Hijackthis analysis: Windows XP shutdown and reboots automatically

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Page 1 of 1

You cannot start a new topic
This topic is locked

Hijackthis analysis: Windows XP shutdown and reboots automatically Need analysis of Hijackthis log

#1 Talhop

New Member

Group: Members
Posts: 4
Joined: 23-March 11

Posted 23 March 2011 - 12:59 PM

My daughter's desktop is shutting down and rebooting sometimes every 90 seconds.

I realised she hadn't updated AVAST, but it wouldn't accept a reinstall, so I removed it and loaded Avira. I have run that without any virus detection.

It seems to be rebooting slightly less, but still occurs.

Please can someone assist with an analysis of the attachment as I don't know what to do next. She is home-schooled and using software on this PC.

Many thanks

Mike

20110323 hijackthis.txt (7.94K)
Number of downloads: 3

#2 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 29 March 2011 - 03:52 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)

Link 2 (zipped file)

Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

NEXT:

Running OTL

We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

NEXT:

Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 Talhop

New Member

Group: Members
Posts: 4
Joined: 23-March 11

Posted 30 March 2011 - 12:42 PM

Hi SweetTech,

No, things are certainly not resolved ;-(
She is still experiencing shutdown and reboots about 8 times a day - VERY frustrating when she is trying to do school.

Here's what you requested - WE REALLY APPRECIATE YOUR HELP!

(I AM DOING THIS IN 2 PARTS as I don't want to risk the computer crashing midway)

Mike

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF0F4000 C:\WINDOWS\System32\s3gcil_inv.dll 3284992 bytes
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF736E000 PCI_PNP7780 1052672 bytes
0xF736E000 sptd 1052672 bytes
0xF736E000 spxy.sys 1052672 bytes
0xBF012000 C:\WINDOWS\System32\S3gIGP.dll 925696 bytes (S3 Graphics Co., Ltd., S3 Graphics 86c700-series Display Driver)
0xF6EB4000 C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys 684032 bytes (S3 Graphics Co., Ltd., S3 Graphics 86c700-series Miniport)
0xF720A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF58B9000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6DEB000 C:\WINDOWS\system32\DRIVERS\A3AB.sys 450560 bytes (D-Link Corporation, Driver for D-Link Wireless Network Adapter)
0xF6B68000 C:\WINDOWS\system32\drivers\Senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xF57ED000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 385024 bytes (AVAST Software, avast! Virtualization Driver)
0xF6C51000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF5AA0000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF008F000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF584B000 C:\WINDOWS\System32\Drivers\aswSP.SYS 294912 bytes (AVAST Software, avast! self protection module)
0xBF416000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEF557000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6DB3000 C:\WINDOWS\System32\Drivers\a1ehb7g9.SYS 229376 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7328000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF0277000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF71DD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEF017000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF5929000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6D77000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF5976000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6C0C000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 155648 bytes (Analog Devices, Inc., High Definition Audio Function Driver(Release Candidate 1))
0xF5893000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF5A7A000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6BE8000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6E59000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6E7D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF5954000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF6BC8000 C:\WINDOWS\system32\drivers\AEAudio.sys 131072 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF72C0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF72F8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF71C3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF72E0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7356000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF0524000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF7297000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6D60000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF06A3000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xEFA8A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5A3E000 C:\WINDOWS\system32\drivers\bckd.sys 81920 bytes
0xF6D9F000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6EA0000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF5AF9000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF72AE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7317000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6D4F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF57B4000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xEFDBF000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7750000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF6D1F000 C:\WINDOWS\System32\Drivers\dump_ViPrt.sys 65536 bytes
0xF7780000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF75B0000 ViPrt.sys 65536 bytes (VIA Technologies, Inc., VIA SATA IDE Driver)
0xF7630000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7760000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEFF6F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7680000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7690000 C:\WINDOWS\system32\DRIVERS\ousb2hub.sys 57344 bytes (OrangeWare Corporation, USB 2.0 Hub Driver)
0xF75D0000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7790000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77A0000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75A0000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7770000 C:\WINDOWS\System32\Drivers\ousbehci.sys 49152 bytes (OrangeWare Corporation, USB 2.0 Enhanced Host Controller Driver)
0xF77E0000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76E0000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7740000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7580000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77D0000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75E0000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)
0xF76B0000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF7570000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7640000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF0444000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF7620000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75C0000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF76F0000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7730000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7610000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF76D0000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEF1D4000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7590000 ViBus.sys 36864 bytes (VIA Technologies, Inc., VIA SATA IDE Driver)
0xF76C0000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7968000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7800000 videX32.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0xF7808000 xfilt.sys 32768 bytes (VIA Technologies,Inc, ATA/ATAPI devices hot-plug monitor)
0xF78F0000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7840000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF77F0000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7850000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF78F8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7920000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7978000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7888000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7958000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7970000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF7948000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7960000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77F8000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7910000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7918000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7908000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF78C8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xEF241000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF0488000 C:\WINDOWS\system32\drivers\cpuz132_x32.sys 16384 bytes (Windows ® Codename Longhorn DDK provider, CPUID Driver)
0xF7193000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF06BC000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A5C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF0724000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7980000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF5B40000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A48000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7A50000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A60000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6F5F000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A8C000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xF7AA4000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7A9C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A9A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A70000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A9E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B24000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7AA0000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A94000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A98000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A74000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A72000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C45000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C85000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C24000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B38000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x863D71F8 unknown_irp_handler 3592 bytes
0x861C91F8 unknown_irp_handler 3592 bytes
0x861B61F8 unknown_irp_handler 3592 bytes
0x863D91F8 unknown_irp_handler 3592 bytes
0x8615C1F8 unknown_irp_handler 3592 bytes
0x863D81F8 unknown_irp_handler 3592 bytes
0x860851F8 unknown_irp_handler 3592 bytes
0x861621F8 unknown_irp_handler 3592 bytes
0x86045500 unknown_irp_handler 2816 bytes
0x860B0500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#4 Talhop

New Member

Group: Members
Posts: 4
Joined: 23-March 11

Posted 30 March 2011 - 12:53 PM

PART 2: THE OTL SCANS:

OTL SCAN:

OTL logfile created on: 2011/03/30 07:40:32 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

958.00 Mb Total Physical Memory | 335.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 163.50 Gb Free Space | 70.21% Space Free | Partition Type: NTFS
Drive D: | 440.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TALITHA | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/30 19:39:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/03/23 19:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/23 17:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 17:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/05/17 15:52:25 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\ezprint.exe
PRC - [2010/05/17 15:52:23 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/14 21:01:23 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeecoms.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/02 20:29:12 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/01/14 01:39:08 | 001,078,560 | ---- | M] () -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/01 23:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/08/03 14:53:02 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2006/07/11 02:33:16 | 000,176,128 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\S3Trayp.exe

========== Modules (SafeList) ==========

MOD - [2011/03/30 19:39:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2011/02/23 17:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SMSv3hs)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/23 17:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/31 19:44:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/14 21:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxeecoms.exe -- (lxee_device)
SRV - [2010/04/14 21:01:11 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV - [2009/09/02 20:29:12 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/01/14 01:39:08 | 001,078,560 | ---- | M] () [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)

========== Driver Services (SafeList) ==========

DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/02/23 16:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 16:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 16:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 16:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 16:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 16:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 16:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/09/08 18:56:12 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/03/25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/01/14 01:39:06 | 000,072,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bckd.sys -- (bckd)
DRV - [2008/04/03 15:42:34 | 000,053,248 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2008/04/03 15:42:30 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2007/09/21 17:49:10 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2007/05/18 11:41:30 | 000,037,760 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2006/09/12 10:43:38 | 000,659,456 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2006/02/23 05:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2005/08/11 07:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/07/15 15:02:41 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2005/07/15 15:02:30 | 000,045,696 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2005/06/16 06:02:00 | 000,450,400 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2004/10/27 15:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-1644491937-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2776682
IE - HKU\S-1-5-21-1078081533-1644491937-839522115-1004\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1078081533-1644491937-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2776682&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.1.0.12
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0848}:1.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\Program Files\iWin Games\firefox\ [2009/10/08 19:04:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/24 21:05:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 11:07:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/31 15:05:09 | 000,000,000 | ---D | M]

[2009/01/26 13:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/03/24 20:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vqk8qtds.default\extensions
[2010/11/06 20:11:39 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vqk8qtds.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2009/05/12 08:07:25 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vqk8qtds.default\searchplugins\ask.xml
[2010/09/16 18:48:08 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\vqk8qtds.default\searchplugins\conduit.xml
[2011/03/24 20:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/24 10:56:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/31 15:05:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/10/08 19:04:19 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAM FILES\IWIN GAMES\FIREFOX
[2009/06/13 10:39:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/02/28 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKU\S-1-5-21-1078081533-1644491937-839522115-1004\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-1078081533-1644491937-839522115-1004\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-1078081533-1644491937-839522115-1004\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro700 Series\ezprint.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [lxeemon.exe] C:\Program Files\Lexmark Pro700 Series\lxeemon.exe ()
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [S3Trayp] C:\WINDOWS\System32\S3Trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\S-1-5-21-1078081533-1644491937-839522115-1004..\Run: [DriverUpdaterPro] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1644491937-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/22 09:13:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 19:38:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/03/29 08:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/24 21:07:11 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/24 21:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/24 21:07:10 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/24 21:07:08 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/24 21:07:08 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/24 21:07:08 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/24 21:07:07 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/24 21:07:07 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/24 21:07:06 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/24 21:06:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/24 21:05:43 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/24 20:37:41 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/03/23 10:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/23 09:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/03/23 09:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/23 08:38:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/03/23 08:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira
[2011/03/23 08:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/03/23 08:32:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/03/23 08:32:55 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/03/23 08:32:55 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/03/23 08:32:55 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/03/23 08:32:55 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/03/23 08:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/03/23 08:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/03/23 07:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/21 19:39:56 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/21 19:30:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/07 09:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro700 Series
[2011/03/01 14:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2010/12/28 19:22:26 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecoin.dll
[2010/12/28 19:20:16 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeinpa.dll
[2010/12/28 19:20:16 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEEhcp.dll
[2010/12/28 19:20:15 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeserv.dll
[2010/12/28 19:20:15 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeusb1.dll
[2010/12/28 19:20:15 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeepmui.dll
[2010/12/28 19:20:15 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeelmpm.dll
[2010/12/28 19:20:15 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeiesc.dll
[2010/12/28 19:20:14 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeehbn3.dll
[2010/12/28 19:20:14 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeih.exe
[2010/12/28 19:20:13 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecomc.dll
[2010/12/28 19:20:13 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecoms.exe
[2010/12/28 19:20:13 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecfg.exe
[2010/12/28 19:20:13 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecomm.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[173 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/30 19:39:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/03/30 19:34:41 | 000,031,460 | ---- | M] () -- C:\Documents and Settings\User\Desktop\20110330 Talitha Rootkit Scan
[2011/03/30 19:19:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1644491937-839522115-1004UA.job
[2011/03/30 19:13:30 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Word 2003.lnk
[2011/03/30 18:03:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/30 13:19:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1644491937-839522115-1004Core.job
[2011/03/30 11:54:12 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SOS Teacher.lnk
[2011/03/30 11:46:59 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SOS Student.lnk
[2011/03/29 13:33:12 | 000,012,040 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Biography Project on Grandpa.rtf
[2011/03/28 14:33:20 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2011/03/24 21:07:11 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/24 21:07:07 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/24 20:26:10 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/03/23 09:10:21 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2011/03/23 08:33:05 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/03/21 08:30:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/19 17:09:38 | 059,965,440 | ---- | M] () -- C:\Documents and Settings\User\My Documents\setup_av_free.exe
[2011/03/19 16:48:16 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/03/17 09:10:26 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/03/17 09:10:26 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/03/09 19:29:15 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[172 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/30 19:34:41 | 000,031,460 | ---- | C] () -- C:\Documents and Settings\User\Desktop\20110330 Talitha Rootkit Scan
[2011/03/29 13:33:12 | 000,012,040 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Biography Project on Grandpa.rtf
[2011/03/24 21:07:11 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/24 20:26:10 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2011/03/23 09:10:21 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2011/03/23 08:33:05 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/03/19 17:19:44 | 059,965,440 | ---- | C] () -- C:\Documents and Settings\User\My Documents\setup_av_free.exe
[2010/12/28 19:22:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeevs.dll
[2010/12/28 19:22:21 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxeegcfg.dll
[2010/12/28 19:22:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeecui.dll
[2010/12/28 19:22:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeecuir.dll
[2010/12/28 19:20:26 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxeerwrd.ini
[2010/12/28 19:20:16 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEEinst.dll
[2010/12/28 19:20:14 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeeins.dll
[2010/12/28 19:20:14 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeeinsb.dll
[2010/12/28 19:20:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeegrd.dll
[2010/12/28 19:20:14 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxeeinsr.dll
[2010/12/28 19:20:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeecub.dll
[2010/12/28 19:20:14 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeejswr.dll
[2010/12/28 19:20:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeecur.dll
[2010/12/28 19:20:13 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeecu.dll
[2010/12/28 19:19:47 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEEsm.dll
[2010/12/28 19:19:47 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEEsmr.dll
[2010/10/12 08:23:33 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/12/11 10:19:19 | 000,003,553 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/12/10 17:11:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/10/03 18:35:03 | 002,702,848 | ---- | C] () -- C:\WINDOWS\System32\s3gcil_inv.dll
[2009/10/03 18:24:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/21 18:42:03 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/07/14 07:39:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mfont.dat
[2009/07/14 07:20:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2009/07/04 09:50:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\User\Application Data\$_hpcst$.hpc
[2009/05/05 10:11:49 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/05/05 10:07:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/05/01 09:32:14 | 000,011,264 | ---- | C] () -- C:\WINDOWS\CATSTUB.EXE
[2009/05/01 09:32:14 | 000,000,096 | ---- | C] () -- C:\WINDOWS\MSINSTR.INI
[2009/02/22 13:58:42 | 000,000,522 | ---- | C] () -- C:\WINDOWS\KA.INI
[2009/01/27 09:39:38 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/26 14:48:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/26 13:37:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/26 12:00:26 | 000,000,137 | R--- | C] () -- C:\WINDOWS\System32\DWLAB.DAT
[2009/01/22 11:03:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/22 11:00:41 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/22 09:24:20 | 000,017,755 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009/01/22 09:24:07 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/01/22 09:24:00 | 000,017,511 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/01/22 09:23:53 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/01/22 09:17:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/22 09:10:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/14 01:39:06 | 000,072,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\bckd.sys
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006/02/28 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 14:00:00 | 000,584,662 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 14:00:00 | 000,125,896 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/06/14 04:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D632CD7
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94EAB850

< End of report >

EXTRAS REPORT:

OTL Extras logfile created on: 2011/03/30 07:40:32 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

958.00 Mb Total Physical Memory | 335.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 163.50 Gb Free Space | 70.21% Space Free | Partition Type: NTFS
Drive D: | 440.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TALITHA | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1078081533-1644491937-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\j2re1.4.1_02\bin\java.exe" = C:\Program Files\Java\j2re1.4.1_02\bin\java.exe:*:Enabled:Java Runtime Environment -- ()
"C:\Program Files\Rosetta Stone\SMS v3.0hs\server.exe" = C:\Program Files\Rosetta Stone\SMS v3.0hs\server.exe:*:Enabled:SMS Server v3.0hs
"C:\Program Files\Rosetta Stone\SMS v3.0hs\admin.exe" = C:\Program Files\Rosetta Stone\SMS v3.0hs\admin.exe:*:Enabled:SMS Admin v3.0hs
"C:\Program Files\Rosetta Stone\SMS v3.0hs\service\JavaSrvc.exe" = C:\Program Files\Rosetta Stone\SMS v3.0hs\service\JavaSrvc.exe:*:Enabled:SMS Service v3.0hs
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe" = C:\Program Files\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe:*:Enabled:Zoo Tycoon 2 Demo Executable -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Disabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxeecoms.exe" = C:\WINDOWS\system32\lxeecoms.exe:*:Enabled:Pro700 Series Server -- ( )
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{183135A3-2CE8-43B5-BA5A-757EBAECB413}" = Disney Pix Micro Downloader
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 23
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SOSHOME22)
"{344F5622-D7D0-46FA-9E56-FF95C82379B0}" = World of Zoo Demo
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3840228f-0150-4f22-8e4f-464085954973}.sdb" = Mickey Learning Kindergarten BE Fix
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58A2FCCB-BA16-433E-B443-230122B91D2F}" = Toy Story 2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B494C86-E05B-4D4F-B926-A2FDABDB4DE2}" = Get Ready for School with Mickey
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SOSHOME309)
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA5E022C-F4DB-46F4-9379-0F4397A90C23}" = Switched-On Schoolhouse 2009 - Home Edition Database
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B210130E-835C-4581-A695-CE10616B8B55}_is1" = Driver Sweeper 2.0.5
"{B80941B0-42C5-40D0-B190-EBD23323ED57}" = Switched-On Schoolhouse 2009 - Home Edition
"{BAAB98AF-E4B6-4A2F-A3D7-296BADB7FE2E}" = Microsoft SQL Server 2005 Express Edition (SOSSTUDENTSYNC50)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB74EAFC-4054-4D4A-A167-CE3E52533606}" = Mike's Monstrous Adventure
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{E572B060-C98B-4984-A48E-E4FA56265903}" = SA31xx Device Manager & Media Converter
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7E254C0-94AA-4B33-AF6D-5276A169A680}" = TONKA Search & Rescue 2
"{E80E54AA-FA6A-4EA1-A797-6B73DDCF7510}" = SA31xx Device Manager & Media Converter
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"A_Profitable_Mechanical_Trading_System" = Mechanical eBook and Viewer
"Ace Monkey's Numbers" = Ace Monkey's Numbers
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Amazing Animals" = Amazing Animals
"avast" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blue Coat K9 Web Protection" = Blue Coat® K9 Web Protection 4.0.288
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"BurnInTest_is1" = BurnInTest v5.3 Standard
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Flight Simulator 2.0" = Microsoft Combat Flight Simulator 2
"conduitEngine" = Conduit Engine
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Doggie Daycare" = Doggie Daycare (remove only)
"Edu-Soft Times Tables" = Edu-Soft Times Tables
"FG_1.4" = Jumpstart First Grade v1.4
"HijackThis" = HijackThis 2.0.2
"History Explorer" = History Explorer
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"iWinArcade" = iWin Games (remove only)
"Java Web Start" = Java Web Start
"KG98_2.0" = JumpStart Kindergarten 98 v2.0
"Kitty Luv_is1" = Kitty Luv
"Lexmark Pro700 Series" = Lexmark Pro700 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Miro" = Miro
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"My Animal Shelter" = My Animal Shelter
"RadarSync" = RadarSync
"Student Management System v3.0hs" = Student Management System v3.0hs
"uTorrent" = µTorrent
"VIA Chrome9 HC IGP Display" = VIA/S3G Display Driver 6.14.10.0071
"VLC media player" = VLC media player 1.0.1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World Explorer" = World Explorer
"World of Zoo Demo" = World of Zoo Demo
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zoo Tycoon 2 Trial Version" = Zoo Tycoon 2 Trial Version

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-1644491937-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Hoyle® Puzzle & Board 2009" = Hoyle® Puzzle & Board 2009
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011/03/28 03:21:14 AM | Computer Name = TALITHA | Source = ESENT | ID = 490
Description = svchost (896) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2011/03/28 08:42:50 AM | Computer Name = TALITHA | Source = Application Hang | ID = 1002
Description = Hanging application AvastUI.exe, version 6.0.999.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2011/03/29 01:10:10 AM | Computer Name = TALITHA | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 5.1.0.112, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2011/03/30 07:23:59 AM | Computer Name = TALITHA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeeCATSCustConnectService
service to connect.

Error - 2011/03/30 07:23:59 AM | Computer Name = TALITHA | Source = Service Control Manager | ID = 7000
Description = The lxeeCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 2011/03/30 07:23:59 AM | Computer Name = TALITHA | Source = Service Control Manager | ID = 7000
Description = The SMSv3hs service failed to start due to the following error: %%2

Error - 2011/03/30 10:02:09 AM | Computer Name = TALITHA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeeCATSCustConnectService
service to connect.

Error - 2011/03/30 10:02:09 AM | Computer Name = TALITHA | Source = Service Control Manager | ID = 7000
Description = The lxeeCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 2011/03/30 10:02:09 AM | Computer Name = TALITHA | Source = Service Control Manager | ID = 7000
Description = The SMSv3hs service failed to start due to the following error: %%2

Error - 2011/03/30 12:03:19 PM | Computer Name = TALITHA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeeCATSCustConnectService
service to connect.

Error - 2011/03/30 12:03:19 PM | Computer Name = TALITHA | Source = Service Control Manager | ID = 7000
Description = The lxeeCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 2011/03/30 12:03:19 PM | Computer Name = TALITHA | Source = Service Control Manager | ID = 7000
Description = The SMSv3hs service failed to start due to the following error: %%2

Error - 2011/03/30 12:03:21 PM | Computer Name = TALITHA | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

< End of report >

#5 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 30 March 2011 - 12:58 PM

Mike,

Looking over your logs I can see that Avast is still on the system.

If you want this removed please run the removal tool:

avast! Uninstall Utility

Sometimes it's not possible to uninstall avast! the standard way - using the ADD/REMOVE PROGRAMS in control panel. In this case, you can use our uninstallation utility aswClear.

Download aswClear.exe on to your desktop
Start Windows in Safe Mode
Open (execute) the uninstall utility = aswClear.exe
If you installed avast! in a different folder than the default, browse for it. Note: Be careful! The content of any folder you choose will be deleted!
Click REMOVE
Restart your computer

NEXT:

Running TDSSKiller

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\S-1-5-21-1078081533-1644491937-839522115-1004..\Run: [DriverUpdaterPro] File not found
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab (Reg Error: Key error.)
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[173 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[172 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

#6 Talhop

New Member

Group: Members
Posts: 4
Joined: 23-March 11

Posted 31 March 2011 - 03:02 PM

SweetTech,

Thanks again for your time.

I removed AVAST then ran the scans.

TDSKILLER REPORT:

2011/03/31 20:18:26.0140 3580 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/31 20:18:28.0140 3580 ================================================================================
2011/03/31 20:18:28.0140 3580 SystemInfo:
2011/03/31 20:18:28.0140 3580
2011/03/31 20:18:28.0140 3580 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/31 20:18:28.0140 3580 Product type: Workstation
2011/03/31 20:18:28.0140 3580 ComputerName: TALITHA
2011/03/31 20:18:28.0140 3580 UserName: User
2011/03/31 20:18:28.0140 3580 Windows directory: C:\WINDOWS
2011/03/31 20:18:28.0140 3580 System windows directory: C:\WINDOWS
2011/03/31 20:18:28.0140 3580 Processor architecture: Intel x86
2011/03/31 20:18:28.0140 3580 Number of processors: 2
2011/03/31 20:18:28.0140 3580 Page size: 0x1000
2011/03/31 20:18:28.0140 3580 Boot type: Normal boot
2011/03/31 20:18:28.0140 3580 ================================================================================
2011/03/31 20:18:29.0062 3580 !crdlk
2011/03/31 20:18:29.0171 3580 Initialize success
2011/03/31 20:18:36.0718 2296 ================================================================================
2011/03/31 20:18:36.0718 2296 Scan started
2011/03/31 20:18:36.0718 2296 Mode: Manual;
2011/03/31 20:18:36.0718 2296 ================================================================================
2011/03/31 20:18:37.0046 2296 A3AB (76624408401443bb7920af70183a7d27) C:\WINDOWS\system32\DRIVERS\A3AB.sys
2011/03/31 20:18:37.0156 2296 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/03/31 20:18:37.0359 2296 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/31 20:18:37.0437 2296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/31 20:18:37.0578 2296 ADIHdAudAddService (d392183cc5379e302e50ceba635248eb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/03/31 20:18:37.0718 2296 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/03/31 20:18:37.0843 2296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/31 20:18:37.0968 2296 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/31 20:18:38.0671 2296 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/03/31 20:18:38.0734 2296 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/03/31 20:18:38.0796 2296 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/03/31 20:18:38.0875 2296 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/03/31 20:18:38.0953 2296 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/03/31 20:18:39.0078 2296 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/03/31 20:18:39.0203 2296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/31 20:18:39.0250 2296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/31 20:18:39.0406 2296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/31 20:18:39.0546 2296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/31 20:18:39.0750 2296 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/03/31 20:18:39.0906 2296 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/03/31 20:18:39.0953 2296 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/03/31 20:18:40.0078 2296 bckd (ca52f010696f4548eb486c83b9b0a2b6) C:\WINDOWS\system32\drivers\bckd.sys
2011/03/31 20:18:40.0218 2296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/31 20:18:40.0359 2296 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/03/31 20:18:40.0437 2296 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/03/31 20:18:40.0609 2296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/31 20:18:40.0687 2296 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/31 20:18:40.0765 2296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/31 20:18:40.0828 2296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/31 20:18:40.0843 2296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/31 20:18:41.0031 2296 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2011/03/31 20:18:41.0187 2296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/31 20:18:41.0265 2296 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/31 20:18:41.0390 2296 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/31 20:18:41.0515 2296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/31 20:18:41.0593 2296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/31 20:18:41.0718 2296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/31 20:18:41.0812 2296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/31 20:18:41.0906 2296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/31 20:18:41.0968 2296 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/31 20:18:42.0031 2296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/31 20:18:42.0140 2296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/31 20:18:42.0171 2296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/31 20:18:42.0234 2296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/31 20:18:42.0281 2296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/31 20:18:42.0359 2296 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/03/31 20:18:42.0453 2296 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/31 20:18:42.0531 2296 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/31 20:18:42.0640 2296 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/31 20:18:42.0765 2296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/31 20:18:42.0843 2296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/31 20:18:43.0015 2296 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/31 20:18:43.0062 2296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/31 20:18:43.0125 2296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/31 20:18:43.0218 2296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/31 20:18:43.0359 2296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/31 20:18:43.0390 2296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/31 20:18:43.0453 2296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/31 20:18:43.0578 2296 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/31 20:18:43.0625 2296 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/31 20:18:43.0718 2296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/31 20:18:43.0828 2296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/31 20:18:43.0984 2296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/31 20:18:44.0046 2296 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/31 20:18:44.0156 2296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/31 20:18:44.0265 2296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/31 20:18:44.0328 2296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/31 20:18:44.0359 2296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/31 20:18:44.0437 2296 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/31 20:18:44.0468 2296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/31 20:18:44.0531 2296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/31 20:18:44.0562 2296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/31 20:18:44.0593 2296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/31 20:18:44.0671 2296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/31 20:18:44.0703 2296 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/31 20:18:44.0781 2296 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/03/31 20:18:44.0859 2296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/31 20:18:44.0906 2296 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/31 20:18:44.0968 2296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/31 20:18:45.0015 2296 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/31 20:18:45.0062 2296 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/31 20:18:45.0125 2296 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/31 20:18:45.0171 2296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/31 20:18:45.0250 2296 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/31 20:18:45.0328 2296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/31 20:18:45.0359 2296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/31 20:18:45.0437 2296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/31 20:18:45.0468 2296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/31 20:18:45.0562 2296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/31 20:18:45.0625 2296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/31 20:18:45.0671 2296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/31 20:18:45.0750 2296 ousb2hub (6ef156d3500aa5d4f1009f8887c18659) C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
2011/03/31 20:18:45.0796 2296 ousbehci (6818994f262d0c55aaed22fed93400af) C:\WINDOWS\system32\Drivers\ousbehci.sys
2011/03/31 20:18:45.0890 2296 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/31 20:18:45.0984 2296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/31 20:18:46.0062 2296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/31 20:18:46.0125 2296 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/31 20:18:46.0234 2296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/31 20:18:46.0281 2296 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/31 20:18:46.0546 2296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/31 20:18:46.0625 2296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/31 20:18:46.0734 2296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/31 20:18:46.0984 2296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/31 20:18:47.0078 2296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/31 20:18:47.0140 2296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/31 20:18:47.0203 2296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/31 20:18:47.0265 2296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/31 20:18:47.0296 2296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/31 20:18:47.0359 2296 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/31 20:18:47.0453 2296 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/31 20:18:47.0578 2296 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/03/31 20:18:47.0718 2296 S3GIGP (7e8f62b62f3b85b88f2fa1b6399b06f2) C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys
2011/03/31 20:18:47.0906 2296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/31 20:18:47.0984 2296 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/03/31 20:18:48.0046 2296 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/31 20:18:48.0078 2296 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/31 20:18:48.0140 2296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/31 20:18:48.0250 2296 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/31 20:18:48.0343 2296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/31 20:18:48.0468 2296 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/03/31 20:18:48.0468 2296 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/03/31 20:18:48.0468 2296 sptd - detected Locked file (1)
2011/03/31 20:18:48.0531 2296 SQTECH905C (ae35d551fb28e0355c154e0c1fa20e2d) C:\WINDOWS\system32\Drivers\Capt905c.sys
2011/03/31 20:18:48.0656 2296 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/31 20:18:48.0734 2296 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/31 20:18:48.0890 2296 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/03/31 20:18:49.0046 2296 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/31 20:18:49.0156 2296 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/31 20:18:49.0250 2296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/31 20:18:49.0718 2296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/31 20:18:49.0890 2296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/31 20:18:50.0015 2296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/31 20:18:50.0109 2296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/31 20:18:50.0218 2296 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/31 20:18:50.0453 2296 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/03/31 20:18:50.0546 2296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/31 20:18:50.0671 2296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/31 20:18:50.0859 2296 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/31 20:18:50.0953 2296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/31 20:18:51.0062 2296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/31 20:18:51.0187 2296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/31 20:18:51.0312 2296 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/31 20:18:51.0390 2296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/31 20:18:51.0531 2296 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/31 20:18:51.0609 2296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/31 20:18:51.0687 2296 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/03/31 20:18:51.0781 2296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/31 20:18:51.0875 2296 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/31 20:18:51.0968 2296 ViBus (f286a8e4d9f73d7b8863680aba1496b2) C:\WINDOWS\system32\DRIVERS\ViBus.sys
2011/03/31 20:18:52.0015 2296 videX32 (eefa971bf5ebbfc7d93692ec60afcb78) C:\WINDOWS\system32\DRIVERS\videX32.sys
2011/03/31 20:18:52.0062 2296 ViPrt (682d704ca5b1fede6c4bef0e2188745c) C:\WINDOWS\system32\DRIVERS\ViPrt.sys
2011/03/31 20:18:52.0156 2296 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/31 20:18:52.0281 2296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/31 20:18:52.0453 2296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/31 20:18:52.0765 2296 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/31 20:18:52.0875 2296 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/31 20:18:52.0953 2296 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/31 20:18:53.0140 2296 xfilt (fcbc27869092850cdb75139f3818653a) C:\WINDOWS\system32\DRIVERS\xfilt.sys
2011/03/31 20:18:53.0375 2296 ================================================================================
2011/03/31 20:18:53.0375 2296 Scan finished
2011/03/31 20:18:53.0375 2296 ================================================================================
2011/03/31 20:18:53.0437 2460 Detected object count: 1
2011/03/31 20:19:12.0531 2460 Locked file(sptd) - User select action: Skip

OTL REPORT
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1078081533-1644491937-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\DriverUpdaterPro deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\System32\asw9.tmp deleted successfully.
C:\WINDOWS\System32\aswA.tmp deleted successfully.
C:\WINDOWS\System32\aswB.tmp deleted successfully.
C:\WINDOWS\System32\aswC.tmp deleted successfully.
C:\WINDOWS\System32\avaA.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET14E.tmp deleted successfully.
C:\WINDOWS\System32\SET153.tmp deleted successfully.
C:\WINDOWS\000001_.tmp deleted successfully.
C:\WINDOWS\002846_.tmp deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0001.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0002.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0003.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0004.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0005.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0006.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0007.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0008.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0009.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0010.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0011.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0012.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0021.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0045.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0057.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0115.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0137.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0141.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0163.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0166.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0180.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0227.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0275.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0300.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0345.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0359.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0408.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0410.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0430.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0438.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0449.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0457.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0462.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0466.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0477.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0485.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0553.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0673.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0725.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0743.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0756.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0767.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0788.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0799.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0812.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0866.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0878.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0885.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0906.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0912.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0923.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0940.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0951.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL0981.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1125.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1205.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1207.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1213.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1229.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1252.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1287.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1295.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1304.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1307.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1323.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1325.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1329.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1348.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1395.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1409.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1439.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1450.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1567.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1576.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1577.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1592.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1608.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1609.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1623.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1625.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1640.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1661.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1678.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1723.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1861.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1866.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1898.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1932.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1936.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1938.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1944.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1960.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1962.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL1988.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2028.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2045.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2066.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2084.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2127.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2173.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2210.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2211.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2219.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2276.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2282.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2324.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2408.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2422.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2463.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2473.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2484.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2485.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2505.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2510.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2513.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2514.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2552.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2570.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2592.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2593.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2596.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2632.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2650.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2651.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2686.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2692.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2703.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2708.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2718.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2833.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2862.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2939.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2961.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL2976.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3004.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3011.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3064.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3086.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3114.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3117.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3124.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3125.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3127.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3131.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3156.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3164.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3175.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3190.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3196.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3204.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3231.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3311.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3364.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3369.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3381.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3386.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3393.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3404.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3406.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3409.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3426.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3429.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3468.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3532.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3559.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3640.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3678.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3751.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3760.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3810.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3881.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3910.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3984.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL3994.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL4068.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL4078.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL4081.tmp deleted successfully.
C:\Documents and Settings\User\My Documents\~WRL4096.tmp deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 324632 bytes
->Temporary Internet Files folder emptied: 95921 bytes
->FireFox cache emptied: 3472551 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11805304 bytes

User: User
->Temp folder emptied: 1377628055 bytes
->Temporary Internet Files folder emptied: 13519674 bytes
->Java cache emptied: 72951618 bytes
->FireFox cache emptied: 45591256 bytes
->Google Chrome cache emptied: 15619321 bytes
->Flash cache emptied: 688473 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58862839 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91259362 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 808819774 bytes

Total Files Cleaned = 2,385.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 03312011_205953

Files\Folders moved on Reboot...
C:\Documents and Settings\User\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_15c.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5fc.dat not found!

Registry entries deleted on Reboot...

#7 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 31 March 2011 - 04:19 PM

Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.

Download Link 1

Download Link 2

Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to this Guide.
When the installation begins, follow the prompts and do not make any changes to default settings.
Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
Click on the Scan button.
When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes' when done.

Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#8 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 03 April 2011 - 12:45 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.