7108 redbook - ok
23:42:08.0984 7108 RimUsb - ok
23:42:09.0046 7108 RimVSerPort (32d6ab810537ce38cbffe04ed9f6709a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
23:42:09.0046 7108 RimVSerPort - ok
23:42:09.0140 7108 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
23:42:09.0140 7108 ROOTMODEM - ok
23:42:09.0281 7108 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
23:42:09.0296 7108 RT73 - ok
23:42:09.0406 7108 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:42:09.0406 7108 rtl8139 - ok
23:42:09.0500 7108 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:42:09.0500 7108 Secdrv - ok
23:42:09.0609 7108 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:42:09.0609 7108 serenum - ok
23:42:09.0687 7108 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:42:09.0687 7108 Serial - ok
23:42:09.0796 7108 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:42:09.0796 7108 Sfloppy - ok
23:42:09.0890 7108 Simbad - ok
23:42:10.0000 7108 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:42:10.0000 7108 SLIP - ok
23:42:10.0078 7108 Sparrow - ok
23:42:10.0156 7108 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:42:10.0156 7108 splitter - ok
23:42:10.0281 7108 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:42:10.0281 7108 sr - ok
23:42:10.0406 7108 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:42:10.0421 7108 Srv - ok
23:42:10.0515 7108 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:42:10.0515 7108 streamip - ok
23:42:10.0609 7108 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:42:10.0609 7108 swenum - ok
23:42:10.0718 7108 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:42:10.0718 7108 swmidi - ok
23:42:10.0796 7108 symc810 - ok
23:42:10.0828 7108 symc8xx - ok
23:42:10.0875 7108 sym_hi - ok
23:42:10.0921 7108 sym_u3 - ok
23:42:11.0000 7108 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:42:11.0000 7108 sysaudio - ok
23:42:11.0125 7108 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:42:11.0140 7108 Tcpip - ok
23:42:11.0250 7108 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
23:42:11.0250 7108 Tcpip6 - ok
23:42:11.0328 7108 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:42:11.0328 7108 TDPIPE - ok
23:42:11.0406 7108 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:42:11.0406 7108 TDTCP - ok
23:42:11.0531 7108 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:42:11.0531 7108 TermDD - ok
23:42:11.0593 7108 TosIde - ok
23:42:11.0687 7108 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:42:11.0687 7108 tunmp - ok
23:42:11.0812 7108 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:42:11.0812 7108 Udfs - ok
23:42:11.0875 7108 ultra - ok
23:42:11.0968 7108 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:42:11.0984 7108 Update - ok
23:42:12.0093 7108 USBAAPL - ok
23:42:12.0171 7108 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:42:12.0187 7108 usbaudio - ok
23:42:12.0296 7108 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:42:12.0296 7108 usbccgp - ok
23:42:12.0375 7108 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:42:12.0390 7108 usbehci - ok
23:42:12.0453 7108 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:42:12.0468 7108 usbhub - ok
23:42:12.0531 7108 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:42:12.0531 7108 usbprint - ok
23:42:12.0640 7108 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:42:12.0640 7108 usbscan - ok
23:42:12.0718 7108 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:42:12.0718 7108 usbstor - ok
23:42:12.0812 7108 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:42:12.0812 7108 usbuhci - ok
23:42:12.0890 7108 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:42:12.0890 7108 usbvideo - ok
23:42:13.0031 7108 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:42:13.0031 7108 VgaSave - ok
23:42:13.0109 7108 ViaIde - ok
23:42:13.0203 7108 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:42:13.0203 7108 VolSnap - ok
23:42:13.0421 7108 VX1000 (d22c6b9c2f840d403fd387ad207a4b16) C:\WINDOWS\system32\DRIVERS\VX1000.sys
23:42:13.0515 7108 VX1000 - ok
23:42:13.0640 7108 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:42:13.0640 7108 Wanarp - ok
23:42:13.0734 7108 WDICA - ok
23:42:13.0828 7108 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:42:13.0828 7108 wdmaud - ok
23:42:14.0015 7108 WN111v2 (966860e5ea3591aa471ec9ced49dc8d2) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
23:42:14.0046 7108 WN111v2 - ok
23:42:14.0156 7108 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:42:14.0156 7108 WpdUsb - ok
23:42:14.0281 7108 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
23:42:14.0281 7108 WSIMD - ok
23:42:14.0359 7108 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:42:14.0359 7108 WSTCODEC - ok
23:42:14.0500 7108 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:42:14.0500 7108 WudfPf - ok
23:42:14.0609 7108 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:42:14.0609 7108 WudfRd - ok
23:42:14.0687 7108 XDva190 - ok
23:42:14.0734 7108 XDva201 - ok
23:42:14.0781 7108 XDva212 - ok
23:42:14.0828 7108 XDva215 - ok
23:42:14.0890 7108 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:42:15.0015 7108 \Device\Harddisk0\DR0 - ok
23:42:15.0046 7108 Boot (0x1200) (9e6d9797d02e8ca9110799c521094c5b) \Device\Harddisk0\DR0\Partition0
23:42:15.0046 7108 \Device\Harddisk0\DR0\Partition0 - ok
23:42:15.0046 7108 ============================================================
23:42:15.0046 7108 Scan finished
23:42:15.0046 7108 ============================================================
23:42:15.0078 7520 Detected object count: 0
23:42:15.0078 7520 Actual detected object count: 0
23:42:19.0593 4704 Deinitialize success

TDSS with checked boxes:

23:44:29.0250 2924 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27
23:44:29.0734 2924 ============================================================
23:44:29.0734 2924 Current date / time: 2011/12/22 23:44:29.0734
23:44:29.0734 2924 SystemInfo:
23:44:29.0734 2924
23:44:29.0734 2924 OS Version: 5.1.2600 ServicePack: 3.0
23:44:29.0734 2924 Product type: Workstation
23:44:29.0734 2924 ComputerName: KATEY
23:44:29.0734 2924 UserName: Katey Turner
23:44:29.0734 2924 Windows directory: C:\WINDOWS
23:44:29.0734 2924 System windows directory: C:\WINDOWS
23:44:29.0734 2924 Processor architecture: Intel x86
23:44:29.0734 2924 Number of processors: 1
23:44:29.0734 2924 Page size: 0x1000
23:44:29.0734 2924 Boot type: Normal boot
23:44:29.0734 2924 ============================================================
23:44:30.0609 2924 Initialize success
23:44:39.0781 5636 ============================================================
23:44:39.0781 5636 Scan started
23:44:39.0781 5636 Mode: Manual; SigCheck; TDLFS;
23:44:39.0781 5636 ============================================================
23:44:40.0234 5636 Abiosdsk - ok
23:44:40.0296 5636 abp480n5 - ok
23:44:40.0375 5636 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:44:42.0000 5636 ACPI - ok
23:44:42.0109 5636 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:44:42.0281 5636 ACPIEC - ok
23:44:42.0375 5636 adpu160m - ok
23:44:42.0468 5636 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:44:42.0687 5636 aec - ok
23:44:42.0750 5636 AegisP - ok
23:44:42.0843 5636 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:44:42.0921 5636 AFD - ok
23:44:43.0031 5636 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:44:43.0218 5636 agp440 - ok
23:44:43.0265 5636 Aha154x - ok
23:44:43.0312 5636 aic78u2 - ok
23:44:43.0359 5636 aic78xx - ok
23:44:43.0515 5636 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:44:43.0718 5636 ALCXWDM - ok
23:44:43.0812 5636 AliIde - ok
23:44:43.0921 5636 AmgHips (81ef334cda7a222ce88f41b7697b86f4) C:\WINDOWS\system32\Drivers\AmgHips.sys
23:44:44.0250 5636 AmgHips - ok
23:44:44.0312 5636 amsint - ok
23:44:44.0406 5636 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:44:44.0609 5636 Arp1394 - ok
23:44:44.0687 5636 asc - ok
23:44:44.0734 5636 asc3350p - ok
23:44:44.0781 5636 asc3550 - ok
23:44:44.0875 5636 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:44:45.0078 5636 AsyncMac - ok
23:44:45.0187 5636 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:44:45.0390 5636 atapi - ok
23:44:45.0453 5636 Atdisk - ok
23:44:45.0562 5636 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:44:45.0765 5636 Atmarpc - ok
23:44:45.0875 5636 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:44:46.0078 5636 audstub - ok
23:44:46.0187 5636 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:44:46.0437 5636 Beep - ok
23:44:46.0453 5636 catchme - ok
23:44:46.0546 5636 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:44:46.0750 5636 cbidf2k - ok
23:44:46.0843 5636 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:44:47.0046 5636 CCDECODE - ok
23:44:47.0125 5636 cd20xrnt - ok
23:44:47.0203 5636 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:44:47.0406 5636 Cdaudio - ok
23:44:47.0484 5636 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:44:47.0687 5636 Cdfs - ok
23:44:47.0796 5636 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:44:48.0015 5636 Cdrom - ok
23:44:48.0078 5636 Changer - ok
23:44:48.0140 5636 CmdIde - ok
23:44:48.0203 5636 Cpqarray - ok
23:44:48.0312 5636 ctlsb16 (e2b1aedb62845581d848037f0a614ee6) C:\WINDOWS\system32\drivers\ctlsb16.sys
23:44:48.0515 5636 ctlsb16 - ok
23:44:48.0578 5636 dac2w2k - ok
23:44:48.0625 5636 dac960nt - ok
23:44:48.0718 5636 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:48.0921 5636 Disk - ok
23:44:49.0093 5636 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:44:49.0343 5636 dmboot - ok
23:44:49.0437 5636 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:44:49.0671 5636 dmio - ok
23:44:49.0765 5636 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:44:49.0968 5636 dmload - ok
23:44:50.0078 5636 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:44:50.0296 5636 DMusic - ok
23:44:50.0406 5636 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
23:44:50.0421 5636 DNINDIS5 ( UnsignedFile.Multi.Generic ) - warning
23:44:50.0421 5636 DNINDIS5 - detected UnsignedFile.Multi.Generic (1)
23:44:50.0515 5636 dpti2o - ok
23:44:50.0609 5636 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:44:50.0812 5636 drmkaud - ok
23:44:50.0953 5636 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:44:51.0156 5636 Fastfat - ok
23:44:51.0281 5636 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:44:51.0484 5636 Fdc - ok
23:44:51.0578 5636 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:44:51.0796 5636 Fips - ok
23:44:51.0906 5636 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:44:52.0109 5636 Flpydisk - ok
23:44:52.0218 5636 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:44:52.0437 5636 FltMgr - ok
23:44:52.0578 5636 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:44:52.0781 5636 Fs_Rec - ok
23:44:52.0906 5636 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:44:53.0109 5636 Ftdisk - ok
23:44:53.0218 5636 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
23:44:53.0234 5636 GEARAspiWDM - ok
23:44:53.0296 5636 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:44:53.0500 5636 Gpc - ok
23:44:53.0625 5636 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:44:53.0812 5636 HidUsb - ok
23:44:53.0906 5636 hpn - ok
23:44:54.0000 5636 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:44:54.0093 5636 HPZid412 - ok
23:44:54.0187 5636 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:44:54.0265 5636 HPZipr12 - ok
23:44:54.0375 5636 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:44:54.0437 5636 HPZius12 - ok
23:44:54.0562 5636 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:44:54.0671 5636 HTTP - ok
23:44:54.0750 5636 i2omgmt - ok
23:44:54.0812 5636 i2omp - ok
23:44:54.0890 5636 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:44:55.0093 5636 i8042prt - ok
23:44:55.0203 5636 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:44:55.0406 5636 Imapi - ok
23:44:55.0500 5636 ini910u - ok
23:44:55.0609 5636 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:44:55.0812 5636 IntelIde - ok
23:44:55.0921 5636 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:44:56.0125 5636 intelppm - ok
23:44:56.0234 5636 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:44:56.0421 5636 Ip6Fw - ok
23:44:56.0531 5636 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:44:56.0750 5636 IpFilterDriver - ok
23:44:56.0843 5636 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:44:57.0031 5636 IpInIp - ok
23:44:57.0156 5636 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:44:57.0359 5636 IpNat - ok
23:44:57.0484 5636 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:44:57.0687 5636 IPSec - ok
23:44:57.0796 5636 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:44:57.0890 5636 IRENUM - ok
23:44:58.0015 5636 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:44:58.0203 5636 isapnp - ok
23:44:58.0281 5636 ISODrive (c53dd6a48d45d61e84bf8a069416b139) C:\Program Files\UltraISO\drivers\ISODrive.sys
23:44:58.0296 5636 ISODrive ( UnsignedFile.Multi.Generic ) - warning
23:44:58.0296 5636 ISODrive - detected UnsignedFile.Multi.Generic (1)
23:44:58.0421 5636 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
23:44:58.0468 5636 JSWSCIMD - ok
23:44:58.0578 5636 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:44:58.0765 5636 Kbdclass - ok
23:44:58.0890 5636 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:44:59.0078 5636 kbdhid - ok
23:44:59.0203 5636 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:44:59.0390 5636 kmixer - ok
23:44:59.0515 5636 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:44:59.0609 5636 KSecDD - ok
23:44:59.0703 5636 lbrtfdc - ok
23:44:59.0828 5636 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
23:45:00.0093 5636 ltmodem5 - ok
23:45:00.0218 5636 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:45:00.0406 5636 mnmdd - ok
23:45:00.0546 5636 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:45:00.0750 5636 Modem - ok
23:45:00.0859 5636 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:45:01.0046 5636 Mouclass - ok
23:45:01.0156 5636 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:45:01.0359 5636 mouhid - ok
23:45:01.0468 5636 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:45:01.0671 5636 MountMgr - ok
23:45:01.0750 5636 mraid35x - ok
23:45:01.0843 5636 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:45:02.0031 5636 MRxDAV - ok
23:45:02.0171 5636 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:45:02.0234 5636 MRxSmb - ok
23:45:02.0359 5636 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:45:02.0546 5636 Msfs - ok
23:45:02.0656 5636 MSHUSBVideo (0a8f9c579c14a9364af84eb7106ceae5) C:\WINDOWS\system32\Drivers\nx6000.sys
23:45:02.0671 5636 MSHUSBVideo - ok
23:45:02.0781 5636 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:45:02.0968 5636 MSKSSRV - ok
23:45:03.0078 5636 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:45:03.0281 5636 MSPCLOCK - ok
23:45:03.0375 5636 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:45:03.0562 5636 MSPQM - ok
23:45:03.0671 5636 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:45:03.0859 5636 mssmbios - ok
23:45:03.0984 5636 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:45:04.0171 5636 MSTEE - ok
23:45:04.0296 5636 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:45:04.0343 5636 Mup - ok
23:45:04.0453 5636 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:45:04.0671 5636 NABTSFEC - ok
23:45:04.0796 5636 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:45:05.0015 5636 NDIS - ok
23:45:05.0125 5636 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:45:05.0296 5636 NdisIP - ok
23:45:05.0421 5636 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:45:05.0484 5636 NdisTapi - ok
23:45:05.0578 5636 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:45:05.0765 5636 Ndisuio - ok
23:45:05.0859 5636 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:45:06.0062 5636 NdisWan - ok
23:45:06.0187 5636 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:45:06.0265 5636 NDProxy - ok
23:45:06.0375 5636 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:45:06.0562 5636 NetBIOS - ok
23:45:06.0671 5636 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:45:06.0859 5636 NetBT - ok
23:45:07.0000 5636 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:45:07.0187 5636 NIC1394 - ok
23:45:07.0296 5636 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:45:07.0500 5636 Npfs - ok
23:45:07.0515 5636 npkcrypt - ok
23:45:07.0640 5636 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:45:07.0875 5636 Ntfs - ok
23:45:08.0000 5636 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:45:08.0171 5636 Null - ok
23:45:08.0359 5636 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:45:08.0656 5636 nv - ok
23:45:08.0734 5636 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:45:08.0937 5636 NwlnkFlt - ok
23:45:09.0000 5636 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:45:09.0187 5636 NwlnkFwd - ok
23:45:09.0296 5636 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:45:09.0484 5636 ohci1394 - ok
23:45:09.0609 5636 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:45:09.0781 5636 Parport - ok
23:45:09.0890 5636 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:45:10.0078 5636 PartMgr - ok
23:45:10.0203 5636 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:45:10.0390 5636 ParVdm - ok
23:45:10.0500 5636 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:45:10.0687 5636 PCI - ok
23:45:10.0781 5636 PCIDump - ok
23:45:10.0859 5636 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
23:45:11.0062 5636 PCIIde - ok
23:45:11.0171 5636 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:45:11.0375 5636 Pcmcia - ok
23:45:11.0453 5636 PDCOMP - ok
23:45:11.0531 5636 PDFRAME - ok
23:45:11.0593 5636 PDRELI - ok
23:45:11.0640 5636 PDRFRAME - ok
23:45:11.0687 5636 perc2 - ok
23:45:11.0734 5636 perc2hib - ok
23:45:11.0875 5636 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:45:12.0078 5636 PptpMiniport - ok
23:45:12.0203 5636 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:45:12.0390 5636 PSched - ok
23:45:12.0515 5636 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:45:12.0703 5636 Ptilink - ok
23:45:12.0781 5636 ql1080 - ok
23:45:12.0828 5636 Ql10wnt - ok
23:45:12.0875 5636 ql12160 - ok
23:45:12.0921 5636 ql1240 - ok
23:45:12.0968 5636 ql1280 - ok
23:45:13.0046 5636 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:45:13.0234 5636 RasAcd - ok
23:45:13.0359 5636 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:45:13.0546 5636 Rasl2tp - ok
23:45:13.0656 5636 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:45:13.0843 5636 RasPppoe - ok
23:45:13.0921 5636 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:45:14.0093 5636 Raspti - ok
23:45:14.0187 5636 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:45:14.0375 5636 Rdbss - ok
23:45:14.0500 5636 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:45:14.0671 5636 RDPCDD - ok
23:45:14.0765 5636 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:45:14.0953 5636 rdpdr - ok
23:45:15.0078 5636 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:45:15.0109 5636 RDPWD - ok
23:45:15.0203 5636 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:45:15.0390 5636 redbook - ok
23:45:15.0468 5636 RimUsb - ok
23:45:15.0562 5636 RimVSerPort (32d6ab810537ce38cbffe04ed9f6709a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
23:45:15.0625 5636 RimVSerPort - ok
23:45:15.0734 5636 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
23:45:15.0921 5636 ROOTMODEM - ok
23:45:16.0046 5636 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
23:45:16.0078 5636 RT73 ( UnsignedFile.Multi.Generic ) - warning
23:45:16.0078 5636 RT73 - detected UnsignedFile.Multi.Generic (1)
23:45:16.0187 5636 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:45:16.0375 5636 rtl8139 - ok
23:45:16.0515 5636 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:45:16.0609 5636 Secdrv - ok
23:45:16.0718 5636 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:45:16.0906 5636 serenum - ok
23:45:17.0015 5636 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:45:17.0218 5636 Serial - ok
23:45:17.0343 5636 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:45:17.0531 5636 Sfloppy - ok
23:45:17.0609 5636 Simbad - ok
23:45:17.0671 5636 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:45:17.0843 5636 SLIP - ok
23:45:17.0937 5636 Sparrow - ok
23:45:18.0031 5636 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:45:18.0218 5636 splitter - ok
23:45:18.0328 5636 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:45:18.0406 5636 sr - ok
23:45:18.0531 5636 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:45:18.0609 5636 Srv - ok
23:45:18.0718 5636 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:45:18.0921 5636 streamip - ok
23:45:19.0031 5636 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:45:19.0218 5636 swenum - ok
23:45:19.0312 5636 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:45:19.0500 5636 swmidi - ok
23:45:19.0578 5636 symc810 - ok
23:45:19.0640 5636 symc8xx - ok
23:45:19.0687 5636 sym_hi - ok
23:45:19.0734 5636 sym_u3 - ok
23:45:19.0812 5636 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:45:19.0984 5636 sysaudio - ok
23:45:20.0140 5636 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:45:20.0218 5636 Tcpip - ok
23:45:20.0359 5636 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
23:45:20.0421 5636 Tcpip6 - ok
23:45:20.0515 5636 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:45:20.0703 5636 TDPIPE - ok
23:45:20.0796 5636 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:45:21.0000 5636 TDTCP - ok
23:45:21.0109 5636 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:45:21.0281 5636 TermDD - ok
23:45:21.0375 5636 TosIde - ok
23:45:21.0468 5636 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:45:21.0671 5636 tunmp - ok
23:45:21.0781 5636 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:45:21.0968 5636 Udfs - ok
23:45:22.0062 5636 ultra - ok
23:45:22.0156 5636 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:45:22.0343 5636 Update - ok
23:45:22.0421 5636 USBAAPL - ok
23:45:22.0562 5636 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:45:22.0750 5636 usbaudio - ok
23:45:22.0843 5636 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:45:23.0031 5636 usbccgp - ok
23:45:23.0125 5636 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:45:23.0312 5636 usbehci - ok
23:45:23.0421 5636 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:45:23.0609 5636 usbhub - ok
23:45:23.0687 5636 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:45:23.0890 5636 usbprint - ok
23:45:24.0000 5636 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:45:24.0187 5636 usbscan - ok
23:45:24.0296 5636 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:45:24.0484 5636 usbstor - ok
23:45:24.0593 5636 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:45:24.0765 5636 usbuhci - ok
23:45:24.0859 5636 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:45:25.0062 5636 usbvideo - ok
23:45:25.0187 5636 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:45:25.0359 5636 VgaSave - ok
23:45:25.0437 5636 ViaIde - ok
23:45:25.0546 5636 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:45:25.0734 5636 VolSnap - ok
23:45:25.0953 5636 VX1000 (d22c6b9c2f840d403fd387ad207a4b16) C:\WINDOWS\system32\DRIVERS\VX1000.sys
23:45:26.0062 5636 VX1000 - ok
23:45:26.0187 5636 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:45:26.0375 5636 Wanarp - ok
23:45:26.0453 5636 WDICA - ok
23:45:26.0578 5636 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:45:26.0765 5636 wdmaud - ok
23:45:26.0953 5636 WN111v2 (966860e5ea3591aa471ec9ced49dc8d2) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
23:45:27.0046 5636 WN111v2 - ok
23:45:27.0156 5636 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:45:27.0234 5636 WpdUsb - ok
23:45:27.0359 5636 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
23:45:27.0359 5636 WSIMD ( UnsignedFile.Multi.Generic ) - warning
23:45:27.0359 5636 WSIMD - detected UnsignedFile.Multi.Generic (1)
23:45:27.0484 5636 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:45:27.0687 5636 WSTCODEC - ok
23:45:27.0781 5636 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:45:27.0859 5636 WudfPf - ok
23:45:28.0000 5636 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:45:28.0031 5636 WudfRd - ok
23:45:28.0093 5636 XDva190 - ok
23:45:28.0171 5636 XDva201 - ok
23:45:28.0218 5636 XDva212 - ok
23:45:28.0265 5636 XDva215 - ok
23:45:28.0328 5636 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:45:28.0578 5636 \Device\Harddisk0\DR0 - ok
23:45:28.0609 5636 Boot (0x1200) (9e6d9797d02e8ca9110799c521094c5b) \Device\Harddisk0\DR0\Partition0
23:45:28.0609 5636 \Device\Harddisk0\DR0\Partition0 - ok
23:45:28.0625 5636 ============================================================
23:45:28.0625 5636 Scan finished
23:45:28.0625 5636 ============================================================
23:45:28.0765 5376 Detected object count: 4
23:45:28.0765 5376 Actual detected object count: 4
23:45:37.0281 5376 DNINDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:37.0281 5376 DNINDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:45:37.0296 5376 ISODrive ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:37.0296 5376 ISODrive ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:45:37.0296 5376 RT73 ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:37.0296 5376 RT73 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:45:37.0296 5376 WSIMD ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:37.0296 5376 WSIMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:45:39.0890 2660 Deinitialize success

aswMBR log:

aswMBR version 0.9.9.1116 Copyright© 2011 AVAST Software
Run date: 2011-12-22 23:22:16
-----------------------------
23:22:16.296 OS Version: Windows 5.1.2600 Service Pack 3
23:22:16.296 Number of processors: 1 586 0x207
23:22:16.296 ComputerName: KATEY UserName:
23:22:17.140 Initialize success
23:27:35.218 AVAST engine defs: 11122201
23:28:40.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:28:40.000 Disk 0 Vendor: ST3120023A 3.31 Size: 114473MB BusType: 3
23:28:42.031 Disk 0 MBR read successfully
23:28:42.031 Disk 0 MBR scan
23:28:42.109 Disk 0 Windows XP default MBR code
23:28:42.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
23:28:42.125 Disk 0 scanning sectors +234420480
23:28:42.281 Disk 0 scanning C:\WINDOWS\system32\drivers
23:28:56.609 Service scanning
23:28:57.875 Modules scanning
23:29:09.296 AVAST engine scan C:\WINDOWS
23:29:18.984 AVAST engine scan C:\WINDOWS\system32
23:31:55.125 AVAST engine scan C:\WINDOWS\system32\drivers
23:32:20.609 AVAST engine scan C:\Documents and Settings\Katey Turner
23:37:37.703 AVAST engine scan C:\Documents and Settings\All Users
23:38:08.093 Scan finished successfully
23:38:29.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Katey Turner\Desktop\MBR.dat"
23:38:29.000 The log file has been saved successfully to "C:\Documents and Settings\Katey Turner\Desktop\aswMBR.txt"


Malwarebytes log:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122304

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/22/2011 11:58:10 PM
mbam-log-2011-12-22 (23-58-10).txt

Scan type: Quick scan
Objects scanned: 172915
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

P.S. ^^^^so exciting!!! :)

OTL LOG:

OTL logfile created on: 12/23/2011 12:05:44 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Katey Turner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 185.19 Mb Available Physical Memory | 36.21% Memory free
1.22 Gb Paging File | 0.82 Gb Available in Paging File | 67.51% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 97.19 Gb Free Space | 86.95% Space Free | Partition Type: NTFS

Computer Name: KATEY | User Name: Katey Turner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/23 00:05:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katey Turner\My Documents\Downloads\OTL.exe
PRC - [2011/11/04 22:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/27 15:59:08 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/11/04 09:20:04 | 001,507,431 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
PRC - [2008/06/27 15:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/27 17:12:31 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/04 22:53:18 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (necusb)
SRV - [2010/08/27 15:59:08 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/06/27 15:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 10:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/11/14 22:31:31 | 000,025,248 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\AmgHips.sys -- (AmgHips)
DRV - [2010/08/27 15:59:08 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/03/12 17:41:16 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/01/14 01:23:00 | 000,458,752 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/10/01 15:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/03/31 15:12:16 | 000,073,728 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007/12/14 03:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2005/11/24 18:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 14:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/07/24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/17 11:19:20 | 000,096,256 | ---- | M] (Copyright © Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Katey Turner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 22:48:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/26 01:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Katey Turner\Application Data\Mozilla\Extensions
[2009/04/12 00:34:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Katey Turner\Application Data\Mozilla\Extensions\[email protected]
[2011/11/16 22:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/22 23:07:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload....GPlugin9USA.cab (HGPlugin9USA Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.game...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{216F7BDE-2D23-46A7-A67D-19BB898A6E3F}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Katey Turner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Katey Turner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/30 20:23:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 23:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/22 23:50:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/22 23:26:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/22 23:15:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/22 22:44:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/22 22:41:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/22 22:41:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/22 22:41:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/22 22:41:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/22 22:40:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/22 22:40:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/19 01:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katey Turner\My Documents\logs
[2011/12/19 00:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katey Turner\Application Data\Malwarebytes
[2011/12/19 00:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/19 00:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/01 17:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/22 23:50:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/22 23:38:29 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Katey Turner\Desktop\MBR.dat
[2011/12/22 23:25:10 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\Katey Turner\Desktop\Shortcut to aswMBR.exe.lnk
[2011/12/22 23:07:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/22 23:07:25 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/22 23:07:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/22 23:06:47 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/22 22:44:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/22 22:39:14 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Katey Turner\Desktop\Shortcut to tdsskiller.exe.lnk
[2011/12/22 22:39:07 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Katey Turner\Desktop\Shortcut to ComboFix.exe.lnk
[2011/12/22 00:08:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/15 09:47:04 | 000,230,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/11 14:44:25 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\Katey Turner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/29 00:08:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/22 23:50:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/22 23:38:29 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Katey Turner\Desktop\MBR.dat
[2011/12/22 23:25:10 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Katey Turner\Desktop\Shortcut to aswMBR.exe.lnk
[2011/12/22 22:44:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/22 22:44:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/22 22:41:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/22 22:41:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/22 22:41:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/22 22:41:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/22 22:41:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/22 22:39:14 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Katey Turner\Desktop\Shortcut to tdsskiller.exe.lnk
[2011/12/22 22:39:06 | 000,000,681 | ---- | C] () -- C:\Documents and Settings\Katey Turner\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/16 22:18:51 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\567E2CV3.exe_.b
[2011/11/16 22:18:51 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\567E2CV3.exe.b
[2011/11/15 11:23:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3kJr8R0ej.dat
[2011/11/14 22:31:31 | 000,025,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\AmgHips.sys
[2011/11/14 12:01:14 | 000,100,926 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/11/14 12:01:14 | 000,000,196 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/11/13 10:36:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/24 10:53:42 | 000,288,608 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/29 02:40:50 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/05 11:36:30 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/30 00:25:36 | 000,000,030 | -HS- | C] () -- C:\WINDOWS\System32\mutikuwi.dll
[2008/12/15 12:41:56 | 000,038,443 | -H-- | C] () -- C:\WINDOWS\hpothb07.dat
[2008/12/04 10:00:12 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Katey Turner\Application Data\WavCodec.wff
[2008/06/27 15:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2007/09/28 20:40:20 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/07/18 07:06:29 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\NCTAudioCDRipper2.dll
[2007/06/24 20:26:11 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/12 15:03:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/06/04 19:58:08 | 000,000,387 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/06/04 18:03:47 | 000,000,469 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/04/22 22:21:24 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/04/22 22:21:24 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/19 20:29:12 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Katey Turner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/21 18:52:52 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/01/13 17:05:31 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/01/01 18:56:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/01 18:55:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/30 20:46:08 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2006/12/30 20:46:08 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2006/12/30 20:36:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/30 20:28:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/12/30 20:18:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/12/30 10:42:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/30 10:40:38 | 000,230,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/28 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 04:00:00 | 000,433,098 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 04:00:00 | 000,067,862 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 04:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/28 04:00:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wmp.dll
[2004/04/18 15:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 15:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/11/10 14:18:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2008/03/30 03:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/04/17 18:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2007/02/05 21:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/07/04 10:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/05 01:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/08/01 01:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/03/03 18:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2011/09/27 21:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katey Turner\Application Data\.minecraft
[2011/11/14 21:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katey Turner\Application Data\702CB
[2009/07/03 12:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katey Turner\Application Data\Deckadance
[2009/04/12 07:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katey Turner\Application Data\Image Zone Express
[2007/05/07 21:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katey Turner\Application Data\InterTrust
[2010/06/01 23:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katey Turner\Application Data\MSNInstaller
[2009/07/04 10:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katey Turner\Application Data\NCH Swift Sound
[2008/10/05 08:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katey Turner\Application Data\Nexon
[2008/12/15 12:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katey Turner\Application Data\Printer Info Cache
[2009/03/07 21:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katey Turner\Application Data\RegClean
[2011/05/01 16:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katey Turner\Application Data\Systweak
[2007/12/13 16:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katey Turner\Application Data\Uniblue
[2010/10/23 11:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katey Turner\Application Data\Unity
[2007/06/13 20:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katey Turner\Application Data\Viewpoint

========== Purity Check ==========



< End of report >

WOW I dont know if I'm in the clear but I can already tell the difference :)

Thank you x 100000000 Ron.

Attached Thumbnails

  • screenshot.JPG

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2011/11/16 22:18:51 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\567E2CV3.exe_.b
[2011/11/16 22:18:51 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\567E2CV3.exe.b
[2011/11/15 11:23:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3kJr8R0ej.dat
[2008/12/30 00:25:36 | 000,000,030 | -HS- | C] () -- C:\WINDOWS\System32\mutikuwi.dll

:Commands
[RESETHOSTS]
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\XDva215.sys

Driver::
necusb
XDva190
XDva201
XDva212
XDva215

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"necusb3"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.
Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix. It should not need to reboot this time.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. (Hours!)
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Ron

PS Going to bed now. Way past my bedtime.
  • 0

#5
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thanks so much for your help Ron.

Im currently working on getting these logs but I've encountered some trouble along the way..been at this since 7pm.
As I was running the combofix my kid closed it out >:[ I had to reboot and start over and at that point I lost connection to the internet, something with my adapter was wrong. But I went ahead and ran combofix with the CSRscript file anyway and when it rebooted that time my internet was back on. Was at the ESTE? scan, 93% completed with 57 objects found when my computer decided to reboot itself. So here I go again. (It's ok to start over right?) Hope to get these logs over to you soon!

Thank you!
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Yes it is OK to start over.
  • 0

#7
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Combo Fix log:

ComboFix 11-12-23.01 - Katey Turner 12/23/2011 22:31:09.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.291 [GMT -8:00]
Running from: c:\documents and settings\Katey Turner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Katey Turner\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\windows\system32\XDva215.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NECUSB
-------\Legacy_XDVA190
-------\Legacy_XDVA201
-------\Legacy_XDVA212
-------\Legacy_XDVA215
-------\Service_necusb
-------\Service_XDva190
-------\Service_XDva201
-------\Service_XDva212
-------\Service_XDva215
.
.
((((((((((((((((((((((((( Files Created from 2011-11-24 to 2011-12-24 )))))))))))))))))))))))))))))))
.
.
2011-12-24 04:53 . 2011-12-24 04:53 -------- d-----w- c:\program files\ESET
2011-12-24 03:29 . 2011-12-24 03:29 -------- d-----w- C:\_OTL
2011-12-24 03:20 . 2011-12-24 03:20 -------- d-----w- C:\found.002
2011-12-23 07:50 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-23 06:49 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-19 08:45 . 2011-12-19 08:45 -------- d-----w- c:\documents and settings\Katey Turner\Application Data\Malwarebytes
2011-12-19 08:44 . 2011-12-19 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-19 08:44 . 2011-12-23 07:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-02 01:14 . 2011-12-02 01:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 01:12 . 2011-07-26 01:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 06:31 . 2011-11-15 06:31 25248 ----a-w- c:\windows\system32\drivers\AmgHips.sys
2011-11-15 05:55 . 2011-11-15 05:55 4554 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2006-02-28 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2006-12-31 04:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-05 06:53 . 2011-11-17 06:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe" [2011-07-26 243360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-11-4 1507431]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 10:41 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-08-27 23:59 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-03-13 01:41 762736 ----a-w- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ssstars.scr"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqApkil.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\HPQPSXP.exe"=
"c:\\Program Files\\Windows Media Player\\wmpshare.exe"=
"c:\\Program Files\\Windows Media Player\\setup_wm.exe"=
"c:\\Program Files\\Windows Media Player\\wmpenc.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqdstcp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\DocProc\\DocProc.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkiosk.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 AmgHips;AmgHips;c:\windows\system32\drivers\AmgHips.sys [11/14/2011 10:31 PM 25248]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 11:10 AM 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 3:45 PM 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [1/14/2009 1:23 AM 458752]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [4/17/2007 11:44 PM 96256]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 10:54 AM 360547]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/20/2010 10:06 PM 30576]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Katey Turner\Application Data\Mozilla\Firefox\Profiles\52dh9s4c.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-23 22:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,83,9a,22,2f,ed,43,41,b9,04,91,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,83,9a,22,2f,ed,43,41,b9,04,91,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4068)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\windows\ALCXMNTR.EXE
.
**************************************************************************
.
Completion time: 2011-12-23 22:46:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-24 06:46
ComboFix2.txt 2011-12-24 04:03
ComboFix3.txt 2011-12-23 07:15
.
Pre-Run: 106,123,419,648 bytes free
Post-Run: 106,098,438,144 bytes free
.
- - End Of File - - BE260608109EB34E3E2538A4508C176C

VEW log:


Vino's Event Viewer v01c run on Windows XP in English
Report run at 23/12/2011 10:54:58 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/12/2011 10:51:41 PM
Type: error Category: 0
Event: 14324 Source: WMPNetworkSvc
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x800700c1'. If possible, reinstall Windows Media Player.

Log: 'System' Date/Time: 23/12/2011 10:51:41 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The npkcrypt service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 23/12/2011 10:51:41 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The AEGIS Protocol (IEEE 802.1x) v3.4.3.0 service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The ESET scan said there were no threats found but there was a lot of items quarantined? Here is the log.txt:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 23/12/2011 10:54:58 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/12/2011 10:51:41 PM
Type: error Category: 0
Event: 14324 Source: WMPNetworkSvc
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x800700c1'. If possible, reinstall Windows Media Player.

Log: 'System' Date/Time: 23/12/2011 10:51:41 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The npkcrypt service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 23/12/2011 10:51:41 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The AEGIS Protocol (IEEE 802.1x) v3.4.3.0 service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#8
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Sorry here is the correct log for ESET:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0a94a2356ec63642a15023571c80b987
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-24 08:25:08
# local_time=2011-12-24 12:25:08 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=52640
# found=0
# cleaned=0
# scan_time=3409


Thank You!
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
The second running of ESET didn't find anything because it removed them the first time.

Can you post your Extras log? You should have gotten it when you ran OTL.

You are getting an error:

The npkcrypt service failed to start due to the following error: The system cannot find the path specified.


This service is usually installed by game software. Apparently the game was uninstalled but it left the service. We should be able to turn it off:

Start, Run, cmd, OK then type:
sc  config  npkcrypt  start=  disabled


Then hit Enter. IF you don't get an error then the service won't bother us any more.

You are getting a Windows Media Player error:

Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x800700c1'. If possible, reinstall Windows Media Player.

There is a Fixit from MS but I'm not sure it works on XP but it should tell you if it doesn't:

http://support.micro...ayer_diagnostic

You could try installing the latest version:

http://windows.micro...ws-media-player

For this error:

The AEGIS Protocol (IEEE 802.1x) v3.4.3.0 service failed to start due to the following error: The system cannot find the file specified.


See if you can do:

http://www.intel.com...b/cs-025428.htm

As you see it is part of intel wireless software but isn't needed so can be turned off.

Once you have done the above then clear the logs and run Vino's again:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.
Reboot.


2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. <== Try and do this one too.
  • 0

#10
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hope you had a Happy Holiday :).

Thank you SOOOO much for your help Ron, my computer runs 10,000 times better then it ever did!!

I did the Windows Media Fix and it did say it fixes three different things, but here is my system VEW log:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/12/2011 11:21:01 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/12/2011 11:19:16 PM
Type: error Category: 0
Event: 14324 Source: WMPNetworkSvc
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x800700c1'. If possible, reinstall Windows Media Player.

Log: 'System' Date/Time: 26/12/2011 11:19:16 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The AEGIS Protocol (IEEE 802.1x) v3.4.3.0 service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/12/2011 11:19:25 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00223F919CE9. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

And here is my Application log:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/12/2011 11:21:42 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Also, I tried to do the AEGIS Protocol thing, but it's not even listed to uncheck. ?

And where exactly can I find the extras log that OTL put out? What would it be labeled?

Thanks again for all your help!!!! :)
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Extras log should be in the same folder as the OTL program. Normally you only get one the first time you run OTL but if you check the All box in the Extra Registry area it will generate a new Extras log.

The WMPNetworkSvc is Windows Media Player Network Sharing Service. It should normally be set to Manual so it shouldn't even be running at boot.

Start, Run, services.msc , OK then find Windows Media Player Network Sharing Service and right click and select Properties. Change the Startup Type: to Manual if it is set to Automatic or Disabled if it is set to Manual then Apply and OK. We don't really need it anyway.

The Aegis thing is part of a wireless driver. Perhaps it shows up in Device Manager. Right click on My Computer and select Manage then Device Manager. Click on View (at the top) and select Show Hidden Devices. Look in the right pane for the Aegis. It should have a yellow or red mark next to it. If you find it right click on it and select Disable

Neither error is critical. Just cause a slight delay at boot.
  • 0

#12
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ok so I found this extras log:

OTL Extras logfile created on: 12/23/2011 12:05:44 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Katey Turner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 185.19 Mb Available Physical Memory | 36.21% Memory free
1.22 Gb Paging File | 0.82 Gb Available in Paging File | 67.51% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 97.19 Gb Free Space | 86.95% Space Free | Partition Type: NTFS

Computer Name: KATEY | User Name: Katey Turner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\WINDOWS\system32\ssstars.scr" = C:\WINDOWS\system32\ssstars.scr:*:Enabled:ssstars -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqApkil.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqApkil.exe:*:Enabled:HpqApKil -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPQPSXP.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPQPSXP.exe:*:Enabled:hpqPSXP -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqdstcp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqdstcp.exe:*:Enabled:hpqdstcp -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\DocProc\DocProc.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\DocProc\DocProc.exe:*:Enabled:DocProc -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkiosk.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkiosk.exe:*:Enabled:hpqkiosk -- ()
"C:\WINDOWS\system32\dwwin.exe" = C:\WINDOWS\system32\dwwin.exe:*:Enabled:dwwin -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}" = hp psc 2200 series
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6AC9178-8DE8-4654-97C8-7B71C7CBE683}" = Microsoft LifeCam
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19
"AVS4YOU Video Converter_is1" = AVS Video Converter 5.6
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"ExpressBurn" = Express Burn
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP PSC 2200 Series" = HP Photo and Imaging 2.0 - hp psc 2200 series
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SC DVD Ripper Burner_is1" = DVD Ripper Burner 7.0.0.0
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"UltraISO_is1" = UltraISO Premium V9.12
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/4/2011 5:41:07 AM | Computer Name = KATEY | Source = Application Hang | ID = 1002
Description = Hanging application WN111V2.exe, version 3.0.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/7/2011 4:10:28 AM | Computer Name = KATEY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/7/2011 4:10:28 AM | Computer Name = KATEY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/7/2011 4:10:28 AM | Computer Name = KATEY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/7/2011 10:39:54 AM | Computer Name = KATEY | Source = Application Hang | ID = 1002
Description = Hanging application WN111V2.exe, version 3.0.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2011 10:00:47 PM | Computer Name = KATEY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2011 10:00:47 PM | Computer Name = KATEY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/16/2011 9:24:32 PM | Computer Name = KATEY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/16/2011 9:24:32 PM | Computer Name = KATEY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/19/2011 11:00:11 PM | Computer Name = KATEY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: An internal certificate chaining error has occurred.

[ System Events ]
Error - 12/23/2011 2:57:24 AM | Computer Name = KATEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/23/2011 2:58:57 AM | Computer Name = KATEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/23/2011 2:59:03 AM | Computer Name = KATEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/23/2011 2:59:07 AM | Computer Name = KATEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/23/2011 2:59:12 AM | Computer Name = KATEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/23/2011 2:59:16 AM | Computer Name = KATEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/23/2011 2:59:32 AM | Computer Name = KATEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/23/2011 3:00:02 AM | Computer Name = KATEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/23/2011 3:00:06 AM | Computer Name = KATEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/23/2011 3:01:23 AM | Computer Name = KATEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >

And, I did do a new install of Windows Media Player (I really don't use it anyway), and I disabled the AEGIS thing..here's my new vew log:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/12/2011 2:24:21 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And the application log:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/12/2011 2:25:44 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:) Cant thank you enough!!
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Uninstall:
J2SE Runtime Environment 5.0 Update 10
Java™ 6 Update 5
Adobe Reader 8.1.2
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX

These are all obsolete. Get the latest from java.com and adobe.com

That's about all I see so I think we can clean up now.

We need to clean up System Restore (if we haven't already).

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#14
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
You are the awesomest Ron. Again, I can't thank you enough. I was a day away from throwing this computer in the trash and you helped me save it! It runs as if it was brand new!!

I finished cleaning up, the only thing I couldn't do was uninstall Combofix it seems..when I enter the command it says it is not recognized as an internal or external command or operable program or batch file..but its still on my desktop?

I'm guessing it shouldn't hurt me too much?

I hope to not return...Hope you have a happy new year and god bless you!! :)

-Val
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Looks like you ran it from downloads:

so try:

"c:\documents and settings\Katey Turner\My Documents\Downloads\ComboFix.exe" /uninstall
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP