Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Results Hijacked


  • This topic is locked This topic is locked
10 replies to this topic

#1 finnstang

finnstang

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 11 December 2009 - 05:51 PM

DDS (Ver_09-12-01.01) - NTFSx86
Run by Debbie2 at 16:53:41.21 on Fri 12/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2265 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HJT\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Debbie2\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page =
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - No File
BHO: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - No File
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\4.0.255.0\npchrome_tab.dll
TB: {821F87FF-8245-4972-9E28-732E92EC2F51} - No File
TB: {84938242-5C5B-4A55-B6B9-A1507543B418} - No File
TB: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - No File
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [Motive SmartBridge] c:\progra~1\verizo~1\smartb~1\MotiveSB.exe
mRun: [VerizonServicepoint.exe] c:\program files\verizon\servicepoint\VerizonServicepoint.exe
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Corel File Shell Monitor] c:\program files\corel\corel photo album 7\CorelIOMonitor.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Corel Photo Downloader] "c:\program files\corel\corel photo album 7\Corel Photo Downloader.exe" -startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Jane's%20Realty/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\4.0.255.0\npchrome_tab.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - No File
STS: {2016a466-91a2-43c6-97d8-2fd380f065ef} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\debbie2\applic~1\mozilla\firefox\profiles\nvsgd8ku.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\gametap web player\bin\release\npGameTapWebPlayer.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-1-17 214664]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-3-16 616408]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-12-11 47640]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-1-17 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-1-17 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-1-17 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-1-17 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-1-17 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-1-17 40552]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-7 135664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-1-17 34248]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-12-11 20:14:28 0 d-----w- c:\program files\HJT
2009-12-11 18:09:10 0 d-----w- c:\docume~1\alluse~1\applic~1\LogMeIn
2009-12-11 18:06:00 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-12-11 18:05:58 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-12-11 18:05:58 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-12-11 18:04:10 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-12-11 18:03:31 1024 ----a-w- C:\.rnd
2009-12-11 17:58:39 0 d-----w- c:\program files\LogMeIn
2009-12-10 22:13:12 0 d-----w- c:\program files\Westward IV - All Aboard
2009-12-10 22:11:46 0 d-----w- c:\program files\Hotel Dash - Suite Success
2009-12-10 02:34:54 0 d-sh--w- c:\docume~1\debbie2\applic~1\.#
2009-12-10 02:33:08 0 d-----w- c:\program files\Delmar Learning
2009-12-08 01:50:19 0 d-----w- c:\docume~1\debbie2\applic~1\TitanicMystery
2009-12-07 02:27:03 0 d-----w- c:\docume~1\alluse~1\applic~1\PlayPond
2009-12-07 02:18:25 0 d-----w- c:\program files\Mystery Legends - Sleepy Hollow
2009-12-07 02:10:49 0 d-----w- c:\program files\1912 - Titanic Mystery
2009-11-27 20:51:14 0 d-----w- c:\docume~1\debbie2\applic~1\VampireSaga
2009-11-23 05:13:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Islands
2009-11-23 04:12:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Wrinkle-free Games
2009-11-17 04:36:31 0 d-----w- c:\program files\Picket Fences
2009-11-17 04:30:12 0 d-----w- c:\docume~1\debbie2\applic~1\Sanna
2009-11-16 22:20:39 0 d-----w- c:\docume~1\debbie2\applic~1\GameInvest
2009-11-16 22:19:52 0 d-----w- c:\program files\Island Realms

==================== Find3M ====================

2009-12-08 23:27:31 8246 ----a-w- c:\windows\system32\KGyGaAvL.sys
2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-09-18 04:16:46 67888 ----a-w- c:\docume~1\debbie2\applic~1\GDIPFONTCACHEV1.DAT
2009-09-13 22:15:26 59672 ---ha-w- c:\windows\system32\mlfcache.dat
2007-02-03 15:59:13 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-02-21 17:38:47 8 --sh--r- c:\windows\system32\92B667F805.sys

============= FINISH: 16:56:23.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:30 AM

Posted 12 December 2009 - 10:31 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 finnstang

finnstang
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 12 December 2009 - 02:00 PM

Hi Sam. I'm from Columbus, so hello to a fellow buckeye. :( Thanks for the help!

When running OTL, the first time I forgot to check the All Users box, so I ran it a second time with All Users checked, which is the output pasted below. I am also attaching the log from the first time I ran OTL to this message in case that is helpful.

Here is the output from OTL:

OTL logfile created on: 12/12/2009 11:19:13 AM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Debbie2\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.62 Gb Available in Paging File | 90.57% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 63.13 Gb Free Space | 43.74% Space Free | Partition Type: NTFS
Drive D: | 177.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CINDY
Current User Name: Debbie2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/12 11:04:15 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie2\Desktop\OTL.exe
PRC - [2009/11/06 12:27:18 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/28 19:34:22 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/09/28 19:34:16 | 00,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/16 16:37:52 | 00,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/03/16 16:37:40 | 01,622,488 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/08 16:05:58 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/22 07:38:16 | 00,481,608 | R--- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe
PRC - [2008/08/22 07:36:12 | 00,037,888 | R--- | M] () -- C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
PRC - [2008/08/13 23:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/11 12:41:00 | 00,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 12:41:00 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 12:55:04 | 00,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/02/01 18:33:38 | 01,880,064 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
PRC - [2006/01/18 14:00:30 | 00,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2006/01/18 14:00:30 | 00,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2006/01/18 14:00:28 | 00,479,232 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2006/01/05 12:56:48 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/08/04 05:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/06/17 08:56:14 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/06/17 08:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/06/10 11:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/05/16 19:45:56 | 00,142,416 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe
PRC - [2005/03/23 01:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/02/23 17:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/12/06 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2004/04/07 13:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/09/13 21:36:52 | 00,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2002/05/18 12:04:06 | 00,327,680 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon Online\SmartBridge\MotiveSB.exe


========== Modules (SafeList) ==========

MOD - [2009/12/12 11:04:15 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie2\Desktop\OTL.exe
MOD - [2008/04/13 19:11:56 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2004/08/10 06:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\serwvdrv.dll
MOD - [2004/08/10 06:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umdmxfrm.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/07 08:35:48 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/28 19:34:22 | 00,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 19:22:22 | 00,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/30 12:18:21 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/16 16:37:52 | 00,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/03 18:15:32 | 00,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/08/13 23:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/11 12:41:00 | 00,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/09/26 12:55:04 | 00,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/06/05 13:20:32 | 00,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/08/04 05:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/07/12 16:33:02 | 00,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)
SRV - [2005/06/17 08:55:58 | 00,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2005/05/16 19:45:56 | 00,142,416 | R--- | M] (Command Software Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/11/19 12:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2004/04/07 13:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/07/28 10:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4174706946-2344638647-1078786358-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 2D 0F DF 31 2D 13 B6 40 8B C4 B9 8C A6 D1 14 4A [binary data]
IE - HKU\S-1-5-21-4174706946-2344638647-1078786358-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-21-4174706946-2344638647-1078786358-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4174706946-2344638647-1078786358-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4174706946-2344638647-1078786358-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-4174706946-2344638647-1078786358-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKU\S-1-5-21-4174706946-2344638647-1078786358-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-4174706946-2344638647-1078786358-1009\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4174706946-2344638647-1078786358-1009\S-1-5-21-4174706946-2344638647-1078786358-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 12:27:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 12:27:24 | 00,000,000 | ---D | M]

[2009/09/11 09:52:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debbie2\Application Data\Mozilla\Extensions
[2009/12/11 12:51:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debbie2\Application Data\Mozilla\Firefox\Profiles\nvsgd8ku.default\extensions
[2009/10/26 06:21:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Debbie2\Application Data\Mozilla\Firefox\Profiles\nvsgd8ku.default\extensions\[email protected]
[2009/12/11 12:51:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/07 23:21:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/01/29 20:29:01 | 00,024,673 | ---- | M] (MyWebSearch.com) -- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
[2005/04/27 15:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - No CLSID value found.
O2 - BHO: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - No CLSID value found.
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\4.0.255.0\npchrome_tab.dll (@COMPANY_FULLNAME@)
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {821F87FF-8245-4972-9E28-732E92EC2F51} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4174706946-2344638647-1078786358-1009\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\Verizon Online\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe (Verizon)
O4 - HKU\S-1-5-21-4174706946-2344638647-1078786358-1009..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKU\S-1-5-21-4174706946-2344638647-1078786358-1009..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4174706946-2344638647-1078786358-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jane's%20Realty/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\cf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\4.0.255.0\npchrome_tab.dll (@COMPANY_FULLNAME@)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - CLSID or File not found.
O22 - SharedTaskScheduler: {2016a466-91a2-43c6-97d8-2fd380f065ef} - eitheror - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/12 10:33:28 | 00,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (stera) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 05:22:48 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53483694433763328)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/12 11:04:14 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Debbie2\Desktop\OTL.exe
[2009/12/11 16:09:17 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Debbie2\Recent
[2009/12/11 13:06:00 | 00,028,984 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2009/12/11 13:05:58 | 00,083,288 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2009/12/11 13:05:58 | 00,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2009/12/11 13:04:10 | 00,087,352 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2007/02/03 10:59:21 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/12 11:08:04 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Debbie2\NTUSER.DAT
[2009/12/12 11:04:15 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie2\Desktop\OTL.exe
[2009/12/12 11:03:40 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{274060E3-C30C-4BE8-9535-CECE95485CC9}.job
[2009/12/12 11:00:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/12 11:00:46 | 00,038,949 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/12/12 10:59:46 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/12 10:59:46 | 00,000,454 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/12/12 10:59:46 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2009/12/12 10:59:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/12 10:59:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/12 10:59:36 | 32,192,96256 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/11 18:34:57 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Debbie2\ntuser.ini
[2009/12/11 17:40:00 | 00,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/11 16:27:34 | 00,002,509 | ---- | M] () -- C:\Documents and Settings\Debbie2\Desktop\HiJackThis.lnk
[2009/12/11 13:03:53 | 00,001,024 | ---- | M] () -- C:\.rnd
[2009/12/10 17:13:44 | 00,001,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Westward IV - All Aboard.lnk
[2009/12/10 17:13:44 | 00,001,214 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2009/12/10 17:12:02 | 00,001,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Hotel Dash - Suite Success.lnk
[2009/12/10 12:54:49 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 12:54:49 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 12:54:48 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 21:34:10 | 00,002,018 | ---- | M] () -- C:\Documents and Settings\Debbie2\Desktop\Medical Terminology for Health Professions .lnk
[2009/12/08 18:27:31 | 00,008,246 | ---- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/12/08 18:27:15 | 00,000,104 | RHS- | M] () -- C:\WINDOWS\System32\2F1FF963B3.sys
[2009/12/08 14:48:38 | 00,002,481 | ---- | M] () -- C:\Documents and Settings\Debbie2\Desktop\Microsoft Excel.lnk
[2009/12/07 21:30:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/06 21:19:07 | 00,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Mystery Legends - Sleepy Hollow.lnk
[2009/12/06 21:18:14 | 00,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play 1912 - Titanic Mystery.lnk
[2009/11/29 15:17:48 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Debbie2\Desktop\Microsoft Word.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/11 15:14:36 | 00,002,509 | ---- | C] () -- C:\Documents and Settings\Debbie2\Desktop\HiJackThis.lnk
[2009/12/11 13:03:31 | 00,001,024 | ---- | C] () -- C:\.rnd
[2009/12/10 17:13:44 | 00,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Westward IV - All Aboard.lnk
[2009/12/10 17:13:44 | 00,001,214 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2009/12/10 17:12:02 | 00,001,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Hotel Dash - Suite Success.lnk
[2009/12/09 21:34:10 | 00,002,018 | ---- | C] () -- C:\Documents and Settings\Debbie2\Desktop\Medical Terminology for Health Professions .lnk
[2009/12/06 21:19:07 | 00,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Mystery Legends - Sleepy Hollow.lnk
[2009/12/06 21:18:14 | 00,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play 1912 - Titanic Mystery.lnk
[2009/05/29 19:50:14 | 00,011,264 | ---- | C] () -- C:\Documents and Settings\Debbie2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/30 12:41:18 | 00,000,074 | ---- | C] () -- C:\Documents and Settings\Debbie2\Local Settings\Application Data\FASTWiz.log
[2009/04/30 12:12:14 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Debbie2\Local Settings\Application Data\fusioncache.dat
[2009/02/21 12:38:47 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\92B667F805.sys
[2008/04/03 18:59:16 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2007/08/26 17:11:27 | 00,000,287 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2007/05/10 18:28:19 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/03/26 09:45:18 | 00,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/02/20 13:59:08 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/02/20 13:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/02/20 13:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/02/20 13:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/02/20 13:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/02/20 13:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/02/20 13:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/02/20 13:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/20 13:59:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/10/29 12:17:26 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/12 20:00:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2006/06/01 02:58:41 | 01,245,732 | ---- | C] () -- C:\WINDOWS\System32\tttss.ini2
[2006/05/14 18:44:04 | 00,002,083 | ---- | C] () -- C:\WINDOWS\SportballChallenge.ini
[2006/05/11 20:19:18 | 00,000,047 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/03/23 17:19:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/03/01 16:50:55 | 00,707,160 | ---- | C] () -- C:\WINDOWS\System32\tttss.ini
[2006/02/19 17:26:23 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/08 22:29:10 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2006/01/29 20:44:26 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/22 12:41:12 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/01/22 12:41:12 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2006/01/19 12:38:59 | 00,008,246 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/19 12:38:59 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\2F1FF963B3.sys
[2006/01/05 13:09:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/05 12:58:26 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/05 12:30:52 | 00,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/17 02:26:24 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2005/08/17 02:26:20 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2005/08/17 02:26:04 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2005/08/17 02:25:24 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2005/08/17 02:25:20 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2005/08/17 02:25:16 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2005/08/17 02:25:12 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2005/08/17 02:24:04 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2005/08/16 05:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/12 16:37:04 | 00,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2005/07/12 16:36:12 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2005/07/12 16:34:22 | 00,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2005/07/12 16:34:06 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2005/07/12 16:33:08 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2005/07/12 16:32:40 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2005/07/12 16:32:20 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2005/07/12 16:29:46 | 01,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2005/07/12 16:28:22 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2005/06/01 11:53:38 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2005/04/09 18:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1997/06/13 20:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/11/05 09:58:00 | 00,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2008/01/17 10:25:12 | 00,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/11/01 00:00:42 | 00,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/12/12 10:59:46 | 00,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/12/12 10:59:46 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2009/11/08 03:08:00 | 00,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/12/12 11:03:40 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{274060E3-C30C-4BE8-9535-CECE95485CC9}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/02/16 16:42:53 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 13:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\drivers\storage\sata\onboard\iastor.sys
[2005/06/17 13:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\i386\iaStor.sys
[2005/06/17 13:33:40 | 00,872,064 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69AF9D20
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A1628E5
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14EEF080
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E962FBDB
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A6D6CB4
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD727397
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFC41B39
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6DD2C7E
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EBCAF87
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10F6E97E
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9726EA15
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5F8E280
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49948B2C
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89123481
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FC4A10A
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86725A4F
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF1334B0
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD874E14
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:273A8657
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FF4577A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10517E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:478FEFC3
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BC74CBD
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AE6CC6C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:997E6AF4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54301EF8
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6FA1F20
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9136D598
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF981A7F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D92485C9
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:122B409D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AE33054
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:471AD3D0
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA42DF8E
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B386EC8A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BC73C48
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB5BDBB0
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC73CDCE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B3A4EC2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C9565AC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:097FF903
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE89FFE
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A761C913
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B09C4D9
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C24B973A
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FBE0E9C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5335CE76
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E3AF64
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09064307
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4BF246C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FBC80F9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD000392
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F709A4DE
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34B9286E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F50A55A
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16B49C20
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18121AD
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94D41096
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618BF152
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AFC2166
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3064D21D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7920E530
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E1E5A60
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CAE65A6
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:780A453A
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0193F8E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4076A3B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D66B5EAE
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC878100
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96C05DC7
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:883EDFB5
< End of report >


OTL Extras logfile created on: 12/12/2009 11:19:13 AM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Debbie2\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.62 Gb Available in Paging File | 90.57% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 63.13 Gb Free Space | 43.74% Space Free | Partition Type: NTFS
Drive D: | 177.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CINDY
Current User Name: Debbie2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4174706946-2344638647-1078786358-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1138585938\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1138585938\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1138585938\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1138585938\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- File not found
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup -- (McAfee)
"C:\Program Files\GameTap Web Player\bin\release\GameTapPlayer.exe" = C:\Program Files\GameTap Web Player\bin\release\GameTapPlayer.exe:*:Disabled:GameTap Web Player -- (Metaboli)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Program Files\Sony\EverQuest II\EQ2VoiceService.exe" = C:\Program Files\Sony\EverQuest II\EQ2VoiceService.exe:*:Enabled:EQ2VoiceService -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13AD768A-9E04-499D-AE80-967A65DCCBA5}" = ebgcSDK
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25EF00A1-F17B-11D6-88EA-000476CD2443}" = Verizon Online Support Center
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{266F34CA-580F-4615-80FE-BDFBD56B748F}" = School Tycoon
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel Photo Album 7
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Google AFE
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel® PROSet for Wired Connections
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{52358A6F-E412-4C46-8CF8-B425C0D5E8FB}" = EverQuest II
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{821F87FF-8245-4972-9E28-732E92EC2F51}" = VSToolbar for Internet Explorer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111288627}" = The Odyssey- Winds of Athena
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11331547}" = Risk
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114044400}" = Chocolatier 2 Secret Ingredients
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114852710}" = Westward II Heroes of the Frontier
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115438320}" = Cinema Tycoon 2 Movie
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115735150}" = Build a lot 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116495170}" = Westward 3 Gold Rush
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{85EBB283-65AF-4C53-9EBE-7C0A232762F7}" = AGEIA PhysX v7.03.21
"{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91746221-0B6A-4572-BEE3-A4D587FF98EA}" = ebgcRes
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2444FA0-04AA-4221-B652-73713947ED22}" = Anti-Spyware
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D3386797-A836-4030-AB5D-4E89F2F15F33}" = Authentium
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D8C9328A-3587-439F-9458-226158211972}" = Verizon PC Security Checkup
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"242FA5E5-A025-4240-A022-EBC2FD82C32D" = Sportball Challenge
"3C48F877-A164-45E9-B9DA-26A049FFC207" = Tradewinds
"6293BC00-4EB8-4C65-8548-53E2FC3BF937" = Diner Dash
"7983E4D5-BB23-40B4-9EA1-A0A2318F83B2" = Ciao Bella
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"APA PERRLA" = APA PERRLA
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B82C8AF2-549D-41E4-98E9-53F9FF206525" = Tradewinds 2
"BFG-1912 - Titanic Mystery" = 1912: Titanic Mystery
"BFG-Angela Young 2 - Escape the Dreamscape" = Angela Young 2: Escape the Dreamscape
"BFG-Be Rich" = Be Rich
"BFG-Be Richer" = Be Richer
"BFG-Blood Ties" = Blood Ties
"BFG-Build-a-lot 2 - Town of the Year" = Build-a-lot 2: Town of the Year
"BFG-Build-a-Lot 4 - Power Source" = Build-a-Lot 4: Power Source
"BFGC" = Big Fish Games Client
"BFG-Chocolatier 3 - Decadence by Design" = Chocolatier 3: Decadence by Design
"BFG-Cooking Dash - DinerTown Studios" = Cooking Dash: DinerTown Studios
"BFG-DinerTown Tycoon" = DinerTown Tycoon
"BFG-Drawn - The Painted Tower" = Drawn: The Painted Tower ™
"BFG-Empire Builder - Ancient Egypt" = Empire Builder - Ancient Egypt
"BFG-Enlightenus" = Enlightenus
"BFG-Farm Frenzy 3" = Farm Frenzy 3
"BFG-Hollywood Tycoon" = Hollywood Tycoon
"BFG-Hotel Dash - Suite Success" = Hotel Dash: Suite Success
"BFG-Hotel Mogul" = Hotel Mogul
"BFG-Island Realms" = Island Realms
"BFG-Law and Order Justice is Served" = Law and Order Justice is Served
"BFG-Megaplex Madness - Summer Blockbuster" = Megaplex Madness: Summer Blockbuster
"BFG-Midnight Mysteries - The Edgar Allan Poe Conspiracy" = Midnight Mysteries: The Edgar Allan Poe Conspiracy
"BFG-Mr Jones' Graveyard Shift" = Mr Jones' Graveyard Shift
"BFG-Mystery Age - The Imperial Staff" = Mystery Age: The Imperial Staff
"BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville ™
"BFG-Mystery Case Files - Madame Fate" = Mystery Case Files: Madame Fate &reg;
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™
"BFG-Mystery Legends - Sleepy Hollow" = Mystery Legends: Sleepy Hollow
"BFG-Picket Fences" = Picket Fences™
"BFG-Plan It Green" = Plan It Green
"BFG-Romopolis" = Romopolis
"BFG-The Legend of Sanna" = The Legend of Sanna
"BFG-Townopolis - Gold" = Townopolis: Gold
"BFG-Tradewinds Odyssey" = Tradewinds Odyssey
"BFG-Vampire Saga - Pandora's Box" = Vampire Saga: Pandora's Box
"BFG-Westward III" = Westward III: Gold Rush
"BFG-Westward IV - All Aboard" = Westward IV: All Aboard
"BFG-Winemaker Extraordinaire" = Winemaker Extraordinaire
"BFG-Wonderburg" = Wonderburg
"BFG-World of Zellians - Kingdom Builder" = World of Zellians: Kingdom Builder ™
"CCleaner" = CCleaner
"Chocolatier 2 - Secret Ingredients" = Chocolatier 2 - Secret Ingredients
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"comcasttb" = Comcast Toolbar 3.0
"Cooking Dash™" = Cooking Dash™
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 964" = Dell Photo AIO Printer 964
"Diner Dash - Hometown Hero" = Diner Dash - Hometown Hero
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EQ2MAP Updater" = EQ2MAP Updater 1.2.4
"ESPNMotion" = ESPNMotion
"Google Chrome Frame" = Google Chrome Frame
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"Mall Tycoon 2 Deluxe" = Mall Tycoon 2 Deluxe
"Medical Terminology for Health Professions_is1" = Medical Terminology for Health Professions
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NCLEX-RN 3500 - Individual Version" = NCLEX-RN 3500 - Individual Version
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"Pirateville" = Pirateville
"Port Royale 2" = Port Royale 2
"PROSet" = Intel® PRO Network Connections Drivers
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.3.21
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer Basic
"RegCure" = RegCure 1.6.0.0
"Rp Scan and Clean {D8C9328A-3587-439F-9458-226158211972}" = Verizon PC Security Checkup
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The Ultimate Home" = The Ultimate Home
"Tradewinds Legends" = Tradewinds Legends
"Verizon Online DSL_is1" = Verizon Online DSL
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"WildTangent dell Master Uninstall" = WildTangent Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2009 6:56:38 PM | Computer Name = CINDY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000ff56.

Error - 12/1/2009 7:17:03 PM | Computer Name = CINDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2009 7:22:17 PM | Computer Name = CINDY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2009 8:22:49 AM | Computer Name = CINDY | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1196 (0x4ac) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\PROGRAM FILES\ENLIGHTENUS\ENLIGHTENUS.EXE

by **\DSCA.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)

5004(0)(0)

Error - 12/3/2009 8:57:13 AM | Computer Name = CINDY | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1200 (0x4b0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\PROGRAM FILES\ENLIGHTENUS\ENLIGHTENUS.EXE

by **\MIM.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)

5004(0)(0)

Error - 12/3/2009 12:27:26 PM | Computer Name = CINDY | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3480 (0xd98) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Program Files\Enlightenus\Enlightenus.exe

by C:\Program Files\RegCure\RegCure.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 12/11/2009 1:56:51 PM | Computer Name = CINDY | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3272 (0xcc8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\program files\common
files\aol\1138585938\ee\services\softwareUpdate\ver1_14_10_2\stic.dll by C:\Program
Files\Common Files\AOL\1138585938\ee\AOLSoftware.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 12/11/2009 2:04:20 PM | Computer Name = CINDY | Source = MsiInstaller | ID = 11500
Description = Product: HiJackThis -- Error 1500. Another installation is in progress.
You must complete that installation before continuing this one.

Error - 12/11/2009 2:08:04 PM | Computer Name = CINDY | Source = MsiInstaller | ID = 11920
Description = Product: LogMeIn -- Error 1920. Service 'LogMeIn' (LogMeIn) failed
to start. Verify that you have sufficient privileges to start system services.

Error - 12/11/2009 2:12:47 PM | Computer Name = CINDY | Source = Application Error | ID = 1000
Description = Faulting application mcmscsvc.exe, version 9.15.126.0, faulting module
ole32.dll, version 5.1.2600.5512, fault address 0x00120f2f.

[ System Events ]
Error - 12/11/2009 4:41:55 PM | Computer Name = CINDY | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 12/11/2009 4:54:32 PM | Computer Name = CINDY | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/11/2009 4:54:32 PM | Computer Name = CINDY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/11/2009 4:55:09 PM | Computer Name = CINDY | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 12/11/2009 5:24:25 PM | Computer Name = CINDY | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/11/2009 5:24:25 PM | Computer Name = CINDY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/11/2009 5:24:40 PM | Computer Name = CINDY | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 12/12/2009 11:59:52 AM | Computer Name = CINDY | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/12/2009 11:59:52 AM | Computer Name = CINDY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/12/2009 12:00:29 PM | Computer Name = CINDY | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2


< End of report >






While running GMER, I got a McAfee popup about a registry change detection. Below is the text from that popup:

McAfee has detected a potentially unauthorized registry change to your computer.

About this Registry Change
SystemGuards: Windows Protocols
Program: Google Chrome
Location: C:\WINDOWS\Temp\CR_5C.tmp\setup.exe

Spyware, adware, and other potentially unwanted programs can make registry changes to Windows Protocols, affecting how your computer sends and receives information on the Internet.

Should I allow or block this change?

GMER is still currently running, and I will put the results of that into my next message.

Attached Files



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:30 AM

Posted 12 December 2009 - 03:59 PM

Small world huh? :(

Gmer shouldn't be causing any registry changes so anything that pops up like that from Mcafee you can deny the change.

I still want to see the Gmer log when it's done, but here is the next step for you regardless.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 finnstang

finnstang
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 12 December 2009 - 05:47 PM

GMER is finally done!

I am attaching the GMER log to this post...had to zip it.

Here is the TDSSKiller log:



Host Name: CINDY
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: cindy gilbert
Registered Organization:
Product ID: 76487-OEM-0011903-00825
Original Install Date: 1/9/2006, 6:11:25 PM
System Up Time: 0 Days, 5 Hours, 48 Minutes, 15 Seconds
System Manufacturer: Dell Inc.
System Model: Dell DXP051
System type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x86 Family 15 Model 4 Stepping 4 GenuineIntel ~2793 Mhz
BIOS Version: DELL - 7
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT-05:00) Eastern Time (US & Canada)
Total Physical Memory: 3,070 MB
Available Physical Memory: 2,154 MB
Virtual Memory: Max Size: 2,048 MB
Virtual Memory: Available: 2,001 MB
Virtual Memory: In Use: 47 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\CINDY
Hotfix(s): 237 Hotfix(s) Installed.
[01]: EmeraldQFE2 - Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: File 1
[64]: File 1
[65]: File 1
[66]: File 1
[67]: File 1
[68]: File 1
[69]: File 1
[70]: File 1
[71]: File 1
[72]: File 1
[73]: File 1
[74]: File 1
[75]: File 1
[76]: File 1
[77]: File 1
[78]: File 1
[79]: File 1
[80]: File 1
[81]: File 1
[82]: File 1
[83]: File 1
[84]: File 1
[85]: File 1
[86]: File 1
[87]: File 1
[88]: File 1
[89]: File 1
[90]: File 1
[91]: File 1
[92]: File 1
[93]: File 1
[94]: File 1
[95]: File 1
[96]: File 1
[97]: File 1
[98]: File 1
[99]: File 1
[100]: File 1
[101]: File 1
[102]: File 1
[103]: Q147222
[104]: KB887998 - QFE
[105]: KB930494 - QFE
[106]: KB953295 - QFE
[107]: SP3 - SP
[108]: M953297 - Update
[109]: S867460 - Update
[110]: KB900325 - Update
[111]: Q927978
[112]: Q936181
[113]: Q954430
[114]: Q973688
[115]: IDNMitigationAPIs - Update
[116]: NLSDownlevelMapping - Update
[117]: KB929399
[118]: KB952069_WM9
[119]: KB954155_WM9
[120]: KB968816_WM9
[121]: KB973540_WM9
[122]: KB911565
[123]: KB913800
[124]: KB917734_WMP10
[125]: KB926251
[126]: EmeraldQFE2 - Update
[127]: KB936782_WMP11
[128]: KB939683
[129]: KB954154_WM11
[130]: KB959772_WM11
[131]: KB925398_WMP64
[132]: KB923689
[133]: KB941569
[134]: KB928090-IE7 - Update
[135]: KB929969 - Update
[136]: KB931768-IE7 - Update
[137]: KB933566-IE7 - Update
[138]: KB937143-IE7 - Update
[139]: KB938127-IE7 - Update
[140]: KB939653-IE7 - Update
[141]: KB942615-IE7 - Update
[142]: KB944533-IE7 - Update
[143]: KB947864-IE7 - Update
[144]: KB950759-IE7 - Update
[145]: KB953838-IE7 - Update
[146]: KB956390-IE7 - Update
[147]: KB958215-IE7 - Update
[148]: KB960714-IE7 - Update
[149]: KB961260-IE7 - Update
[150]: KB963027-IE7 - Update
[151]: KB969897-IE7 - Update
[152]: KB971961-IE8 - Update
[153]: KB972260-IE7 - Update
[154]: KB972260-IE8 - Update
[155]: KB974455-IE8 - Update
[156]: KB976325-IE8 - Update
[157]: KB976749-IE8 - Update
[158]: MSCompPackV1 - Update
[159]: KB929969 - Update
[160]: KB936929 - Service Pack
[161]: KB953295 - Update
[162]: KB923561 - Update
[163]: KB938464 - Update
[164]: KB938464-v2 - Update
[165]: KB946648 - Update
[166]: KB950760 - Update
[167]: KB950762 - Update
[168]: KB950974 - Update
[169]: KB951066 - Update
[170]: KB951072-v2 - Update
[171]: KB951376 - Update
[172]: KB951376-v2 - Update
[173]: KB951698 - Update
[174]: KB951748 - Update
[175]: KB951978 - Update
[176]: KB952004 - Update
[177]: KB952287 - Update
[178]: KB952954 - Update
[179]: KB953839 - Update
[180]: KB954211 - Update
[181]: KB954459 - Update
[182]: KB954550-v5 - Update
[183]: KB954600 - Update
[184]: KB955069 - Update
[185]: KB955839 - Update
[186]: KB956391 - Update
[187]: KB956572 - Update
[188]: KB956744 - Update
[189]: KB956802 - Update
[190]: KB956803 - Update
[191]: KB956841 - Update
[192]: KB956844 - Update
[193]: KB957095 - Update
[194]: KB957097 - Update
[195]: KB958644 - Update
[196]: KB958687 - Update
[197]: KB958690 - Update
[198]: KB958869 - Update
[199]: KB959426 - Update
[200]: KB960225 - Update
[201]: KB960715 - Update
[202]: KB960803 - Update
[203]: KB960859 - Update
[204]: KB961118 - Update
[205]: KB961371 - Update
[206]: KB961373 - Update
[207]: KB961501 - Update
[208]: KB967715 - Update
[209]: KB968389 - Update
[210]: KB968537 - Upda

NetWork Card(s): 1 NIC(s) Installed.
[01]: Intel® PRO/1000 PL Network Connection
Connection Name: Local Area Connection
DHCP Enabled: Yes
DHCP Server: 68.87.64.10
IP address(es)
[01]: 71.230.98.202
16:47:26:476 4280 ForceUnloadDriver: NtUnloadDriver error 2
16:47:26:476 4280 ForceUnloadDriver: NtUnloadDriver error 2
16:47:26:476 4280 ForceUnloadDriver: NtUnloadDriver error 2
16:47:26:569 4280 main: Driver KLMD successfully dropped
16:47:26:616 4280 main: Driver KLMD successfully loaded
16:47:26:616 4280
Scanning Registry ...
16:47:26:616 4280 ScanServices: Searching service UACd.sys
16:47:26:616 4280 ScanServices: Open/Create key error 2
16:47:26:616 4280 ScanServices: Searching service TDSSserv.sys
16:47:26:616 4280 ScanServices: Open/Create key error 2
16:47:26:616 4280 ScanServices: Searching service gaopdxserv.sys
16:47:26:616 4280 ScanServices: Open/Create key error 2
16:47:26:616 4280 ScanServices: Searching service gxvxcserv.sys
16:47:26:616 4280 ScanServices: Open/Create key error 2
16:47:26:616 4280 ScanServices: Searching service MSIVXserv.sys
16:47:26:616 4280 ScanServices: Open/Create key error 2
16:47:26:632 4280 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
16:47:27:147 4280 UnhookRegistry: Kernel local addr: E40000
16:47:27:163 4280 UnhookRegistry: KeServiceDescriptorTable addr: EC5700
16:47:27:397 4280 UnhookRegistry: KiServiceTable addr: E6D460
16:47:27:413 4280 UnhookRegistry: NtEnumerateKey service number (local): 47
16:47:27:413 4280 UnhookRegistry: NtEnumerateKey local addr: F8CFF2
16:47:27:429 4280 KLMD_OpenDevice: Trying to open KLMD device
16:47:27:429 4280 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
16:47:27:429 4280 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
16:47:27:429 4280 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4]
16:47:27:429 4280 UnhookRegistry: NtEnumerateKey service number (kernel): 47
16:47:27:429 4280 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4]
16:47:27:429 4280 UnhookRegistry: NtEnumerateKey real addr: 80623FF2
16:47:27:429 4280 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2
16:47:27:429 4280 UnhookRegistry: No SDT hooks found on NtEnumerateKey
16:47:27:429 4280 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA]
16:47:27:429 4280 UnhookRegistry: Splicing found on NtEnumerateKey
16:47:27:429 4280 KLMD_WriteMem: Trying to WriteMemory 0x80623FF2[0xA]
16:47:27:429 4280 UnhookRegistry: NtEnumerateKey (Splicing) unhooked successfully
16:47:27:444 4280
Scanning Kernel memory ...
16:47:27:444 4280 KLMD_OpenDevice: Trying to open KLMD device
16:47:27:444 4280 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
16:47:27:444 4280 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
16:47:27:444 4280 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8AC81910
16:47:27:444 4280 DetectCureTDL3: KLMD_GetDeviceObjectList returned 14 DevObjects
16:47:27:444 4280 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 89C14278
16:47:27:444 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89C14278
16:47:27:444 4280 KLMD_ReadMem: Trying to ReadMemory 0x89C14278[0x38]
16:47:27:444 4280 DetectCureTDL3: DRIVER_OBJECT addr: 8AC81910
16:47:27:444 4280 KLMD_ReadMem: Trying to ReadMemory 0x8AC81910[0xA8]
16:47:27:444 4280 KLMD_ReadMem: Trying to ReadMemory 0xE17D22D0[0x208]
16:47:27:444 4280 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:47:27:444 4280 DetectCureTDL3: IrpHandler (0) addr: BA0EEBB0
16:47:27:444 4280 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (2) addr: BA0EEBB0
16:47:27:444 4280 DetectCureTDL3: IrpHandler (3) addr: BA0E8D1F
16:47:27:444 4280 DetectCureTDL3: IrpHandler (4) addr: BA0E8D1F
16:47:27:444 4280 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (9) addr: BA0E92E2
16:47:27:444 4280 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (14) addr: BA0E93BB
16:47:27:444 4280 DetectCureTDL3: IrpHandler (15) addr: BA0ECF28
16:47:27:444 4280 DetectCureTDL3: IrpHandler (16) addr: BA0E92E2
16:47:27:444 4280 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (22) addr: BA0EAC82
16:47:27:444 4280 DetectCureTDL3: IrpHandler (23) addr: BA0EF99E
16:47:27:444 4280 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:47:27:444 4280 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
16:47:27:444 4280 KLMD_ReadMem: DeviceIoControl error 1
16:47:27:444 4280 TDL3_StartIoHookDetect: Unable to get StartIo handler code
16:47:27:444 4280 TDL3_FileDetect: Processing driver: Disk
16:47:27:444 4280 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
16:47:27:444 4280 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
16:47:27:444 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
16:47:27:444 4280 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8A181030
16:47:27:444 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A181030
16:47:27:444 4280 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 89C133A0
16:47:27:444 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89C133A0
16:47:27:444 4280 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 89A03AF8
16:47:27:444 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89A03AF8
16:47:27:444 4280 KLMD_ReadMem: Trying to ReadMemory 0x89A03AF8[0x38]
16:47:27:444 4280 DetectCureTDL3: DRIVER_OBJECT addr: 89B89900
16:47:27:444 4280 KLMD_ReadMem: Trying to ReadMemory 0x89B89900[0xA8]
16:47:27:444 4280 KLMD_ReadMem: Trying to ReadMemory 0xE1BC58E0[0x208]
16:47:27:444 4280 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
16:47:27:444 4280 DetectCureTDL3: IrpHandler (0) addr: B07D8218
16:47:27:444 4280 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (2) addr: B07D8218
16:47:27:444 4280 DetectCureTDL3: IrpHandler (3) addr: B07D823C
16:47:27:444 4280 DetectCureTDL3: IrpHandler (4) addr: B07D823C
16:47:27:444 4280 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (9) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (14) addr: B07D8180
16:47:27:444 4280 DetectCureTDL3: IrpHandler (15) addr: B07D39E6
16:47:27:444 4280 DetectCureTDL3: IrpHandler (16) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (22) addr: B07D75F0
16:47:27:444 4280 DetectCureTDL3: IrpHandler (23) addr: B07D5A6E
16:47:27:444 4280 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:47:27:444 4280 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:47:27:444 4280 KLMD_ReadMem: Trying to ReadMemory 0xB07D4F26[0x400]
16:47:27:444 4280 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
16:47:27:444 4280 TDL3_FileDetect: Processing driver: USBSTOR
16:47:27:444 4280 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\tsk_usbstor.sys
16:47:27:444 4280 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
16:47:27:444 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
16:47:27:460 4280 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A18E030
16:47:27:460 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A18E030
16:47:27:460 4280 KLMD_ReadMem: Trying to ReadMemory 0x8A18E030[0x38]
16:47:27:460 4280 DetectCureTDL3: DRIVER_OBJECT addr: 8AC81910
16:47:27:460 4280 KLMD_ReadMem: Trying to ReadMemory 0x8AC81910[0xA8]
16:47:27:460 4280 KLMD_ReadMem: Trying to ReadMemory 0xE17D22D0[0x208]
16:47:27:460 4280 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:47:27:460 4280 DetectCureTDL3: IrpHandler (0) addr: BA0EEBB0
16:47:27:460 4280 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (2) addr: BA0EEBB0
16:47:27:460 4280 DetectCureTDL3: IrpHandler (3) addr: BA0E8D1F
16:47:27:460 4280 DetectCureTDL3: IrpHandler (4) addr: BA0E8D1F
16:47:27:460 4280 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (9) addr: BA0E92E2
16:47:27:460 4280 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (14) addr: BA0E93BB
16:47:27:460 4280 DetectCureTDL3: IrpHandler (15) addr: BA0ECF28
16:47:27:460 4280 DetectCureTDL3: IrpHandler (16) addr: BA0E92E2
16:47:27:460 4280 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (22) addr: BA0EAC82
16:47:27:460 4280 DetectCureTDL3: IrpHandler (23) addr: BA0EF99E
16:47:27:460 4280 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:47:27:460 4280 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
16:47:27:460 4280 KLMD_ReadMem: DeviceIoControl error 1
16:47:27:460 4280 TDL3_StartIoHookDetect: Unable to get StartIo handler code
16:47:27:460 4280 TDL3_FileDetect: Processing driver: Disk
16:47:27:460 4280 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
16:47:27:460 4280 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
16:47:27:460 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
16:47:27:460 4280 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 89C5F030
16:47:27:460 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89C5F030
16:47:27:460 4280 KLMD_ReadMem: Trying to ReadMemory 0x89C5F030[0x38]
16:47:27:460 4280 DetectCureTDL3: DRIVER_OBJECT addr: 8AC81910
16:47:27:460 4280 KLMD_ReadMem: Trying to ReadMemory 0x8AC81910[0xA8]
16:47:27:460 4280 KLMD_ReadMem: Trying to ReadMemory 0xE17D22D0[0x208]
16:47:27:460 4280 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:47:27:460 4280 DetectCureTDL3: IrpHandler (0) addr: BA0EEBB0
16:47:27:460 4280 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (2) addr: BA0EEBB0
16:47:27:460 4280 DetectCureTDL3: IrpHandler (3) addr: BA0E8D1F
16:47:27:460 4280 DetectCureTDL3: IrpHandler (4) addr: BA0E8D1F
16:47:27:460 4280 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (9) addr: BA0E92E2
16:47:27:460 4280 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (14) addr: BA0E93BB
16:47:27:460 4280 DetectCureTDL3: IrpHandler (15) addr: BA0ECF28
16:47:27:460 4280 DetectCureTDL3: IrpHandler (16) addr: BA0E92E2
16:47:27:460 4280 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (22) addr: BA0EAC82
16:47:27:460 4280 DetectCureTDL3: IrpHandler (23) addr: BA0EF99E
16:47:27:460 4280 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:47:27:460 4280 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:47:27:460 4280 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
16:47:27:460 4280 KLMD_ReadMem: DeviceIoControl error 1
16:47:27:460 4280 TDL3_StartIoHookDetect: Unable to get StartIo handler code
16:47:27:460 4280 TDL3_FileDetect: Processing driver: Disk
16:47:27:460 4280 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
16:47:27:460 4280 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
16:47:27:460 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
16:47:27:476 4280 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 89ABD1E8
16:47:27:476 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89ABD1E8
16:47:27:476 4280 KLMD_ReadMem: Trying to ReadMemory 0x89ABD1E8[0x38]
16:47:27:476 4280 DetectCureTDL3: DRIVER_OBJECT addr: 8AC81910
16:47:27:476 4280 KLMD_ReadMem: Trying to ReadMemory 0x8AC81910[0xA8]
16:47:27:476 4280 KLMD_ReadMem: Trying to ReadMemory 0xE17D22D0[0x208]
16:47:27:476 4280 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:47:27:476 4280 DetectCureTDL3: IrpHandler (0) addr: BA0EEBB0
16:47:27:476 4280 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (2) addr: BA0EEBB0
16:47:27:476 4280 DetectCureTDL3: IrpHandler (3) addr: BA0E8D1F
16:47:27:476 4280 DetectCureTDL3: IrpHandler (4) addr: BA0E8D1F
16:47:27:476 4280 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (9) addr: BA0E92E2
16:47:27:476 4280 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (14) addr: BA0E93BB
16:47:27:476 4280 DetectCureTDL3: IrpHandler (15) addr: BA0ECF28
16:47:27:476 4280 DetectCureTDL3: IrpHandler (16) addr: BA0E92E2
16:47:27:476 4280 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (22) addr: BA0EAC82
16:47:27:476 4280 DetectCureTDL3: IrpHandler (23) addr: BA0EF99E
16:47:27:476 4280 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:47:27:476 4280 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
16:47:27:476 4280 KLMD_ReadMem: DeviceIoControl error 1
16:47:27:476 4280 TDL3_StartIoHookDetect: Unable to get StartIo handler code
16:47:27:476 4280 TDL3_FileDetect: Processing driver: Disk
16:47:27:476 4280 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
16:47:27:476 4280 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
16:47:27:476 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
16:47:27:476 4280 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 89BFE518
16:47:27:476 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89BFE518
16:47:27:476 4280 KLMD_ReadMem: Trying to ReadMemory 0x89BFE518[0x38]
16:47:27:476 4280 DetectCureTDL3: DRIVER_OBJECT addr: 8AC81910
16:47:27:476 4280 KLMD_ReadMem: Trying to ReadMemory 0x8AC81910[0xA8]
16:47:27:476 4280 KLMD_ReadMem: Trying to ReadMemory 0xE17D22D0[0x208]
16:47:27:476 4280 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:47:27:476 4280 DetectCureTDL3: IrpHandler (0) addr: BA0EEBB0
16:47:27:476 4280 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (2) addr: BA0EEBB0
16:47:27:476 4280 DetectCureTDL3: IrpHandler (3) addr: BA0E8D1F
16:47:27:476 4280 DetectCureTDL3: IrpHandler (4) addr: BA0E8D1F
16:47:27:476 4280 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (9) addr: BA0E92E2
16:47:27:476 4280 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (14) addr: BA0E93BB
16:47:27:476 4280 DetectCureTDL3: IrpHandler (15) addr: BA0ECF28
16:47:27:476 4280 DetectCureTDL3: IrpHandler (16) addr: BA0E92E2
16:47:27:476 4280 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (22) addr: BA0EAC82
16:47:27:476 4280 DetectCureTDL3: IrpHandler (23) addr: BA0EF99E
16:47:27:476 4280 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:47:27:476 4280 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
16:47:27:476 4280 KLMD_ReadMem: DeviceIoControl error 1
16:47:27:476 4280 TDL3_StartIoHookDetect: Unable to get StartIo handler code
16:47:27:476 4280 TDL3_FileDetect: Processing driver: Disk
16:47:27:476 4280 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
16:47:27:476 4280 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
16:47:27:476 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
16:47:27:476 4280 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 89B28308
16:47:27:476 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89B28308
16:47:27:476 4280 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 899FB5E8
16:47:27:476 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 899FB5E8
16:47:27:476 4280 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 8987D1A0
16:47:27:476 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8987D1A0
16:47:27:476 4280 KLMD_ReadMem: Trying to ReadMemory 0x8987D1A0[0x38]
16:47:27:476 4280 DetectCureTDL3: DRIVER_OBJECT addr: 89B89900
16:47:27:476 4280 KLMD_ReadMem: Trying to ReadMemory 0x89B89900[0xA8]
16:47:27:476 4280 KLMD_ReadMem: Trying to ReadMemory 0xE1BC58E0[0x208]
16:47:27:476 4280 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
16:47:27:476 4280 DetectCureTDL3: IrpHandler (0) addr: B07D8218
16:47:27:476 4280 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (2) addr: B07D8218
16:47:27:476 4280 DetectCureTDL3: IrpHandler (3) addr: B07D823C
16:47:27:476 4280 DetectCureTDL3: IrpHandler (4) addr: B07D823C
16:47:27:476 4280 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (9) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (14) addr: B07D8180
16:47:27:476 4280 DetectCureTDL3: IrpHandler (15) addr: B07D39E6
16:47:27:476 4280 DetectCureTDL3: IrpHandler (16) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (22) addr: B07D75F0
16:47:27:476 4280 DetectCureTDL3: IrpHandler (23) addr: B07D5A6E
16:47:27:476 4280 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:47:27:476 4280 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:47:27:476 4280 KLMD_ReadMem: Trying to ReadMemory 0xB07D4F26[0x400]
16:47:27:476 4280 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
16:47:27:476 4280 TDL3_FileDetect: Processing driver: USBSTOR
16:47:27:476 4280 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\tsk_usbstor.sys
16:47:27:476 4280 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
16:47:27:476 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
16:47:27:476 4280 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 89C22AB8
16:47:27:476 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89C22AB8
16:47:27:491 4280 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 89C18800
16:47:27:491 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89C18800
16:47:27:491 4280 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 89B93B18
16:47:27:491 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89B93B18
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0x89B93B18[0x38]
16:47:27:491 4280 DetectCureTDL3: DRIVER_OBJECT addr: 89B89900
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0x89B89900[0xA8]
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0xE1BC58E0[0x208]
16:47:27:491 4280 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
16:47:27:491 4280 DetectCureTDL3: IrpHandler (0) addr: B07D8218
16:47:27:491 4280 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (2) addr: B07D8218
16:47:27:491 4280 DetectCureTDL3: IrpHandler (3) addr: B07D823C
16:47:27:491 4280 DetectCureTDL3: IrpHandler (4) addr: B07D823C
16:47:27:491 4280 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (9) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (14) addr: B07D8180
16:47:27:491 4280 DetectCureTDL3: IrpHandler (15) addr: B07D39E6
16:47:27:491 4280 DetectCureTDL3: IrpHandler (16) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (22) addr: B07D75F0
16:47:27:491 4280 DetectCureTDL3: IrpHandler (23) addr: B07D5A6E
16:47:27:491 4280 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0xB07D4F26[0x400]
16:47:27:491 4280 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
16:47:27:491 4280 TDL3_FileDetect: Processing driver: USBSTOR
16:47:27:491 4280 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\tsk_usbstor.sys
16:47:27:491 4280 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
16:47:27:491 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
16:47:27:491 4280 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 89F23AB8
16:47:27:491 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89F23AB8
16:47:27:491 4280 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 89C7BB28
16:47:27:491 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89C7BB28
16:47:27:491 4280 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 8987D828
16:47:27:491 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8987D828
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0x8987D828[0x38]
16:47:27:491 4280 DetectCureTDL3: DRIVER_OBJECT addr: 89B89900
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0x89B89900[0xA8]
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0xE1BC58E0[0x208]
16:47:27:491 4280 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
16:47:27:491 4280 DetectCureTDL3: IrpHandler (0) addr: B07D8218
16:47:27:491 4280 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (2) addr: B07D8218
16:47:27:491 4280 DetectCureTDL3: IrpHandler (3) addr: B07D823C
16:47:27:491 4280 DetectCureTDL3: IrpHandler (4) addr: B07D823C
16:47:27:491 4280 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (9) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (14) addr: B07D8180
16:47:27:491 4280 DetectCureTDL3: IrpHandler (15) addr: B07D39E6
16:47:27:491 4280 DetectCureTDL3: IrpHandler (16) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (22) addr: B07D75F0
16:47:27:491 4280 DetectCureTDL3: IrpHandler (23) addr: B07D5A6E
16:47:27:491 4280 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0xB07D4F26[0x400]
16:47:27:491 4280 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
16:47:27:491 4280 TDL3_FileDetect: Processing driver: USBSTOR
16:47:27:491 4280 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\tsk_usbstor.sys
16:47:27:491 4280 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
16:47:27:491 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
16:47:27:491 4280 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 8A148710
16:47:27:491 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A148710
16:47:27:491 4280 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 89C0F618
16:47:27:491 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89C0F618
16:47:27:491 4280 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 897C0C48
16:47:27:491 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 897C0C48
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0x897C0C48[0x38]
16:47:27:491 4280 DetectCureTDL3: DRIVER_OBJECT addr: 89B89900
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0x89B89900[0xA8]
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0xE1BC58E0[0x208]
16:47:27:491 4280 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
16:47:27:491 4280 DetectCureTDL3: IrpHandler (0) addr: B07D8218
16:47:27:491 4280 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (2) addr: B07D8218
16:47:27:491 4280 DetectCureTDL3: IrpHandler (3) addr: B07D823C
16:47:27:491 4280 DetectCureTDL3: IrpHandler (4) addr: B07D823C
16:47:27:491 4280 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (9) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (14) addr: B07D8180
16:47:27:491 4280 DetectCureTDL3: IrpHandler (15) addr: B07D39E6
16:47:27:491 4280 DetectCureTDL3: IrpHandler (16) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (22) addr: B07D75F0
16:47:27:491 4280 DetectCureTDL3: IrpHandler (23) addr: B07D5A6E
16:47:27:491 4280 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0xB07D4F26[0x400]
16:47:27:491 4280 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
16:47:27:491 4280 TDL3_FileDetect: Processing driver: USBSTOR
16:47:27:491 4280 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\tsk_usbstor.sys
16:47:27:491 4280 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
16:47:27:491 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
16:47:27:491 4280 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 8A3308A0
16:47:27:491 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3308A0
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0x8A3308A0[0x38]
16:47:27:491 4280 DetectCureTDL3: DRIVER_OBJECT addr: 8AC81910
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0x8AC81910[0xA8]
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0xE17D22D0[0x208]
16:47:27:491 4280 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:47:27:491 4280 DetectCureTDL3: IrpHandler (0) addr: BA0EEBB0
16:47:27:491 4280 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (2) addr: BA0EEBB0
16:47:27:491 4280 DetectCureTDL3: IrpHandler (3) addr: BA0E8D1F
16:47:27:491 4280 DetectCureTDL3: IrpHandler (4) addr: BA0E8D1F
16:47:27:491 4280 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (9) addr: BA0E92E2
16:47:27:491 4280 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (14) addr: BA0E93BB
16:47:27:491 4280 DetectCureTDL3: IrpHandler (15) addr: BA0ECF28
16:47:27:491 4280 DetectCureTDL3: IrpHandler (16) addr: BA0E92E2
16:47:27:491 4280 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (22) addr: BA0EAC82
16:47:27:491 4280 DetectCureTDL3: IrpHandler (23) addr: BA0EF99E
16:47:27:491 4280 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:47:27:491 4280 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:47:27:491 4280 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
16:47:27:491 4280 KLMD_ReadMem: DeviceIoControl error 1
16:47:27:491 4280 TDL3_StartIoHookDetect: Unable to get StartIo handler code
16:47:27:491 4280 TDL3_FileDetect: Processing driver: Disk
16:47:27:491 4280 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
16:47:27:491 4280 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
16:47:27:491 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
16:47:27:507 4280 DetectCureTDL3: 11 Curr stack PDEVICE_OBJECT: 8A330C68
16:47:27:507 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A330C68
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0x8A330C68[0x38]
16:47:27:507 4280 DetectCureTDL3: DRIVER_OBJECT addr: 8AC81910
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0x8AC81910[0xA8]
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0xE17D22D0[0x208]
16:47:27:507 4280 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:47:27:507 4280 DetectCureTDL3: IrpHandler (0) addr: BA0EEBB0
16:47:27:507 4280 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (2) addr: BA0EEBB0
16:47:27:507 4280 DetectCureTDL3: IrpHandler (3) addr: BA0E8D1F
16:47:27:507 4280 DetectCureTDL3: IrpHandler (4) addr: BA0E8D1F
16:47:27:507 4280 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (9) addr: BA0E92E2
16:47:27:507 4280 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (14) addr: BA0E93BB
16:47:27:507 4280 DetectCureTDL3: IrpHandler (15) addr: BA0ECF28
16:47:27:507 4280 DetectCureTDL3: IrpHandler (16) addr: BA0E92E2
16:47:27:507 4280 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (22) addr: BA0EAC82
16:47:27:507 4280 DetectCureTDL3: IrpHandler (23) addr: BA0EF99E
16:47:27:507 4280 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
16:47:27:507 4280 KLMD_ReadMem: DeviceIoControl error 1
16:47:27:507 4280 TDL3_StartIoHookDetect: Unable to get StartIo handler code
16:47:27:507 4280 TDL3_FileDetect: Processing driver: Disk
16:47:27:507 4280 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
16:47:27:507 4280 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
16:47:27:507 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
16:47:27:507 4280 DetectCureTDL3: 12 Curr stack PDEVICE_OBJECT: 8AC75C68
16:47:27:507 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AC75C68
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0x8AC75C68[0x38]
16:47:27:507 4280 DetectCureTDL3: DRIVER_OBJECT addr: 8AC81910
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0x8AC81910[0xA8]
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0xE17D22D0[0x208]
16:47:27:507 4280 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:47:27:507 4280 DetectCureTDL3: IrpHandler (0) addr: BA0EEBB0
16:47:27:507 4280 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (2) addr: BA0EEBB0
16:47:27:507 4280 DetectCureTDL3: IrpHandler (3) addr: BA0E8D1F
16:47:27:507 4280 DetectCureTDL3: IrpHandler (4) addr: BA0E8D1F
16:47:27:507 4280 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (9) addr: BA0E92E2
16:47:27:507 4280 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (14) addr: BA0E93BB
16:47:27:507 4280 DetectCureTDL3: IrpHandler (15) addr: BA0ECF28
16:47:27:507 4280 DetectCureTDL3: IrpHandler (16) addr: BA0E92E2
16:47:27:507 4280 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (22) addr: BA0EAC82
16:47:27:507 4280 DetectCureTDL3: IrpHandler (23) addr: BA0EF99E
16:47:27:507 4280 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:47:27:507 4280 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
16:47:27:507 4280 KLMD_ReadMem: DeviceIoControl error 1
16:47:27:507 4280 TDL3_StartIoHookDetect: Unable to get StartIo handler code
16:47:27:507 4280 TDL3_FileDetect: Processing driver: Disk
16:47:27:507 4280 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
16:47:27:507 4280 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
16:47:27:507 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
16:47:27:507 4280 DetectCureTDL3: 13 Curr stack PDEVICE_OBJECT: 8AC4AAB8
16:47:27:507 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AC4AAB8
16:47:27:507 4280 DetectCureTDL3: 13 Curr stack PDEVICE_OBJECT: 8A732030
16:47:27:507 4280 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A732030
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0x8A732030[0x38]
16:47:27:507 4280 DetectCureTDL3: DRIVER_OBJECT addr: 8A216650
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0x8A216650[0xA8]
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0x8AC87030[0x38]
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0x8AC81A08[0xA8]
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0xE1037268[0x208]
16:47:27:507 4280 DetectCureTDL3: DRIVER_OBJECT name: \Driver\iastor, Driver Name: iastor
16:47:27:507 4280 DetectCureTDL3: IrpHandler (0) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (1) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (2) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (3) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (4) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (5) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (6) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (7) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (8) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (9) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (10) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (11) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (12) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (13) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (14) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (15) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (16) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (17) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (18) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (19) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (20) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (21) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (22) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (23) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (24) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (25) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: IrpHandler (26) addr: 8AC2B50C
16:47:27:507 4280 DetectCureTDL3: All IRP handlers pointed to one addr: 8AC2B50C
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0x8AC2B50C[0x400]
16:47:27:507 4280 TDL3_IrpHookDetect: CheckParameters: 7, FFDF0308, 457, 99, 3, 88
16:47:27:507 4280 Driver "iastor" Irp handler infected by TDSS rootkit ... 16:47:27:507 4280 KLMD_WriteMem: Trying to WriteMemory 0x8AC2B56F[0xD]
16:47:27:507 4280 cured
16:47:27:507 4280 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
16:47:27:507 4280 KLMD_ReadMem: DeviceIoControl error 1
16:47:27:507 4280 TDL3_StartIoHookDetect: Unable to get StartIo handler code
16:47:27:507 4280 TDL3_FileDetect: Processing driver: iastor
16:47:27:507 4280 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\iastor.sys, C:\WINDOWS\system32\Drivers\tsk_iastor.sys, SYSTEM\CurrentControlSet\Services\iastor, system32\Drivers\tsk_iastor.sys
16:47:27:507 4280 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\iastor.sys
16:47:27:507 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\iastor.sys
16:47:27:538 4280 File C:\WINDOWS\system32\drivers\iastor.sys infected by TDSS rootkit ... 16:47:27:554 4280 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\drivers\iastor.sys
16:47:27:554 4280 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\iastor.sys
16:47:27:585 4280 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\Drivers\tsk_iastor.sys
16:47:27:679 4280 TDL3_FileCure: Image path (system32\Drivers\tsk_iastor.sys) was set for service (SYSTEM\CurrentControlSet\Services\iastor)
16:47:27:679 4280 TDL3_FileCure: KLMD_PendCopyFileW (C:\WINDOWS\system32\Drivers\tsk_iastor.sys, C:\WINDOWS\system32\drivers\iastor.sys) success
16:47:27:679 4280 will be cured on next reboot
16:47:27:679 4280
Completed

Results:
16:47:27:679 4280 Infected objects in memory: 1
16:47:27:710 4280 Cured objects in memory: 1
16:47:27:710 4280 Infected objects on disk: 1
16:47:27:710 4280 Objects on disk cured on reboot: 1
16:47:27:710 4280 Objects on disk deleted on reboot: 0
16:47:27:710 4280 Registry nodes deleted on reboot: 0
16:47:27:710 4280

Attached Files

  • Attached File  gmer.zip   14.47KB   1 downloads

Edited by finnstang, 12 December 2009 - 05:52 PM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:30 AM

Posted 13 December 2009 - 09:28 AM

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

===================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 finnstang

finnstang
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 13 December 2009 - 01:18 PM

MBAM Log:

Malwarebytes' Anti-Malware 1.42
Database version: 3353
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/13/2009 1:17:49 PM
mbam-log-2009-12-13 (13-17-49).txt

Scan type: Quick Scan
Objects scanned: 155959
Time elapsed: 14 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 135
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 38
Files Infected: 165

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoaccessactivex.Chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\bootstera (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\cindy gilbert\Application Data\searchtoolbarcorp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\cindy gilbert\Application Data\searchtoolbarcorp\Toolbar Vision (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\debbie\Application Data\searchtoolbarcorp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\debbie\Application Data\searchtoolbarcorp\Toolbar Vision (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\cindy gilbert\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\cindy gilbert\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\debbie\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\debbie\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\3.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\cindy gilbert\Application Data\searchtoolbarcorp\Toolbar Vision\PageHistory.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\cindy gilbert\Application Data\searchtoolbarcorp\Toolbar Vision\WebHistory.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\debbie\Application Data\searchtoolbarcorp\Toolbar Vision\PageHistory.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\debbie\Application Data\searchtoolbarcorp\Toolbar Vision\WebHistory.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\recipes.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\recipes.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\recipes_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\recipes_over.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Cache\001DA3D4.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\001C83ED.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\001DA2EA.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000159C3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00015B0B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00015BB7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00015C92.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00015D0F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00028B9C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0002A53F (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0002B329 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00030DFB (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00037996 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0004DFDD (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00069D2D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0006C892 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00070760.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0007083B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000708D7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00074B9D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0007E184.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0007E1F1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0007E25F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0007E2DC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000A3D46 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000F82A4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000F836F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000F83CD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000F842B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00172114.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\001CCD0C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\001CCDC7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\001CCEF0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\001EB786 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\002BC533 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0049F421.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0092A8CC (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stera.job (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

#8 finnstang

finnstang
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 13 December 2009 - 01:26 PM

The computer seems to working much better now! Thanks! Google results no longer seem to be getting hijacked and the computer itself is definitely quicker than it was a couple days ago.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:30 AM

Posted 14 December 2009 - 07:28 AM

Excellent! :(

It's time to clean up.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 finnstang

finnstang
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 14 December 2009 - 12:00 PM

Did all of the above. Thanks again, Sam!

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:30 AM

Posted 14 December 2009 - 08:54 PM

I'm glad I could help you out! :(

Now that your problem appears to be resolved, this topic will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users