Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help- Told to post here by Mod Garmanma


  • This topic is locked This topic is locked
26 replies to this topic

#1 xtullyx16

xtullyx16

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 04 November 2009 - 06:23 PM

DDS (Ver_09-10-26.01) - NTFSx86
Run by Ed at 18:19:30.96 on Wed 11/04/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.476 [GMT -5:00]

AV: avast! antivirus 4.8.1356 [VPS 091104-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:WINDOWSsystem32igfxpers.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32ctfmon.exe
svchost.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32cisvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32svchost.exe -k imgsvc
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSexplorer.exe
C:Program FilesJavajre6binjucheck.exe
C:WINDOWSsystem32cidaemon.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSSoftwareDistributionDownload8f999a6add48b449a8ea8c09fb44cb0cupdateupdate.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsEdDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: {2296428d-c133-4928-b76a-a200ff409572} - XBTP07618 Class
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:windowssystem32dlatfswshx.dll
{8e6c694d-dd8a-f809-8bd9-a028e55263b1}
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:program filescommon filessymantec sharedadblockingNISShExt.dll
{b426385c-773a-0c98-861b-0a80ad6bbc81}
BHO: Cas: {b5f3970b-745e-46ac-b890-e08f69777d80} - Cas Class
BHO: {bdf3e430-b101-42ad-a544-fadc6b084872} - CNavExtBho Class
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} -
TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:program filescommon filessymantec sharedadblockingNISShExt.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
mRun: [dla] c:windowssystem32dlatfswctrl.exe
mRun: [UpdateManager] "c:program filescommon filessonicupdate managersgtray.exe" /r
mRun: [igfxtray] c:windowssystem32igfxtray.exe
mRun: [igfxhkcmd] c:windowssystem32hkcmd.exe
mRun: [igfxpers] c:windowssystem32igfxpers.exe
mRun: [HP Software Update] "c:program fileshphp software updateHPWuSchd2.exe"
mRun: [avast!] c:progra~1alwils~1avast4ashDisp.exe
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
StartupFolder: c:docume~1alluse~1startm~1programsstartuphpdigi~1.lnk - c:program fileshpdigital imagingbinhpqtra08.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeofficeOSA9.EXE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133910308015
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134251422093
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2009-10-26 114768]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2009-10-26 20560]
R3 rootrepeal;rootrepeal;??c:windowssystem32driversrootrepeal.sys --> c:windowssystem32driversrootrepeal.sys [?]

=============== Created Last 30 ================

2009-11-02 18:04:12 34816 ----a-w- c:windowssystem32driversrootrepeal.exe.sys
2009-11-02 18:02:04 34816 ----a-w- c:windowssystem32driverstatertot.com.sys
2009-11-02 05:12:28 73728 ----a-w- c:windowssystem32javacpl.cpl
2009-11-02 05:12:27 411368 ----a-w- c:windowssystem32deploytk.dll
2009-11-02 04:13:55 0 d-----w- c:windowssystem32Adobe
2009-11-02 03:21:34 34816 ----a-w- c:windowssystem32driverstatertot.scr.sys
2009-11-01 15:42:12 126499 ----a-w- c:windowssystem32Window Shot.JPG
2009-10-31 17:10:18 0 d-----w- c:docume~1edapplic~1Malwarebytes
2009-10-31 17:10:12 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-10-31 17:10:10 19160 ----a-w- c:windowssystem32driversmbam.sys
2009-10-31 17:10:10 0 d-----w- c:docume~1alluse~1applic~1Malwarebytes
2009-10-31 17:10:09 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2009-10-29 01:46:42 28388 ---ha-w- c:windowssystem32mlfcache.dat
2009-10-27 03:26:50 107368 ----a-w- c:windowssystem32GEARAspi.dll
2009-10-27 03:25:30 0 d-----w- c:program filesiPod
2009-10-27 03:25:25 0 d-----w- c:program filesiTunes
2009-10-27 03:25:25 0 d-----w- c:docume~1alluse~1applic~1{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-27 03:24:44 0 d-----w- c:program filesBonjour
2009-10-27 03:21:40 40448 ----a-w- c:windowssystem32driversusbaapl.sys
2009-10-27 03:21:40 2065696 ----a-w- c:windowssystem32usbaaplrc.dll
2009-10-26 22:40:18 0 d-----w- c:program filesMicrosoft CAPICOM 2.1.0.2
2009-10-26 22:31:55 0 d--h--w- c:windowsmsdownld.tmp

==================== Find3M ====================

2009-09-27 23:14:03 69461 ----a-w- c:windowshpoins05.dat
2009-09-11 14:18:39 136192 ----a-w- c:windowssystem32msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:windowssystem32dllcachemsv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:windowssystem32msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:windowssystem32dllcachemsasn1.dll
2009-08-28 10:35:52 173056 ------w- c:windowssystem32dllcacheie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:windowssystem32strmdll.dll
2009-08-26 08:00:21 247326 ----a-w- c:windowssystem32dllcachestrmdll.dll
2009-08-06 23:24:18 327896 ----a-w- c:windowssystem32dllcachewucltui.dll
2009-08-06 23:24:18 209632 ----a-w- c:windowssystem32dllcachewuweb.dll
2009-08-06 23:24:10 35552 ----a-w- c:windowssystem32dllcachewups.dll
2009-08-06 23:24:06 53472 ----a-w- c:windowssystem32dllcachewuauclt.exe
2009-08-06 23:24:04 96480 ----a-w- c:windowssystem32dllcachecdm.dll
2009-08-06 23:23:54 575704 ----a-w- c:windowssystem32dllcachewuapi.dll
2009-08-06 23:23:46 274288 ----a-w- c:windowssystem32mucltui.dll
2009-08-06 23:23:46 215920 ----a-w- c:windowssystem32muweb.dll
2009-08-06 23:23:46 1929952 ----a-w- c:windowssystem32dllcachewuaueng.dll

============= FINISH: 18:20:19.39 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: DeviceHarddiskVolume2
Install Date: 7/1/2004 8:25:51 PM
System Uptime: 11/3/2009 4:25:47 PM (26 hours ago)

Motherboard: Dell Computer Corp. | | 0F4491
Processor: IntelŪ PentiumŪ 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 25.907 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP677: 9/19/2009 3:45:22 PM - Removed Bonjour
RP678: 9/19/2009 3:46:33 PM - Removed Jasc Paint Shop Photo Album
RP679: 9/19/2009 3:47:45 PM - Removed Jasc Paint Shop Pro 8 Dell Edition
RP680: 9/19/2009 4:09:14 PM - Installed Windows Installer Clean Up
RP681: 9/19/2009 6:13:09 PM - Installed AVG Free 8.5
RP682: 9/19/2009 6:15:28 PM - Avg8 Update
RP683: 9/19/2009 6:17:24 PM - Removed EarthLink Setup Files
RP684: 9/19/2009 6:17:41 PM - Removed EPSON CardMonitor
RP685: 9/20/2009 3:00:18 AM - Software Distribution Service 3.0
RP686: 9/20/2009 9:31:15 AM - Advanced SystemCare RestorePoint
RP687: 9/20/2009 10:54:01 AM - Software Distribution Service 3.0
RP688: 9/20/2009 10:55:56 AM - Software Distribution Service 3.0
RP689: 9/20/2009 12:06:33 PM - Removed Sonic RecordNow!
RP690: 9/20/2009 12:06:56 PM - Removed Sonic DLA
RP691: 9/20/2009 12:07:26 PM - Removed Sonic MyDVD
RP692: 9/20/2009 12:08:03 PM - Removed QuickTime
RP693: 9/20/2009 12:08:46 PM - Removed Sonic Update Manager
RP694: 9/20/2009 12:12:16 PM - Installed Sonic RecordNow!
RP695: 9/20/2009 12:13:16 PM - Installed Sonic DLA
RP696: 9/20/2009 12:18:48 PM - Software Distribution Service 3.0
RP697: 9/20/2009 2:21:00 PM - Configured Broadcom Advanced Control Suite
RP698: 9/20/2009 3:51:23 PM - Software Distribution Service 3.0
RP699: 9/27/2009 2:23:23 PM - Software Distribution Service 3.0
RP700: 9/27/2009 2:48:09 PM - Installed Microsoft Office 2000 Professional
RP701: 9/27/2009 2:55:20 PM - Removed Microsoft Office Basic Edition 2003
RP702: 9/27/2009 6:58:31 PM - Installed Microsoft Fix it 50126
RP703: 10/26/2009 6:31:31 PM - Installed MSN Toolbar
RP704: 10/26/2009 6:32:36 PM - Removed MSN Toolbar
RP705: 10/26/2009 6:37:47 PM - Software Distribution Service 3.0
RP706: 10/26/2009 7:06:22 PM - Removed AVG Free 8.5
RP707: 10/26/2009 7:06:53 PM - Installed AVG Free 8.5
RP708: 10/26/2009 7:08:36 PM - Software Distribution Service 3.0
RP709: 10/26/2009 11:25:08 PM - Installed iTunes
RP710: 10/27/2009 3:54:34 PM - Software Distribution Service 3.0
RP711: 10/28/2009 4:55:13 PM - System Checkpoint
RP712: 10/29/2009 5:07:12 PM - System Checkpoint
RP713: 10/30/2009 5:19:12 PM - System Checkpoint
RP714: 10/31/2009 6:17:53 PM - System Checkpoint
RP715: 11/1/2009 9:50:23 PM - System Checkpoint
RP716: 11/2/2009 1:11:50 AM - Installed Java™ 6 Update 16
RP717: 11/3/2009 1:58:37 AM - System Checkpoint
RP718: 11/4/2009 3:04:00 AM - System Checkpoint
RP719: 11/4/2009 7:17:34 PM - Software Distribution Service 3.0

==== Installed Programs ======================

1600
1600_Help
1600Trb
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11.5
AiO_Scan
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Banctec Service Agreement
Bonjour
BufferChm
CC_ccProxyMSI
CC_ccStart
ccCommon
Dell Networking Guide
Dell ResourceCD
Destinations
Director
DVDSentry
Fax
Help and Support Customization
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Image Zone 4.7
HP Image Zone Express
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HPSystemDiagnostics
IntelŪ 537EP V9x DF PCI Modem
IntelŪ Extreme Graphics 2 Driver
IntelŪ PRO Network Connections Drivers
IntelŪ PROSet
Internet Explorer Default Page
iTunes
Java™ 6 Update 16
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Event Monitor
Modem Helper
Modem On Hold
MSRedist
MSXML 4.0 SP2 (KB954430)
Norton Internet Security (Symantec Corporation)
PowerDVD
ProductContext
QFolder
QuickTime
Readme
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB960763)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

10/31/2009 1:28:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRTPEL
10/31/2009 1:28:06 PM, error: Print [23] - Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found.
10/31/2009 1:28:06 PM, error: Print [23] - Printer Fax failed to initialize because a suitable Microsoft Shared Fax Driver driver could not be found.
10/28/2009 1:39:42 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

==== End Of File ===========================

Here is my previous log [topic] with garmanma..

http://www.bleepingcomputer.com/forums/topic267232-15.html

I have avast antivirus... I also have run mbam rkiller otl and others, rootrepeal would not work.. Thankyou for your Help!

Should i delete quarantined files in avast and mbam?

Also, I probably have all outdated version of adobe and java.. this was a free computer from my aunt to use for college

Merged posts. Note: Topic in AII has OTL logs. ~ OB

Edited by Orange Blossom, 04 November 2009 - 10:51 PM.


BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 09 November 2009 - 03:41 PM

Hello and :( to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.

*If not please perform the following steps below so we can have a look at the current condition of your machine.

*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

**If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications.
In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following:

1. Click on the My Controls link at the top of the page to enter your control panel.

2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.

3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.

4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied

The topics you are tracking are shown Here.
Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

----------------------------*-------------------------------

We need to see some information about what is happening in your machine.

Please perform the following scan:


Posted Image
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:(

#3 xtullyx16

xtullyx16
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 09 November 2009 - 10:04 PM

Thanks net surfer.. i think i did download dds by subs in my old thread with garmanma... I havent touched my computer since talking wtih garmanma either..

#4 xtullyx16

xtullyx16
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 09 November 2009 - 10:28 PM

DDS (Ver_09-10-26.01) - NTFSx86
Run by Ed at 22:26:52.39 on Mon 11/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.497 [GMT -5:00]

AV: avast! antivirus 4.8.1356 [VPS 091109-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Ed\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: {2296428d-c133-4928-b76a-a200ff409572} - XBTP07618 Class
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
{8e6c694d-dd8a-f809-8bd9-a028e55263b1}
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
{b426385c-773a-0c98-861b-0a80ad6bbc81}
BHO: Cas: {b5f3970b-745e-46ac-b890-e08f69777d80} - Cas Class
BHO: {bdf3e430-b101-42ad-a544-fadc6b084872} - CNavExtBho Class
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} -
TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133910308015
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134251422093
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-26 20560]
S3 rootrepeal.exe;rootrepeal.exe;c:\windows\system32\drivers\rootrepeal.exe.sys [2009-11-2 34816]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 tatertot.com;tatertot.com;c:\windows\system32\drivers\tatertot.com.sys [2009-11-2 34816]
S3 tatertot.scr;tatertot.scr;c:\windows\system32\drivers\tatertot.scr.sys [2009-11-1 34816]

=============== Created Last 30 ================

2009-11-02 18:04:12 34816 ----a-w- c:\windows\system32\drivers\rootrepeal.exe.sys
2009-11-02 18:02:04 34816 ----a-w- c:\windows\system32\drivers\tatertot.com.sys
2009-11-02 05:12:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-02 05:12:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-02 04:13:55 0 d-----w- c:\windows\system32\Adobe
2009-11-02 03:21:34 34816 ----a-w- c:\windows\system32\drivers\tatertot.scr.sys
2009-11-01 15:42:12 126499 ----a-w- c:\windows\system32\Window Shot.JPG
2009-10-31 17:10:18 0 d-----w- c:\docume~1\ed\applic~1\Malwarebytes
2009-10-31 17:10:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 17:10:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 17:10:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-31 17:10:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 01:46:42 28388 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-27 03:26:50 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-27 03:25:30 0 d-----w- c:\program files\iPod
2009-10-27 03:25:25 0 d-----w- c:\program files\iTunes
2009-10-27 03:25:25 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-27 03:24:44 0 d-----w- c:\program files\Bonjour
2009-10-27 03:21:40 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-27 03:21:40 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-26 22:40:18 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-26 22:31:55 0 d--h--w- c:\windows\msdownld.tmp

==================== Find3M ====================

2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-09-27 23:14:03 69461 ----a-w- c:\windows\hpoins05.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll

============= FINISH: 22:27:03.82 ===============

Do you want me to post the attached notepad also? and what about virus's quarantined in avast and mbam? delete?

Edited by xtullyx16, 09 November 2009 - 10:29 PM.


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:29 PM

Posted 11 November 2009 - 07:47 AM

Hi,

please try the following to get rootrepeal to work:
Please start RootRepeal, and, before doing anything else, try changing the "Disk Access Level" in the Settings->Options dialog. Try moving it to the "Special" or "High" level. Also, click on the Files tab, and uncheck "Use lowest level for MBR check". Please let me know if this fixes the problem.


If that doesn't work please try to run gmer instead:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.



Please don't delete the files in Malwarebytes and Avast just yet. We might still need them. As long as they are quarantined they can bring no harm to your PC. Could you please look if you can find in which location Avast found these infections?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 xtullyx16

xtullyx16
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 11 November 2009 - 11:47 AM

Thanks Myrti for helping!

But, check my first thread with garmanma. I could only open rootrepeal the first time i downloaded, and when it did open it crashed.. Now when i click on it I get an error message, and it wont open the application.

Posted Image
By xtullyx16 at 2009-11-11

Edited by xtullyx16, 11 November 2009 - 12:01 PM.


#7 xtullyx16

xtullyx16
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 11 November 2009 - 12:09 PM

GMER 1.0.15.15220 - http://www.gmer.net
Rootkit scan 2009-11-11 12:07:21
Windows 5.1.2600 Service Pack 3
Running: tey6yw5d.exe; Driver: C:\DOCUME~1\Ed\LOCALS~1\Temp\axroiuog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE9D36B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE9D3574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE9D3A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE9D314C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE9D364E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE9D308C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE9D30F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE9D376E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE9D372E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE9D38AE]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xEE9DC82E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xEE9DC678]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xEE9DC7AC]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!NtCreateSection 8056DB66 7 Bytes JMP EE9DC67C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7CD 7 Bytes JMP EE9DC832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A8F96 7 Bytes JMP EE9DC7B0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[724] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[724] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Fastfat \Fat ED457D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:29 PM

Posted 11 November 2009 - 05:45 PM

Hi,

sorry I misunderstood, I thought you would be able to get to the options of RootRepeal.
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Please run OTL and use the following settings:
    • Check Scan All Users.
    • Under Custom Scans/Fixes paste:
      c:\windows\system32\Adobe\* /s
    • Finally hit Run Scan and wait for the logs to open.
    • Please post the content of the logs into your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 xtullyx16

xtullyx16
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 11 November 2009 - 08:03 PM

No problem, thank you so much for helping. Myrti, what time are you usually on bleepingcomputer.com?

Heres the log you requested:

OTL logfile created on: 11/11/2009 7:55:38 PM - Run 2
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Ed\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 498.54 Mb Available Physical Memory | 48.78% Memory free
2.41 Gb Paging File | 1.93 Gb Available in Paging File | 80.25% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 25.89 Gb Free Space | 69.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MRCOMPUTER
Current User Name: Ed
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/03 21:27:34 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ed\Desktop\OTL.exe
PRC - [2009/10/26 18:40:36 | 02,531,376 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/15 05:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 05:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 05:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/20 08:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxpers.exe
PRC - [2005/09/20 08:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2004/11/04 18:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/09/13 14:49:00 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2004/03/15 00:04:00 | 00,122,933 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002/08/29 05:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\CIDAEMON.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/03 21:27:34 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ed\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\mslbui.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (SAVScan)
SRV - File not found -- -- (navapsvc)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/09/15 05:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/09/15 05:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\SYSTEM32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\SYSTEM32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/06/29 15:14:38 | 00,193,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/01/27 18:06:54 | 00,218,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2003/11/10 12:30:12 | 00,234,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2003/11/10 12:30:10 | 00,087,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2003/11/10 12:30:04 | 00,255,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/08/29 12:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/06/24 18:23:10 | 00,066,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2003/03/03 13:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/11/03 16:00:02 | 00,034,816 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\tatertot.scr.sys -- (tatertot.scr)
DRV - [2009/11/02 23:42:22 | 00,034,816 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\rootrepeal.exe.sys -- (rootrepeal.exe)
DRV - [2009/11/02 23:42:22 | 00,034,816 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\rootrepeal.exe.sys -- (rootrepeal)
DRV - [2009/11/02 13:02:04 | 00,034,816 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\tatertot.com.sys -- (tatertot.com)
DRV - [2009/09/15 05:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys -- (aswMon2)
DRV - [2009/09/15 05:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys -- (aswSP)
DRV - [2009/09/15 05:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/15 05:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys -- (aswTdi)
DRV - [2009/09/15 05:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys -- (aswRdr)
DRV - [2009/09/15 05:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio)
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/01/24 16:22:08 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - [2008/01/24 16:22:07 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - [2008/01/24 16:22:06 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - [2007/12/11 13:42:22 | 00,049,904 | R--- | M] (Avanquest Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2005/09/20 09:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/06/13 11:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B)
DRV - [2004/08/18 03:00:00 | 00,617,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040818.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2004/08/18 03:00:00 | 00,068,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040818.018\NAVENG.SYS -- (NAVENG)
DRV - [2004/08/04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/06/29 15:13:52 | 00,263,968 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/06/29 15:13:46 | 00,016,288 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/06/29 15:13:44 | 00,170,208 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS -- (SYMIDSCO)
DRV - [2004/06/29 15:13:42 | 00,046,528 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2004/06/29 15:13:40 | 00,166,048 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2004/06/29 15:13:40 | 00,051,552 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2004/06/29 15:13:34 | 00,011,008 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/03/15 00:04:00 | 00,100,597 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/15 00:04:00 | 00,098,580 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/15 00:04:00 | 00,085,972 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/15 00:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/15 00:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/15 00:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/15 00:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/15 00:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/15 00:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 00,060,949 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/03/03 01:02:00 | 00,020,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/02/27 01:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 02:21:00 | 00,086,160 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 18:18:16 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 18:18:04 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/11/21 16:05:02 | 00,082,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2003/05/06 09:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2003/04/15 10:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E})
DRV - [2003/04/15 10:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91})
DRV - [2003/01/07 17:41:12 | 00,166,016 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2002/11/08 13:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:53:32 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\qv2kux.sys -- (QV2KUX)
DRV - [2001/08/17 12:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\S-1-5-21-1948178560-2672176639-2368602663-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\S-1-5-21-1948178560-2672176639-2368602663-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/02 00:12:05 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (XBTP07618 Class) - {2296428D-C133-4928-B76A-A200FF409572} - Reg Error: Value error. File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {8E6C694D-DD8A-F809-8BD9-A028E55263B1} - Reg Error: Value error. File not found
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (no name) - {B426385C-773A-0C98-861B-0A80AD6BBC81} - Reg Error: Value error. File not found
O2 - BHO: (Cas Class) - {B5F3970B-745E-46AC-B890-E08F69777D80} - Reg Error: Value error. File not found
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - Reg Error: Value error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\.DEFAULT\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-18\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1948178560-2672176639-2368602663-1008\..Trusted Domains: 9 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spide...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1133910308015 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1134251422093 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://ak.imgag.com/imgag/cp/install/Crusher.cab (Creative Toolbox Plug-in)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.140.1.3 24.140.1.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/html - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{58afa4f8-c28a-11de-9fee-000cf1ea5ee0}\Shell - "" = AutoRun
O33 - MountPoints2\{58afa4f8-c28a-11de-9fee-000cf1ea5ee0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{58afa4f8-c28a-11de-9fee-000cf1ea5ee0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{58afa4f9-c28a-11de-9fee-000cf1ea5ee0}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/10 22:02:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/11/04 22:59:40 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/04 22:59:40 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/04 22:59:40 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/03 21:27:32 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ed\Desktop\OTL.exe
[2009/11/02 00:12:28 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/02 00:12:27 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/11/02 00:09:36 | 00,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Ed\My Documents\JavaSetup6u16.exe
[2009/11/01 23:13:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/10/31 12:31:12 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Ed\Desktop\tatertot.scr.exe
[2009/10/31 12:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Malwarebytes
[2009/10/31 12:10:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/31 12:10:10 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/31 12:10:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/31 12:10:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/31 12:08:53 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ed\Desktop\mbam-setup.exe
[2009/10/26 22:26:50 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/10/26 22:25:30 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/26 22:25:25 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/26 22:25:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/26 22:24:44 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/26 22:23:17 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/26 22:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/10/26 22:21:40 | 02,065,696 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2009/10/26 22:21:40 | 00,040,448 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2009/10/26 22:20:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/10/26 18:40:58 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/26 18:40:58 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/26 18:40:57 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/26 18:40:55 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/10/26 18:40:54 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/26 18:40:54 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/26 18:40:54 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/26 18:40:54 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/26 18:40:36 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/10/26 18:40:34 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/10/26 17:40:18 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/10/26 17:31:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/10/26 17:31:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/10/26 17:06:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\MSN6
[2009/10/26 17:06:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/11 11:55:51 | 00,291,840 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\tey6yw5d.exe
[2009/11/11 11:52:23 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\Avast Virus CHest.bmp
[2009/11/05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/04 22:39:49 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/11/04 22:39:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/04 22:39:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/11/04 22:39:14 | 10,716,97920 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/04 22:38:32 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Ed\NTUSER.DAT
[2009/11/04 22:38:32 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Ed\NTUSER.INI
[2009/11/04 20:45:41 | 12,802,986 | -H-- | M] () -- C:\Documents and Settings\Ed\Local Settings\Application Data\IconCache.db
[2009/11/04 18:19:26 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\dds.scr
[2009/11/03 21:27:34 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ed\Desktop\OTL.exe
[2009/11/03 21:17:10 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\avast scan.bmp
[2009/11/03 16:00:02 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\tatertot.scr.sys
[2009/11/03 15:59:31 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\rkill.scr
[2009/11/03 00:08:32 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\task manager.bmp
[2009/11/02 23:42:22 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.exe.sys
[2009/11/02 13:02:04 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\tatertot.com.sys
[2009/11/02 00:09:46 | 00,714,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Ed\My Documents\JavaSetup6u16.exe
[2009/11/01 20:02:58 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\Win32kDiag.exe
[2009/11/01 10:42:13 | 00,126,499 | ---- | M] () -- C:\WINDOWS\System32\Window Shot.JPG
[2009/11/01 09:44:47 | 00,445,630 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 09:44:47 | 00,384,596 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/11/01 09:44:47 | 00,054,280 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/10/31 16:59:18 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/31 12:45:56 | 00,121,971 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\RootRepeal.dmp
[2009/10/31 12:32:02 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\settings.dat
[2009/10/31 12:31:21 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Ed\Desktop\tatertot.scr.exe
[2009/10/31 12:10:14 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/31 12:08:59 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ed\Desktop\mbam-setup.exe
[2009/10/30 19:00:00 | 00,000,542 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2009/10/28 20:46:42 | 00,028,388 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/28 12:45:16 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/27 15:35:43 | 00,004,767 | ---- | M] () -- C:\Documents and Settings\Ed\My Documents\Andrew Tully.rtf
[2009/10/26 22:24:13 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/10/26 18:40:58 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/26 18:40:54 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/26 18:09:45 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/26 17:01:07 | 00,029,112 | ---- | M] () -- C:\Documents and Settings\Ed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/11 11:55:50 | 00,291,840 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\tey6yw5d.exe
[2009/11/11 11:52:22 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\Avast Virus CHest.bmp
[2009/11/04 18:19:19 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\dds.scr
[2009/11/03 21:17:09 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\avast scan.bmp
[2009/11/03 15:59:29 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\rkill.scr
[2009/11/03 00:08:31 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\task manager.bmp
[2009/11/02 13:04:12 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.exe.sys
[2009/11/02 13:02:04 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\tatertot.com.sys
[2009/11/01 22:21:34 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\tatertot.scr.sys
[2009/11/01 20:02:44 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\Win32kDiag.exe
[2009/11/01 10:42:12 | 00,126,499 | ---- | C] () -- C:\WINDOWS\System32\Window Shot.JPG
[2009/10/31 12:45:55 | 00,121,971 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\RootRepeal.dmp
[2009/10/31 12:32:02 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\settings.dat
[2009/10/31 12:10:14 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/28 20:46:42 | 00,028,388 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/27 15:35:43 | 00,004,767 | ---- | C] () -- C:\Documents and Settings\Ed\My Documents\Andrew Tully.rtf
[2009/10/27 00:23:33 | 10,716,97920 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/26 22:27:11 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/26 22:24:12 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/10/26 22:22:16 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/26 18:40:58 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/26 18:40:36 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/10/26 17:59:54 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\Internet Explorer.lnk
[2009/09/19 14:44:40 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/03/18 02:05:18 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/12 15:36:53 | 00,003,071 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/11/20 17:48:33 | 00,000,210 | ---- | C] () -- C:\WINDOWS\EPSON CX6600 Installer.ini
[2006/01/04 12:59:30 | 00,000,035 | ---- | C] () -- C:\WINDOWS\worldbuilder.INI
[2005/12/09 13:40:32 | 00,000,039 | ---- | C] () -- C:\Documents and Settings\Ed\Application Data\Sskcwrd.dll
[2005/12/06 00:28:35 | 00,090,112 | ---- | C] () -- C:\WINDOWS\libbz2.dll
[2005/12/06 00:28:35 | 00,005,155 | ---- | C] () -- C:\WINDOWS\Shrzuzbv.ini
[2004/12/26 14:44:48 | 00,000,050 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/12/26 14:44:48 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/12/24 09:14:22 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Ed.ini
[2004/12/07 09:28:25 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Ed\Local Settings\Application Data\fusioncache.dat
[2004/07/01 19:32:51 | 00,000,612 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/07/01 19:26:48 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Ed\Application Data\DESKTOP.INI
[2004/07/01 19:26:44 | 00,029,112 | ---- | C] () -- C:\Documents and Settings\Ed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/07/01 19:26:42 | 12,802,986 | -H-- | C] () -- C:\Documents and Settings\Ed\Local Settings\Application Data\IconCache.db
[2004/06/24 01:11:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/24 01:05:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/24 00:59:55 | 00,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/24 00:54:34 | 00,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/24 00:40:41 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/24 00:40:26 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/06/24 00:27:00 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/24 05:02:47 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Ed\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/15 19:00:00 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2004/03/26 17:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/09/03 08:59:58 | 00,000,599 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 08:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/09/03 08:50:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< c:\windows\system32\Adobe\* /s >
[2009/07/31 07:47:00 | 00,000,330 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Adobe\Director\M5drvr32.exe
[2009/07/31 07:47:00 | 00,000,330 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Adobe\Director\M5if32.dll
[2009/07/31 08:27:52 | 00,131,072 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Director\np32dsw.dll
[2009/07/31 08:41:42 | 00,206,264 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Director\SwDir.dll
[2009/07/31 08:42:36 | 00,067,000 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Director\SWDNLD.EXE
[2009/07/31 08:25:38 | 00,614,400 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\Control.dll
[2009/07/31 08:04:36 | 01,798,144 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\dirapi.dll
[2009/07/31 08:28:02 | 00,009,216 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\DynaPlayer.dll
[2009/07/31 07:54:12 | 00,714,752 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\gi.dll
[2009/07/31 07:54:14 | 01,886,320 | ---- | M] (Google Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\gt.exe
[2009/07/31 07:54:12 | 00,079,488 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\gtapi.dll
[2009/07/31 08:00:22 | 01,011,712 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\iml32.dll
[2009/07/31 08:26:54 | 00,372,736 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\Plugin.dll
[2009/07/31 08:28:24 | 00,446,464 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\Proj.dll
[2009/07/31 07:47:08 | 00,009,622 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2009/07/31 08:40:48 | 00,468,408 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\SwHelper_1151601.exe
[2009/07/31 08:26:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\SwInit.exe
[2009/07/31 07:52:20 | 00,015,412 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\SwLogo.bmp
[2009/07/31 08:26:00 | 00,094,208 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\SwMenu.dll
[2009/07/31 07:54:12 | 00,132,472 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\SYMCCHECKER.DLL
[2009/11/01 23:14:43 | 00,087,618 | ---- | M] (Adobe Systems Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\uninstaller.exe
[2009/07/31 07:47:08 | 00,003,675 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\Xtras\autodownload.txt
[2009/07/31 08:26:08 | 00,012,800 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\Xtras\CBrowser.x32
[2009/07/31 08:28:52 | 00,032,256 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\Xtras\INetURL.x32
[2009/07/31 08:19:46 | 00,167,936 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\Xtras\Multiusr.x32
[2009/07/31 08:26:36 | 00,147,456 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\Xtras\Netfile.x32
[2009/07/31 08:26:42 | 00,039,936 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\Xtras\Netlingo.x32
[2009/07/31 08:21:14 | 00,037,376 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SYSTEM32\Adobe\Shockwave 11\Xtras\Speech.x32
< End of report >

Sincerly,

Andy

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:29 PM

Posted 12 November 2009 - 05:58 AM

Hi,

what makes you think that you are infected, besides the fact, that rootrepeal won't run? What problems do you have with the PC?

I'm from Europe and am often online in the early afternoon or late at night.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 xtullyx16

xtullyx16
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 12 November 2009 - 08:22 PM

Besides the fact that garmanma told me..when i try certain things like go to walmart.com it asks me to download sumthin because it cant view it.. but i can go to it on every other computer on my network.. it seems like the only website also. Also, having avast find viruses and mbam finding sum malicious files made me think i was infected. So walmart.com,rootrepeal, and garmanma saying i was really infected made me believe i was.. ( there is a screen shot of walmart.com issue in my thread with Garmanma)

also just so you know i put two old games on my comp. Doom 3, Unreal Tournament 2004,n64 emalulator, and to read the program my buddy installed a free winzip alternative, which is Jzip or sum sort

Edited by xtullyx16, 12 November 2009 - 08:23 PM.


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:29 PM

Posted 13 November 2009 - 07:19 AM

Hi,

could you please post the log in which mbam found the malicious entries?

Do you have the walmart issue with every browser or only with internet explorer? I can't really make out the name of the file it is trying to download. Is it index.do?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 xtullyx16

xtullyx16
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 13 November 2009 - 04:03 PM

myrti, yes its trying to download index.do but i downloaded firefox and that issue doesn't arise.. so there must have been something wrong with IE.

Here it is, its the first scan of mbam:

Malwarebytes' Anti-Malware 1.41
Database version: 3070
Windows 5.1.2600 Service Pack 3

10/31/2009 1:22:03 PM
mbam-log-2009-10-31 (13-22-03).txt

Scan type: Quick Scan
Objects scanned: 110106
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Ed\Application Data\Sskknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\SpamBlockerUtility.inf (Adware.Hotbar) -> Quarantined and deleted successfully.

with RR and Win32diag(couldnt get backup privleges) being unsuccessful i was just thinking something was still wrong.. Ill be happy if it isn't!

Thankyou for all your help so far!

Edited by xtullyx16, 13 November 2009 - 04:09 PM.


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:29 PM

Posted 15 November 2009 - 05:58 PM

Hi,

please update and run Malwarebytes again. Does it still find malicious entries? (If so, please post them here)

Then please use TFC to remove your temporary files:
Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Please try visiting Walmart again and tell me if you still get the popup to save the file index.do.

Finally the log from Win32kdiag was clean. It looks for a very specific infection only, which wasn't present on your system. Every program has bugs and it could be that you were just experiencing one with rootrepeal when it crashed. It sometimes happens that rootkitscanner won't run on every system and crash.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 xtullyx16

xtullyx16
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:04:29 PM

Posted 16 November 2009 - 09:41 PM

Mbam quick scan

Malwarebytes' Anti-Malware 1.41
Database version: 3185
Windows 5.1.2600 Service Pack 3

11/16/2009 9:33:16 PM
mbam-log-2009-11-16 (21-33-16).txt

Scan type: Quick Scan
Objects scanned: 114119
Time elapsed: 9 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Ran TFC, rebooted cleaned 609.1 mb up.. Also i tried walmart.com on IE and no success.. But i can get to walmart.com using firefox.. must be IE issue ( i do have version 8 of IE)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users