Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Redirection HELP


  • This topic is locked This topic is locked
9 replies to this topic

#1 nyrinia

nyrinia

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 30 November 2009 - 09:35 AM

Ugh. I've had it up to here. I've been searching the net for solutions, but nothing has worked. Every time I search stuff on Google, when I click the link it takes me to some random place or a random site pops up. Here's my stats:

Hijack This -----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:48:00, on 30/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\solu\.COMMgr\tmp_1482520560.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5070103
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5070103
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: (no name) - {41b25883-a169-4935-bc11-2062a32fc814} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [COM+ Manager] "C:\Documents and Settings\solu\.COMMgr\tmp_1482520560.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3BA66EC1-3F6A-49DD-A359-CBAA1290469F} (ToonsXYJ Control) - http://comics.yahoo.co.jp/component/ToonsXYJ.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\muhafoji.dll c:\windows\system32\pilopume.dll c:\windows\system32\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 11127 bytes
-----

DDS from dds.text----


DDS (Ver_09-11-29.01) - NTFSx86
Run by solu at 1:38:39.73 on 30/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.294 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 091129-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\solu\.COMMgr\tmp_1482520560.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\solu\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uSearch Page = hxxp://search.bearshare.com/sidebar.html?src=ssb
uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb
uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5070103
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
EB: {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [COM+ Manager] "c:\documents and settings\solu\.commgr\tmp_1482520560.exe"
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgentLauncher.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {3BA66EC1-3F6A-49DD-A359-CBAA1290469F} - hxxp://comics.yahoo.co.jp/component/ToonsXYJ.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\muhafoji.dll c:\windows\system32\pilopume.dll c:\windows\system32\
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
LSA: Notification Packages = scecli c:\windows\system32\muhafoji.dll wl3msis.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\saraho~1\applic~1\mozilla\firefox\profiles\yckrkqfw.default\
FF - prefs.js: browser.search.selectedEngine - GamingHarbor
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\documents and settings\solu\application data\mozilla\firefox\profiles\yckrkqfw.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {01BDA284-C5A5-4AAC-B247-16228553778D} - c:\documents and settings\solu\local settings\application data\{01BDA284-C5A5-4AAC-B247-16228553778D}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-7 114768]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-5-18 3968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-7 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-7 138680]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-15 54752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-7 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-7 352920]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2009-11-20 16:35:07 0 d-sh--w- c:\documents and settings\solu\.COMMgr
2009-11-20 14:58:41 0 d-----w- c:\docume~1\saraho~1\applic~1\GlarySoft
2009-11-20 14:55:09 0 d-----w- c:\program files\Glary Utilities
2009-11-20 14:13:33 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-20 14:13:15 0 d-----w- c:\program files\Panda Security
2009-11-20 13:51:33 0 d-----w- c:\program files\CCleaner
2009-11-20 13:39:53 295936 ----a-w- c:\windows\system32\ironclk.exe
2009-11-20 06:21:40 0 ----a-w- c:\windows\Czuhirawaxo.bin
2009-11-20 06:21:39 120 ----a-w- c:\windows\Hwotahala.dat
2009-11-14 23:33:47 0 d-----w- c:\program files\iPod
2009-11-14 23:33:29 0 d-----w- c:\program files\iTunes
2009-11-06 00:42:55 0 d-sh--w- c:\documents and settings\solu\IECompatCache

==================== Find3M ====================

2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-19 02:54:43 5204 ----a-w- c:\docume~1\saraho~1\applic~1\wklnhst.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2008-04-08 04:22:51 12461568 ----a-w- c:\program files\veoh.msi
2008-04-05 00:49:41 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2007-08-31 09:40:28 4448814 ----a-w- c:\program files\Allok 3GP PSP MP4 iPod Video Converter.exe
2007-07-07 02:40:57 8889528 ----a-w- c:\program files\BearShareV6.exe
2007-01-24 14:51:14 9451515 ----a-w- c:\program files\vlc-0.8.6-win32.exe
2007-01-19 19:56:33 6653000 ----a-w- c:\program files\winamp532_full_emusic-7plus.exe
2007-01-19 16:13:17 8448727 ----a-w- c:\program files\CCAAgent_Setup.exe
2008-09-12 02:32:07 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091120080912\index.dat

============= FINISH: 1:41:48.21 ===============

DDS from Attach.text ----


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-11-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 18/01/2007 22:46:53
System Uptime: 29/11/2009 17:16:48 (8 hours ago)

Motherboard: Dell Inc. | | 0MG532
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | Microprocessor | 1052/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 105 GiB total, 6.747 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP956: 15/10/2009 12:08:05 - System Checkpoint
RP957: 16/10/2009 01:37:34 - Software Distribution Service 3.0
RP958: 17/10/2009 02:09:20 - System Checkpoint
RP959: 17/10/2009 20:27:20 - Software Distribution Service 3.0
RP960: 18/10/2009 11:30:10 - Software Distribution Service 3.0
RP961: 18/10/2009 12:43:38 - Removed Livestation
RP962: 19/10/2009 01:57:11 - Software Distribution Service 3.0
RP963: 19/10/2009 11:51:22 - Software Distribution Service 3.0
RP964: 20/10/2009 01:51:02 - Software Distribution Service 3.0
RP965: 20/10/2009 18:45:13 - Software Distribution Service 3.0
RP966: 20/10/2009 23:31:26 - Software Distribution Service 3.0
RP967: 22/10/2009 00:50:38 - Software Distribution Service 3.0
RP968: 22/10/2009 18:13:21 - Software Distribution Service 3.0
RP969: 23/10/2009 01:03:49 - Software Distribution Service 3.0
RP970: 24/10/2009 00:27:32 - Software Distribution Service 3.0
RP971: 25/10/2009 01:30:09 - Software Distribution Service 3.0
RP972: 26/10/2009 00:27:28 - Software Distribution Service 3.0
RP973: 26/10/2009 23:31:29 - Software Distribution Service 3.0
RP974: 27/10/2009 06:14:31 - Software Distribution Service 3.0
RP975: 28/10/2009 02:13:30 - Software Distribution Service 3.0
RP976: 29/10/2009 11:29:18 - Software Distribution Service 3.0
RP977: 29/10/2009 13:26:13 - Software Distribution Service 3.0
RP978: 29/10/2009 20:15:10 - Software Distribution Service 3.0
RP979: 30/10/2009 03:00:26 - Software Distribution Service 3.0
RP980: 30/10/2009 03:06:27 - Software Distribution Service 3.0
RP981: 31/10/2009 03:01:34 - Software Distribution Service 3.0
RP982: 01/11/2009 03:00:27 - Software Distribution Service 3.0
RP983: 01/11/2009 04:00:21 - Software Distribution Service 3.0
RP984: 01/11/2009 04:31:01 - Software Distribution Service 3.0
RP985: 01/11/2009 13:33:05 - Software Distribution Service 3.0
RP986: 02/11/2009 04:00:25 - Software Distribution Service 3.0
RP987: 02/11/2009 05:12:50 - Software Distribution Service 3.0
RP988: 02/11/2009 11:26:26 - Software Distribution Service 3.0
RP989: 02/11/2009 15:12:17 - Software Distribution Service 3.0
RP990: 03/11/2009 20:21:08 - System Checkpoint
RP991: 04/11/2009 04:00:21 - Software Distribution Service 3.0
RP992: 04/11/2009 06:16:02 - Software Distribution Service 3.0
RP993: 04/11/2009 19:21:30 - Software Distribution Service 3.0
RP994: 05/11/2009 04:00:24 - Software Distribution Service 3.0
RP995: 05/11/2009 14:38:45 - Software Distribution Service 3.0
RP996: 05/11/2009 19:21:34 - Software Distribution Service 3.0
RP997: 06/11/2009 04:00:26 - Software Distribution Service 3.0
RP998: 06/11/2009 04:17:13 - Software Distribution Service 3.0
RP999: 06/11/2009 13:47:31 - Software Distribution Service 3.0
RP1000: 07/11/2009 02:44:48 - Software Distribution Service 3.0
RP1001: 07/11/2009 14:19:20 - Software Distribution Service 3.0
RP1002: 07/11/2009 15:35:58 - Software Distribution Service 3.0
RP1003: 08/11/2009 03:01:04 - Software Distribution Service 3.0
RP1004: 08/11/2009 03:13:08 - Software Distribution Service 3.0
RP1005: 08/11/2009 17:04:21 - Software Distribution Service 3.0
RP1006: 09/11/2009 03:00:24 - Software Distribution Service 3.0
RP1007: 09/11/2009 04:07:16 - Software Distribution Service 3.0
RP1008: 09/11/2009 13:04:30 - Software Distribution Service 3.0
RP1009: 10/11/2009 00:35:02 - Software Distribution Service 3.0
RP1010: 11/11/2009 02:17:35 - Software Distribution Service 3.0
RP1011: 12/11/2009 00:12:25 - Software Distribution Service 3.0
RP1012: 13/11/2009 01:28:22 - Software Distribution Service 3.0
RP1013: 13/11/2009 11:45:35 - Software Distribution Service 3.0
RP1014: 13/11/2009 18:03:25 - Software Distribution Service 3.0
RP1015: 14/11/2009 02:15:43 - Software Distribution Service 3.0
RP1016: 15/11/2009 08:05:21 - Software Distribution Service 3.0
RP1017: 15/11/2009 08:19:39 - Software Distribution Service 3.0
RP1018: 16/11/2009 03:00:44 - Software Distribution Service 3.0
RP1019: 16/11/2009 03:58:37 - Software Distribution Service 3.0
RP1020: 16/11/2009 13:49:13 - Software Distribution Service 3.0
RP1021: 16/11/2009 14:34:59 - Software Distribution Service 3.0
RP1022: 17/11/2009 01:14:00 - Software Distribution Service 3.0
RP1023: 17/11/2009 19:50:29 - Software Distribution Service 3.0
RP1024: 18/11/2009 01:45:47 - Software Distribution Service 3.0
RP1025: 19/11/2009 01:49:59 - Software Distribution Service 3.0
RP1026: 19/11/2009 11:03:16 - Software Distribution Service 3.0
RP1027: 19/11/2009 14:04:44 - Software Distribution Service 3.0
RP1028: 20/11/2009 02:56:59 - Software Distribution Service 3.0
RP1029: 20/11/2009 08:41:09 - Windows Defender Checkpoint
RP1030: 20/11/2009 09:08:43 - Software Distribution Service 3.0
RP1031: 20/11/2009 10:04:20 - Software Distribution Service 3.0
RP1032: 20/11/2009 10:10:50 - Windows Defender Checkpoint
RP1033: 20/11/2009 11:36:36 - Software Distribution Service 3.0
RP1034: 20/11/2009 11:39:37 - Software Distribution Service 3.0
RP1035: 20/11/2009 11:47:07 - Software Distribution Service 3.0
RP1036: 21/11/2009 02:47:57 - Windows Defender Checkpoint
RP1037: 21/11/2009 03:01:38 - Software Distribution Service 3.0
RP1038: 21/11/2009 12:50:30 - Software Distribution Service 3.0
RP1039: 22/11/2009 02:16:46 - Software Distribution Service 3.0
RP1040: 22/11/2009 03:50:01 - Software Distribution Service 3.0
RP1041: 22/11/2009 14:40:51 - Software Distribution Service 3.0
RP1042: 23/11/2009 03:40:34 - Software Distribution Service 3.0
RP1043: 23/11/2009 13:07:07 - Software Distribution Service 3.0
RP1044: 24/11/2009 14:34:10 - System Checkpoint
RP1045: 24/11/2009 15:02:06 - Software Distribution Service 3.0
RP1046: 25/11/2009 00:17:54 - Software Distribution Service 3.0
RP1047: 26/11/2009 13:26:58 - System Checkpoint
RP1048: 26/11/2009 14:03:12 - Software Distribution Service 3.0
RP1049: 27/11/2009 02:30:23 - Software Distribution Service 3.0
RP1050: 28/11/2009 02:05:50 - Software Distribution Service 3.0
RP1051: 29/11/2009 02:41:14 - Software Distribution Service 3.0
RP1052: 29/11/2009 16:51:17 - Software Distribution Service 3.0

==== Installed Programs ======================

ABC Amber LIT Converter
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe® Photoshop® Album Starter Edition 3.0
Allok 3GP PSP MP4 iPod Video Converter 4.2.0709
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
avast! Antivirus
AVG Anti-Spyware 7.5
BitComet 1.16
Bonjour
Broadcom Management Programs
CCleaner
CDisplay 1.8
Cisco Clean Access Agent
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Support 3.2.1
Dell Wireless WLAN Card
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
eMusic - 50 Free MP3 offer
ESPNMotion
FLV Player 2.0 (build 25)
GemMaster Mystic
Glary Utilities 2.17.0.776
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel® Graphics Media Accelerator Driver
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 6
Japanese Fonts Support For Adobe Reader 8
Junk Mail filter update
KeyHoleTV
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Small Business Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Reader
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Modem Helper
Mozilla Firefox (3.5.5)
MpcStar 3.7
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NetWaiting
Octoshape add-in for Adobe Flash Player
OpenAL
Otto
Panda ActiveScan 2.0
PDF-XChange 3.0
QuickSet
QuickTime
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VC80CRTRedist - 8.0.50727.762
Veoh Web Player Beta
VeohTV BETA
VideoLAN VLC media player 0.8.6
WebFldrs XP
Winamp (remove only)
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
XviD 1.1 final uninstall

==== Event Viewer Messages From Past Week ========

26/11/2009 17:07:59, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/11/2009 17:07:49, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
26/11/2009 17:07:49, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
24/11/2009 12:36:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
24/11/2009 12:36:09, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/11/2009 09:52:38, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows CardSpace service to connect.
23/11/2009 09:52:38, error: Service Control Manager [7000] - The Windows CardSpace service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/11/2009 09:22:01, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
23/11/2009 09:22:01, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
23/11/2009 03:41:01, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for SQL Server 2000 Service Pack 4 (KB960082).

==== End Of File ===========================

GMER Scan

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-30 09:31:00
Windows 5.1.2600 Service Pack 3
Running: s3cr0obk.exe; Driver: C:\DOCUME~1\SOLU~1\LOCALS~1\Temp\awloapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0x9AC796B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0x9AC79574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0x9AC79A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x9AC7914C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0x9AC7964E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x9AC7908C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x9AC790F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0x9AC7976E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0x9AC7972E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0x9AC798AE]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0x9BF02812]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2264] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2264] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[3024] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3072] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[940] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[1316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat 99573D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device -> \Driver\atapi \Device\Harddisk0\DR0 86F4B369

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----






I'm not very well versed when it comes to viruses/spyware etc so please if you can be as simple as possible in explaining how to fix my computer! Oh and I use firefox usually, but the same thing is happening to my Internet Explorer.

Edited by nyrinia, 30 November 2009 - 07:06 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:49 PM

Posted 30 November 2009 - 11:04 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    CREATERESTOREPOINT



  • Click the "Run Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 nyrinia

nyrinia
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 30 November 2009 - 02:23 PM

Okay here's the text from OTL.txt

----

OTL logfile created on: 30/11/2009 13:56:16 - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\solu\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.37 Mb Total Physical Memory | 176.34 Mb Available Physical Memory | 17.38% Memory free
2.38 Gb Paging File | 1.55 Gb Available in Paging File | 65.16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.09 Gb Total Space | 6.72 Gb Free Space | 6.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D14ZJBC1
Current User Name: solu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/30 13:54:58 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\solu\My Documents\Downloads\OTL.exe
PRC - [2009/11/26 19:08:05 | 00,311,296 | ---- | M] (EP-Service) -- C:\Documents and Settings\solu\.COMMgr\tmp_1482520560.exe
PRC - [2009/11/10 00:41:52 | 02,788,152 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe
PRC - [2009/11/02 22:28:04 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/06 20:08:02 | 03,558,136 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/05 15:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/26 18:14:06 | 03,660,848 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
PRC - [2008/09/26 11:12:16 | 01,897,184 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/29 00:21:25 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2006/11/13 12:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/06/06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe


========== Modules (SafeList) ==========

MOD - [2009/11/30 13:54:58 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\solu\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/05 21:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/29 09:58:01 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/09/29 00:21:25 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2006/11/23 10:45:34 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/05/04 01:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2005/05/03 22:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/05 21:48:42 | 00,054,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/05 15:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/02/05 15:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/02/05 15:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/02/05 15:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/02/05 15:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/02/05 15:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/09/29 00:21:16 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2007/01/30 00:03:34 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/11/23 10:45:24 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/09/05 11:03:16 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2006/08/25 08:23:08 | 00,044,544 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/25 00:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 19:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/13 11:09:34 | 01,364,574 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/12/01 08:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 08:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 08:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/10/05 05:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 18:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/14 11:58:14 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 10:28:38 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 12:00:30 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/08/12 18:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5070103
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5070103


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5070103
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5070103
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5070103
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5070103
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-427247503-1328480167-375198872-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5070103
IE - HKU\S-1-5-21-427247503-1328480167-375198872-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
IE - HKU\S-1-5-21-427247503-1328480167-375198872-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-427247503-1328480167-375198872-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-427247503-1328480167-375198872-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-427247503-1328480167-375198872-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-427247503-1328480167-375198872-1006\S-1-5-21-427247503-1328480167-375198872-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-427247503-1328480167-375198872-1006\S-1-5-21-427247503-1328480167-375198872-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "GamingHarbor"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {01BDA284-C5A5-4AAC-B247-16228553778D}:1.9.1
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.10
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{01BDA284-C5A5-4AAC-B247-16228553778D}: C:\Documents and Settings\solu\Local Settings\Application Data\{01BDA284-C5A5-4AAC-B247-16228553778D} [2009/11/20 01:21:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/30 01:12:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/23 23:04:42 | 00,000,000 | ---D | M]

[2009/07/07 15:00:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\solu\Application Data\Mozilla\Extensions
[2009/11/29 13:40:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\solu\Application Data\Mozilla\Firefox\Profiles\yckrkqfw.default\extensions
[2009/11/23 23:04:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\solu\Application Data\Mozilla\Firefox\Profiles\yckrkqfw.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/08/13 23:56:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\solu\Application Data\Mozilla\Firefox\Profiles\yckrkqfw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/20 11:49:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/17 03:40:12 | 00,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/05/27 13:13:30 | 00,070,408 | ---- | M] (Zango, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
[2009/11/02 20:42:02 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/02 20:42:02 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/02 20:42:02 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/02 20:42:02 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-427247503-1328480167-375198872-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-427247503-1328480167-375198872-1006\..\Toolbar\WebBrowser: (no name) - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No CLSID value found.
O3 - HKU\S-1-5-21-427247503-1328480167-375198872-1006\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-427247503-1328480167-375198872-1006\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-427247503-1328480167-375198872-1006..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKU\S-1-5-21-427247503-1328480167-375198872-1006..\Run: [COM+ Manager] C:\Documents and Settings\solu\.COMMgr\tmp_1482520560.exe (EP-Service)
O4 - HKU\S-1-5-21-427247503-1328480167-375198872-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-427247503-1328480167-375198872-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-427247503-1328480167-375198872-1006..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKU\S-1-5-21-427247503-1328480167-375198872-1006..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-427247503-1328480167-375198872-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-427247503-1328480167-375198872-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BA66EC1-3F6A-49DD-A359-CBAA1290469F} http://comics.yahoo.co.jp/component/ToonsXYJ.cab (ToonsXYJ Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.215.0.249
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\muhafoji.dll) - C:\WINDOWS\System32\muhafoji.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\pilopume.dll) - C:\WINDOWS\System32\pilopume.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\) - C:\WINDOWS\System32\ [2009/11/26 17:05:41 | 00,000,000 | ---D | M]
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: SSODL - - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 05:22:48 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (82194142058250240)

========== Files/Folders - Created Within 30 Days ==========

[2009/11/20 11:45:54 | 07,910,064 | ---- | C] (Mozilla) -- C:\Documents and Settings\solu\My Documents\Firefox Setup 3.5.5.exe
[2009/11/20 11:35:07 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\solu\.COMMgr
[2009/11/20 09:58:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\solu\Application Data\GlarySoft
[2009/11/20 09:55:09 | 00,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2009/11/20 09:13:33 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/11/20 09:13:15 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/11/20 09:09:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\solu\Local Settings\Application Data\PCHealth
[2009/11/20 08:55:42 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\solu\Recent
[2009/11/20 08:51:33 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/11/20 08:39:53 | 00,295,936 | ---- | C] (EP-Service) -- C:\WINDOWS\System32\ironclk.exe
[2009/11/20 01:21:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\solu\Local Settings\Application Data\{01BDA284-C5A5-4AAC-B247-16228553778D}
[2009/11/14 18:33:47 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/14 18:33:29 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/14 00:03:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\solu\Desktop\Wicked Lovely
[2009/11/05 19:42:55 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\solu\IECompatCache
[2008/04/04 19:49:31 | 02,228,534 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe
[2007/11/22 06:31:47 | 04,448,814 | ---- | C] (Allok Soft .Inc ) -- C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter.exe
[2007/01/19 14:56:27 | 06,653,000 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp532_full_emusic-7plus.exe
[2007/01/19 11:13:13 | 08,448,727 | ---- | C] (Cisco Systems, Inc.) -- C:\Program Files\CCAAgent_Setup.exe
[8 C:\Documents and Settings\solu\My Documents\*.tmp files -> C:\Documents and Settings\solu\My Documents\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\solu\Desktop\*.tmp files -> C:\Documents and Settings\solu\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/30 13:52:05 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/30 13:50:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/30 13:49:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/30 13:48:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/30 13:48:56 | 10,637,14816 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/30 13:44:19 | 12,845,056 | -H-- | M] () -- C:\Documents and Settings\solu\NTUSER.DAT
[2009/11/30 13:44:19 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\solu\ntuser.ini
[2009/11/30 01:40:15 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\solu\Desktop\s3cr0obk.exe
[2009/11/30 01:38:36 | 00,524,800 | ---- | M] () -- C:\Documents and Settings\solu\Desktop\dds.scr
[2009/11/30 00:48:00 | 00,011,129 | ---- | M] () -- C:\Documents and Settings\solu\Desktop\hijackthisnov2009
[2009/11/29 16:27:11 | 01,499,894 | ---- | M] () -- C:\Documents and Settings\solu\Desktop\rainonme.gif
[2009/11/29 14:43:05 | 00,000,043 | ---- | M] () -- C:\Documents and Settings\solu\Desktop\spacer.gif
[2009/11/29 14:10:40 | 00,026,599 | ---- | M] () -- C:\Documents and Settings\solu\Desktop\marie_osmond.jpg
[2009/11/29 14:06:14 | 00,026,136 | ---- | M] () -- C:\Documents and Settings\solu\Desktop\grease20-20soundtrack1.jpg
[2009/11/28 17:03:56 | 00,196,608 | ---- | M] () -- C:\Documents and Settings\solu\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 13:51:08 | 00,042,695 | ---- | M] () -- C:\Documents and Settings\solu\Desktop\nnw2l4.jpg
[2009/11/26 14:05:24 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 23:04:41 | 00,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitComet.lnk
[2009/11/20 23:05:27 | 00,219,238 | ---- | M] () -- C:\Documents and Settings\solu\Desktop\vkcover_prev.jpg
[2009/11/20 11:49:39 | 00,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/20 11:49:12 | 07,910,064 | ---- | M] (Mozilla) -- C:\Documents and Settings\solu\My Documents\Firefox Setup 3.5.5.exe
[2009/11/20 11:31:35 | 00,001,176 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/11/20 11:15:01 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/11/20 10:07:44 | 00,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/11/20 09:55:14 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\solu\Desktop\Glary Utilities.lnk
[2009/11/20 08:51:35 | 00,001,555 | ---- | M] () -- C:\Documents and Settings\solu\Desktop\CCleaner.lnk
[2009/11/20 08:38:54 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Hwotahala.dat
[2009/11/20 01:21:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Czuhirawaxo.bin
[2009/11/18 17:18:22 | 00,295,936 | ---- | M] (EP-Service) -- C:\WINDOWS\System32\ironclk.exe
[2009/11/14 18:34:57 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/11 08:47:17 | 00,285,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 02:26:53 | 00,000,682 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/09 16:24:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/06 10:34:26 | 00,461,196 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/06 10:34:25 | 00,080,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/06 10:34:24 | 00,550,362 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[8 C:\Documents and Settings\solu\My Documents\*.tmp files -> C:\Documents and Settings\solu\My Documents\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\solu\Desktop\*.tmp files -> C:\Documents and Settings\solu\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/30 01:40:08 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\solu\Desktop\s3cr0obk.exe
[2009/11/30 01:38:16 | 00,524,800 | ---- | C] () -- C:\Documents and Settings\solu\Desktop\dds.scr
[2009/11/30 00:48:00 | 00,011,129 | ---- | C] () -- C:\Documents and Settings\solu\Desktop\hijackthisnov2009
[2009/11/29 16:27:10 | 01,499,894 | ---- | C] () -- C:\Documents and Settings\solu\Desktop\rainonme.gif
[2009/11/29 14:43:04 | 00,000,043 | ---- | C] () -- C:\Documents and Settings\solu\Desktop\spacer.gif
[2009/11/29 14:10:40 | 00,026,599 | ---- | C] () -- C:\Documents and Settings\solu\Desktop\marie_osmond.jpg
[2009/11/29 14:06:12 | 00,026,136 | ---- | C] () -- C:\Documents and Settings\solu\Desktop\grease20-20soundtrack1.jpg
[2009/11/28 13:51:02 | 00,042,695 | ---- | C] () -- C:\Documents and Settings\solu\Desktop\nnw2l4.jpg
[2009/11/26 14:05:21 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 23:04:41 | 00,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitComet.lnk
[2009/11/20 23:05:14 | 00,219,238 | ---- | C] () -- C:\Documents and Settings\solu\Desktop\vkcover_prev.jpg
[2009/11/20 11:49:39 | 00,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/20 09:55:17 | 00,000,328 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/11/20 09:55:14 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\solu\Desktop\Glary Utilities.lnk
[2009/11/20 08:51:35 | 00,001,555 | ---- | C] () -- C:\Documents and Settings\solu\Desktop\CCleaner.lnk
[2009/11/20 01:21:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Czuhirawaxo.bin
[2009/11/20 01:21:39 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Hwotahala.dat
[2009/11/20 01:17:42 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/11/14 18:34:57 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/11 20:12:25 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\solu\Application Data\$_hpcst$.hpc
[2008/08/27 17:24:02 | 01,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2008/08/27 17:16:53 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/04/07 23:23:00 | 12,461,568 | ---- | C] () -- C:\Program Files\veoh.msi
[2008/01/04 14:49:44 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/01/04 14:49:44 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/01/04 14:49:44 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/01/04 14:49:44 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/01/04 14:49:43 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2008/01/04 14:49:43 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2007/09/16 01:47:23 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/05 18:47:00 | 00,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/08/02 23:42:59 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/07/06 21:40:50 | 08,889,528 | ---- | C] () -- C:\Program Files\BearShareV6.exe
[2007/03/02 23:11:05 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/06 19:11:04 | 00,005,204 | ---- | C] () -- C:\Documents and Settings\solu\Application Data\wklnhst.dat
[2007/01/30 00:03:40 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/24 10:44:07 | 09,451,515 | ---- | C] () -- C:\Program Files\vlc-0.8.6-win32.exe
[2007/01/24 00:18:20 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/24 00:18:20 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/21 01:43:35 | 00,196,608 | ---- | C] () -- C:\Documents and Settings\solu\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/18 22:47:10 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\solu\Local Settings\Application Data\fusioncache.dat
[2007/01/03 16:28:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/03 16:21:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/03 16:16:49 | 00,001,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/03 16:09:02 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/01/03 16:09:00 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/01/03 15:44:06 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/01/03 15:43:28 | 00,000,493 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/12 11:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2005/11/10 09:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 05:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/12/27 05:38:04 | 00,054,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\LMFilt.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/10 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/10 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/10 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

========== Files - Unicode (All) ==========
[2008/11/17 13:29:42 | 00,000,000 | ---D | M](C:\?OCUME~1) -- C:\蕄OCUME~1
[2008/11/17 13:29:42 | 00,000,000 | ---D | C](C:\?OCUME~1) -- C:\蕄OCUME~1

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
< End of report >

----

Here's the stuff from Extras.txt

---

OTL Extras logfile created on: 30/11/2009 13:56:16 - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\solu\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.37 Mb Total Physical Memory | 176.34 Mb Available Physical Memory | 17.38% Memory free
2.38 Gb Paging File | 1.55 Gb Available in Paging File | 65.16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.09 Gb Total Space | 6.72 Gb Free Space | 6.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D14ZJBC1
Current User Name: solu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-427247503-1328480167-375198872-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"27545:TCP" = 27545:TCP:*:Enabled:BitComet 27545 TCP
"27545:UDP" = 27545:UDP:*:Enabled:BitComet 27545 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"13236:TCP" = 13236:TCP:*:Enabled:BitComet 13236 TCP
"13236:UDP" = 13236:UDP:*:Enabled:BitComet 13236 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Defender\MSASCui.exe" = C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:MSASCui -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet -- (www.BitComet.com)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\KeyHoleTV\KeyHoleTV.exe" = C:\Program Files\KeyHoleTV\KeyHoleTV.exe:*:Enabled:KeyHole TV Main Application -- (OISEYER Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Allok 3GP PSP MP4 iPod Video Converter_is1" = Allok 3GP PSP MP4 iPod Video Converter 4.2.0709
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BitComet" = BitComet 1.16
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DivX Content Uploader" = DivX Content Uploader
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"ESPNMotion" = ESPNMotion
"FLV Player" = FLV Player 2.0 (build 25)
"Glary Utilities_is1" = Glary Utilities 2.17.0.776
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InterActual Player" = InterActual Player
"KeyHoleTV" = KeyHoleTV
"McAfee Uninstall Utility" = McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MpcStar" = MpcStar 3.7
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"PDF-XChange 3_is1" = PDF-XChange 3.0
"RealPlayer 6.0" = RealPlayer
"SearchAssist" = SearchAssist
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veoh Web Player Beta" = Veoh Web Player Beta
"VLC media player" = VideoLAN VLC media player 0.8.6
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-427247503-1328480167-375198872-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 05/11/2009 13:14:01 | Computer Name = D14ZJBC1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.ca/suggest?hl=en&am...gency&cp=45
failed, 0000A413.

Error - 07/11/2009 16:27:17 | Computer Name = D14ZJBC1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://suggestqueries.google.com/complete/...0raci&cp=22
failed, 0000A413.

Error - 13/11/2009 00:26:23 | Computer Name = D14ZJBC1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://magazine.wired.com/ecom/targetedOff...e_headerCallout
failed, 0000A413.

Error - 13/11/2009 00:26:26 | Computer Name = D14ZJBC1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://magazine.wired.com/ecom/targetedOff...ogs_rightRail_A
failed, 0000A413.

Error - 20/11/2009 09:43:29 | Computer Name = D14ZJBC1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\WL3MSIS.DLL failed, 00000005.

Error - 20/11/2009 11:33:33 | Computer Name = D14ZJBC1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\wl3msis.dll failed, 00000005.

[ Application Events ]
Error - 23/11/2009 22:21:10 | Computer Name = D14ZJBC1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/11/2009 22:21:11 | Computer Name = D14ZJBC1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/11/2009 22:21:25 | Computer Name = D14ZJBC1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 23/11/2009 22:21:30 | Computer Name = D14ZJBC1 | Source = Application Hang | ID = 1001
Description = Fault bucket 1545157916.

Error - 24/11/2009 13:40:19 | Computer Name = D14ZJBC1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 24/11/2009 13:40:21 | Computer Name = D14ZJBC1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 24/11/2009 13:40:21 | Computer Name = D14ZJBC1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 24/11/2009 13:42:06 | Computer Name = D14ZJBC1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/11/2009 18:07:49 | Computer Name = D14ZJBC1 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 30/11/2009 02:11:45 | Computer Name = D14ZJBC1 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 9.0.2.25, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 29/11/2009 18:19:44 | Computer Name = D14ZJBC1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 29/11/2009 18:19:44 | Computer Name = D14ZJBC1 | Source = Service Control Manager | ID = 7000
Description = The HTTP SSL service failed to start due to the following error: %%1053

Error - 30/11/2009 10:38:30 | Computer Name = D14ZJBC1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows CardSpace service
to connect.

Error - 30/11/2009 10:38:30 | Computer Name = D14ZJBC1 | Source = Service Control Manager | ID = 7000
Description = The Windows CardSpace service failed to start due to the following
error: %%1053

Error - 30/11/2009 10:41:22 | Computer Name = D14ZJBC1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2000 Service Pack 4 (KB960082).

Error - 30/11/2009 12:55:45 | Computer Name = D14ZJBC1 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 30/11/2009 12:55:45 | Computer Name = D14ZJBC1 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 30/11/2009 14:44:59 | Computer Name = D14ZJBC1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2000 Service Pack 4 (KB960082).

Error - 30/11/2009 14:49:24 | Computer Name = D14ZJBC1 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 30/11/2009 14:49:24 | Computer Name = D14ZJBC1 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >
----


Thanks for your speedy reply :(

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:49 PM

Posted 30 November 2009 - 06:18 PM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2009/11/20 01:21:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Czuhirawaxo.bin
    [2009/11/20 01:21:39 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Hwotahala.dat
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\muhafoji.dll) - C:\WINDOWS\System32\muhafoji.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\pilopume.dll) - C:\WINDOWS\System32\pilopume.dll File not found
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

=====================

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 nyrinia

nyrinia
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 30 November 2009 - 07:01 PM

Results!!

From OTL:

All processes killed
========== OTL ==========
C:\WINDOWS\Czuhirawaxo.bin moved successfully.
C:\WINDOWS\Hwotahala.dat moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\muhafoji.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\pilopume.dll deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 10075796 bytes

User: MDT

User: NetworkService
->Temp folder emptied: 2085570 bytes
->Temporary Internet Files folder emptied: 139639890 bytes

User: solu
->Temp folder emptied: 2979063 bytes
->Temporary Internet Files folder emptied: 57542190 bytes
->Java cache emptied: 5720668 bytes
->FireFox cache emptied: 77012006 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2063889 bytes
Windows Temp folder emptied: 2436568 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23970066 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 630215756 bytes

Total Files Cleaned = 909.77 mb


OTL by OldTimer - Version 3.1.11.4 log created on 11302009_183331

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_728.dat moved successfully.

Registry entries deleted on Reboot...


From TDS Killer:


Host Name: D14ZJBC1
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Sarah Olutola
Registered Organization:
Product ID: 76487-OEM-0011903-00825
Original Install Date: 18/01/2007, 22:46:53
System Up Time: 0 Days, 0 Hours, 16 Minutes, 53 Seconds
System Manufacturer: Dell Inc.
System Model: MXC061
System type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x86 Family 6 Model 14 Stepping 8 GenuineIntel ~1596 Mhz
BIOS Version: DELL - 27d60c12
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT-05:00) Eastern Time (US & Canada)
Total Physical Memory: 1,014 MB
Available Physical Memory: 228 MB
Virtual Memory: Max Size: 2,048 MB
Virtual Memory: Available: 1,990 MB
Virtual Memory: In Use: 58 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\D14ZJBC1
Hotfix(s): 233 Hotfix(s) Installed.
[01]: EmeraldQFE2 - Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: File 1
[64]: File 1
[65]: File 1
[66]: File 1
[67]: File 1
[68]: File 1
[69]: File 1
[70]: File 1
[71]: File 1
[72]: File 1
[73]: File 1
[74]: File 1
[75]: File 1
[76]: File 1
[77]: File 1
[78]: File 1
[79]: File 1
[80]: File 1
[81]: File 1
[82]: File 1
[83]: File 1
[84]: File 1
[85]: File 1
[86]: File 1
[87]: File 1
[88]: File 1
[89]: File 1
[90]: File 1
[91]: File 1
[92]: File 1
[93]: File 1
[94]: File 1
[95]: File 1
[96]: File 1
[97]: File 1
[98]: File 1
[99]: File 1
[100]: File 1
[101]: Q147222
[102]: KB887998 - QFE
[103]: KB930494 - QFE
[104]: KB953295 - QFE
[105]: SP3 - SP
[106]: M953297 - Update
[107]: S867460 - Update
[108]: KB900325 - Update
[109]: Q927978
[110]: Q936181
[111]: Q954430
[112]: Q973688
[113]: IDNMitigationAPIs - Update
[114]: NLSDownlevelMapping - Update
[115]: KB929399
[116]: KB952069_WM9
[117]: KB954155_WM9
[118]: KB968816_WM9
[119]: KB973540_WM9
[120]: KB913800
[121]: KB917734_WMP10
[122]: KB926251
[123]: KB936782_WMP10
[124]: EmeraldQFE2 - Update
[125]: KB936782_WMP11
[126]: KB939683
[127]: KB954154_WM11
[128]: KB959772_WM11
[129]: KB925398_WMP64
[130]: KB923689
[131]: KB941569
[132]: KB928090-IE7 - Update
[133]: KB929969 - Update
[134]: KB931768-IE7 - Update
[135]: KB933566-IE7 - Update
[136]: KB937143-IE7 - Update
[137]: KB938127-IE7 - Update
[138]: KB939653-IE7 - Update
[139]: KB942615-IE7 - Update
[140]: KB944533-IE7 - Update
[141]: KB947864-IE7 - Update
[142]: KB950759-IE7 - Update
[143]: KB953838-IE7 - Update
[144]: KB956390-IE7 - Update
[145]: KB958215-IE7 - Update
[146]: KB960714-IE7 - Update
[147]: KB961260-IE7 - Update
[148]: KB963027-IE7 - Update
[149]: KB969897-IE7 - Update
[150]: KB971961-IE8 - Update
[151]: KB972260-IE7 - Update
[152]: KB973874-IE8 - Update
[153]: KB974455-IE7 - Update
[154]: KB974455-IE8 - Update
[155]: KB976749-IE8 - Update
[156]: MSCompPackV1 - Update
[157]: KB929969 - Update
[158]: KB936929 - Service Pack
[159]: KB953295 - Update
[160]: KB923561 - Update
[161]: KB938464 - Update
[162]: KB938464-v2 - Update
[163]: KB946648 - Update
[164]: KB950760 - Update
[165]: KB950762 - Update
[166]: KB950974 - Update
[167]: KB951066 - Update
[168]: KB951072-v2 - Update
[169]: KB951376 - Update
[170]: KB951376-v2 - Update
[171]: KB951698 - Update
[172]: KB951748 - Update
[173]: KB951978 - Update
[174]: KB952004 - Update
[175]: KB952287 - Update
[176]: KB952954 - Update
[177]: KB953839 - Update
[178]: KB954211 - Update
[179]: KB954459 - Update
[180]: KB954550-v5 - Update
[181]: KB954600 - Update
[182]: KB954708 - Update
[183]: KB955069 - Update
[184]: KB955839 - Update
[185]: KB956391 - Update
[186]: KB956572 - Update
[187]: KB956744 - Update
[188]: KB956802 - Update
[189]: KB956803 - Update
[190]: KB956841 - Update
[191]: KB956844 - Update
[192]: KB957095 - Update
[193]: KB957097 - Update
[194]: KB958644 - Update
[195]: KB958687 - Update
[196]: KB958690 - Update
[197]: KB958869 - Update
[198]: KB959426 - Update
[199]: KB960225 - Update
[200]: KB960715 - Update
[201]: KB960803 - Update
[202]: KB960859 - Update
[203]: KB961118 - Update
[204]: KB961371 - Update
[205]: KB961373 - Update
[206]: KB961501 - Update
[207]: KB961503 - Update
[208]: KB967715 - Update
[209]: KB968389 - U

NetWork Card(s): 3 NIC(s) Installed.
[01]: Broadcom 440x 10/100 Integrated Controller
Connection Name: Local Area Connection
Status: Media disconnected
[02]: Dell Wireless 1390 WLAN Mini-Card
Connection Name: Wireless Network Connection 2
DHCP Enabled: Yes
DHCP Server: 192.168.1.1
IP address(es)
[01]: 192.168.1.100
[03]: 1394 Net Adapter
Connection Name: 1394 Connection
DHCP Enabled: Yes
DHCP Server: N/A
IP address(es)
18:56:33:218 1916 ForceUnloadDriver: NtUnloadDriver error 2
18:56:33:218 1916 ForceUnloadDriver: NtUnloadDriver error 2
18:56:33:218 1916 ForceUnloadDriver: NtUnloadDriver error 2
18:56:33:234 1916 main: Driver KLMD successfully dropped
18:56:33:234 1916 main: Driver KLMD successfully loaded
18:56:33:234 1916
Scanning Registry ...
18:56:33:234 1916 ScanServices: Searching service UACd.sys
18:56:33:234 1916 ScanServices: Open/Create key error 2
18:56:33:234 1916 ScanServices: Searching service TDSSserv.sys
18:56:33:234 1916 ScanServices: Open/Create key error 2
18:56:33:234 1916 ScanServices: Searching service gaopdxserv.sys
18:56:33:234 1916 ScanServices: Open/Create key error 2
18:56:33:234 1916 ScanServices: Searching service gxvxcserv.sys
18:56:33:234 1916 ScanServices: Open/Create key error 2
18:56:33:234 1916 ScanServices: Searching service MSIVXserv.sys
18:56:33:234 1916 ScanServices: Open/Create key error 2
18:56:33:234 1916 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
18:56:33:234 1916 UnhookRegistry: Kernel local addr: 1030000
18:56:33:234 1916 UnhookRegistry: KeServiceDescriptorTable addr: 10B5700
18:56:33:250 1916 UnhookRegistry: KiServiceTable addr: 105D460
18:56:33:250 1916 UnhookRegistry: NtEnumerateKey service number (local): 47
18:56:33:250 1916 UnhookRegistry: NtEnumerateKey local addr: 117CFF2
18:56:33:250 1916 KLMD_OpenDevice: Trying to open KLMD device
18:56:33:250 1916 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
18:56:33:250 1916 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4]
18:56:33:250 1916 UnhookRegistry: NtEnumerateKey service number (kernel): 47
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4]
18:56:33:250 1916 UnhookRegistry: NtEnumerateKey real addr: 80623FF2
18:56:33:250 1916 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2
18:56:33:250 1916 UnhookRegistry: No SDT hooks found on NtEnumerateKey
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA]
18:56:33:250 1916 UnhookRegistry: No splicing found on NtEnumerateKey
18:56:33:250 1916
Scanning Kernel memory ...
18:56:33:250 1916 KLMD_OpenDevice: Trying to open KLMD device
18:56:33:250 1916 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
18:56:33:250 1916 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
18:56:33:250 1916 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86F212E0
18:56:33:250 1916 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects
18:56:33:250 1916 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 86F3EC68
18:56:33:250 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F3EC68
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F3EC68[0x38]
18:56:33:250 1916 DetectCureTDL3: DRIVER_OBJECT addr: 86F212E0
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F212E0[0xA8]
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0xE18AFF00[0x208]
18:56:33:250 1916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:56:33:250 1916 DetectCureTDL3: IrpHandler (0) addr: F7603BB0
18:56:33:250 1916 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (2) addr: F7603BB0
18:56:33:250 1916 DetectCureTDL3: IrpHandler (3) addr: F75FDD1F
18:56:33:250 1916 DetectCureTDL3: IrpHandler (4) addr: F75FDD1F
18:56:33:250 1916 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (9) addr: F75FE2E2
18:56:33:250 1916 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (14) addr: F75FE3BB
18:56:33:250 1916 DetectCureTDL3: IrpHandler (15) addr: F7601F28
18:56:33:250 1916 DetectCureTDL3: IrpHandler (16) addr: F75FE2E2
18:56:33:250 1916 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (22) addr: F75FFC82
18:56:33:250 1916 DetectCureTDL3: IrpHandler (23) addr: F760499E
18:56:33:250 1916 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:56:33:250 1916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:250 1916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:250 1916 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 86F1BC68
18:56:33:250 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F1BC68
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F1BC68[0x38]
18:56:33:250 1916 DetectCureTDL3: DRIVER_OBJECT addr: 86F212E0
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F212E0[0xA8]
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0xE18AFF00[0x208]
18:56:33:250 1916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:56:33:250 1916 DetectCureTDL3: IrpHandler (0) addr: F7603BB0
18:56:33:250 1916 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (2) addr: F7603BB0
18:56:33:250 1916 DetectCureTDL3: IrpHandler (3) addr: F75FDD1F
18:56:33:250 1916 DetectCureTDL3: IrpHandler (4) addr: F75FDD1F
18:56:33:250 1916 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (9) addr: F75FE2E2
18:56:33:250 1916 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (14) addr: F75FE3BB
18:56:33:250 1916 DetectCureTDL3: IrpHandler (15) addr: F7601F28
18:56:33:250 1916 DetectCureTDL3: IrpHandler (16) addr: F75FE2E2
18:56:33:250 1916 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (22) addr: F75FFC82
18:56:33:250 1916 DetectCureTDL3: IrpHandler (23) addr: F760499E
18:56:33:250 1916 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:56:33:250 1916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:250 1916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:250 1916 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 86F7BC68
18:56:33:250 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F7BC68
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F7BC68[0x38]
18:56:33:250 1916 DetectCureTDL3: DRIVER_OBJECT addr: 86F212E0
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F212E0[0xA8]
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0xE18AFF00[0x208]
18:56:33:250 1916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:56:33:250 1916 DetectCureTDL3: IrpHandler (0) addr: F7603BB0
18:56:33:250 1916 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (2) addr: F7603BB0
18:56:33:250 1916 DetectCureTDL3: IrpHandler (3) addr: F75FDD1F
18:56:33:250 1916 DetectCureTDL3: IrpHandler (4) addr: F75FDD1F
18:56:33:250 1916 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (9) addr: F75FE2E2
18:56:33:250 1916 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (14) addr: F75FE3BB
18:56:33:250 1916 DetectCureTDL3: IrpHandler (15) addr: F7601F28
18:56:33:250 1916 DetectCureTDL3: IrpHandler (16) addr: F75FE2E2
18:56:33:250 1916 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (22) addr: F75FFC82
18:56:33:250 1916 DetectCureTDL3: IrpHandler (23) addr: F760499E
18:56:33:250 1916 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:56:33:250 1916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:250 1916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:265 1916 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 86F3FC68
18:56:33:265 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F3FC68
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F3FC68[0x38]
18:56:33:265 1916 DetectCureTDL3: DRIVER_OBJECT addr: 86F212E0
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F212E0[0xA8]
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0xE18AFF00[0x208]
18:56:33:265 1916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:56:33:265 1916 DetectCureTDL3: IrpHandler (0) addr: F7603BB0
18:56:33:265 1916 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (2) addr: F7603BB0
18:56:33:265 1916 DetectCureTDL3: IrpHandler (3) addr: F75FDD1F
18:56:33:265 1916 DetectCureTDL3: IrpHandler (4) addr: F75FDD1F
18:56:33:265 1916 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (9) addr: F75FE2E2
18:56:33:265 1916 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (14) addr: F75FE3BB
18:56:33:265 1916 DetectCureTDL3: IrpHandler (15) addr: F7601F28
18:56:33:265 1916 DetectCureTDL3: IrpHandler (16) addr: F75FE2E2
18:56:33:265 1916 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (22) addr: F75FFC82
18:56:33:265 1916 DetectCureTDL3: IrpHandler (23) addr: F760499E
18:56:33:265 1916 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:56:33:265 1916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:265 1916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:265 1916 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86F1DAB8
18:56:33:265 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F1DAB8
18:56:33:265 1916 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86F8B310
18:56:33:265 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F8B310
18:56:33:265 1916 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86F44940
18:56:33:265 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F44940
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F44940[0x38]
18:56:33:265 1916 DetectCureTDL3: DRIVER_OBJECT addr: 86F6B388
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F6B388[0xA8]
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F89030[0x38]
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F8B880[0xA8]
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0xE18381A8[0x208]
18:56:33:265 1916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
18:56:33:265 1916 DetectCureTDL3: IrpHandler (0) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (1) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (2) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (3) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (4) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (5) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (6) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (7) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (8) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (9) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (10) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (11) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (12) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (13) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (14) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (15) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (16) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (17) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (18) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (19) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (20) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (21) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (22) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (23) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (24) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (25) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (26) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: All IRP handlers pointed to one addr: 86F48369
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F48369[0x400]
18:56:33:265 1916 TDL3_HookDetect: TDL3 is already cured
18:56:33:265 1916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\atapi.sys
18:56:33:265 1916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\atapi.sys
18:56:33:265 1916 KLMD_CreateFileW: DeviceIoControl error 2
18:56:33:265 1916 TDL3_FileDetect: Driver file C:\WINDOWS\system32\Drivers\atapi.sys not found!
18:56:33:265 1916
Completed

Results:
18:56:33:265 1916 Infected / Cured drivers in memory: 0 / 0
18:56:33:265 1916 Infected / Cured drivers on disk: 0 / 0
18:56:33:265 1916 Files deleted on next reboot: 0
18:56:33:265 1916 Registry nodes deleted on next reboot: 0
18:56:33:265 1916


----

I doubled clicked on TDSSK at first and as soon as I did, my Avast popped up and said Malware Was Found: C:\WINDOWS\system32\drivers\atapi.sys. But when I press "Move to chest" it keeps popping up. I don't want to delete it because I don't know if it might delete something I might need (I did that before and it screwed up my computer). What should I do?

Results!!

From OTL:

All processes killed
========== OTL ==========
C:\WINDOWS\Czuhirawaxo.bin moved successfully.
C:\WINDOWS\Hwotahala.dat moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\muhafoji.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\pilopume.dll deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 10075796 bytes

User: MDT

User: NetworkService
->Temp folder emptied: 2085570 bytes
->Temporary Internet Files folder emptied: 139639890 bytes

User: solu
->Temp folder emptied: 2979063 bytes
->Temporary Internet Files folder emptied: 57542190 bytes
->Java cache emptied: 5720668 bytes
->FireFox cache emptied: 77012006 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2063889 bytes
Windows Temp folder emptied: 2436568 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23970066 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 630215756 bytes

Total Files Cleaned = 909.77 mb


OTL by OldTimer - Version 3.1.11.4 log created on 11302009_183331

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_728.dat moved successfully.

Registry entries deleted on Reboot...


From TDS Killer:


Host Name: D14ZJBC1
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Sarah Olutola
Registered Organization:
Product ID: 76487-OEM-0011903-00825
Original Install Date: 18/01/2007, 22:46:53
System Up Time: 0 Days, 0 Hours, 16 Minutes, 53 Seconds
System Manufacturer: Dell Inc.
System Model: MXC061
System type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x86 Family 6 Model 14 Stepping 8 GenuineIntel ~1596 Mhz
BIOS Version: DELL - 27d60c12
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT-05:00) Eastern Time (US & Canada)
Total Physical Memory: 1,014 MB
Available Physical Memory: 228 MB
Virtual Memory: Max Size: 2,048 MB
Virtual Memory: Available: 1,990 MB
Virtual Memory: In Use: 58 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\D14ZJBC1
Hotfix(s): 233 Hotfix(s) Installed.
[01]: EmeraldQFE2 - Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: File 1
[64]: File 1
[65]: File 1
[66]: File 1
[67]: File 1
[68]: File 1
[69]: File 1
[70]: File 1
[71]: File 1
[72]: File 1
[73]: File 1
[74]: File 1
[75]: File 1
[76]: File 1
[77]: File 1
[78]: File 1
[79]: File 1
[80]: File 1
[81]: File 1
[82]: File 1
[83]: File 1
[84]: File 1
[85]: File 1
[86]: File 1
[87]: File 1
[88]: File 1
[89]: File 1
[90]: File 1
[91]: File 1
[92]: File 1
[93]: File 1
[94]: File 1
[95]: File 1
[96]: File 1
[97]: File 1
[98]: File 1
[99]: File 1
[100]: File 1
[101]: Q147222
[102]: KB887998 - QFE
[103]: KB930494 - QFE
[104]: KB953295 - QFE
[105]: SP3 - SP
[106]: M953297 - Update
[107]: S867460 - Update
[108]: KB900325 - Update
[109]: Q927978
[110]: Q936181
[111]: Q954430
[112]: Q973688
[113]: IDNMitigationAPIs - Update
[114]: NLSDownlevelMapping - Update
[115]: KB929399
[116]: KB952069_WM9
[117]: KB954155_WM9
[118]: KB968816_WM9
[119]: KB973540_WM9
[120]: KB913800
[121]: KB917734_WMP10
[122]: KB926251
[123]: KB936782_WMP10
[124]: EmeraldQFE2 - Update
[125]: KB936782_WMP11
[126]: KB939683
[127]: KB954154_WM11
[128]: KB959772_WM11
[129]: KB925398_WMP64
[130]: KB923689
[131]: KB941569
[132]: KB928090-IE7 - Update
[133]: KB929969 - Update
[134]: KB931768-IE7 - Update
[135]: KB933566-IE7 - Update
[136]: KB937143-IE7 - Update
[137]: KB938127-IE7 - Update
[138]: KB939653-IE7 - Update
[139]: KB942615-IE7 - Update
[140]: KB944533-IE7 - Update
[141]: KB947864-IE7 - Update
[142]: KB950759-IE7 - Update
[143]: KB953838-IE7 - Update
[144]: KB956390-IE7 - Update
[145]: KB958215-IE7 - Update
[146]: KB960714-IE7 - Update
[147]: KB961260-IE7 - Update
[148]: KB963027-IE7 - Update
[149]: KB969897-IE7 - Update
[150]: KB971961-IE8 - Update
[151]: KB972260-IE7 - Update
[152]: KB973874-IE8 - Update
[153]: KB974455-IE7 - Update
[154]: KB974455-IE8 - Update
[155]: KB976749-IE8 - Update
[156]: MSCompPackV1 - Update
[157]: KB929969 - Update
[158]: KB936929 - Service Pack
[159]: KB953295 - Update
[160]: KB923561 - Update
[161]: KB938464 - Update
[162]: KB938464-v2 - Update
[163]: KB946648 - Update
[164]: KB950760 - Update
[165]: KB950762 - Update
[166]: KB950974 - Update
[167]: KB951066 - Update
[168]: KB951072-v2 - Update
[169]: KB951376 - Update
[170]: KB951376-v2 - Update
[171]: KB951698 - Update
[172]: KB951748 - Update
[173]: KB951978 - Update
[174]: KB952004 - Update
[175]: KB952287 - Update
[176]: KB952954 - Update
[177]: KB953839 - Update
[178]: KB954211 - Update
[179]: KB954459 - Update
[180]: KB954550-v5 - Update
[181]: KB954600 - Update
[182]: KB954708 - Update
[183]: KB955069 - Update
[184]: KB955839 - Update
[185]: KB956391 - Update
[186]: KB956572 - Update
[187]: KB956744 - Update
[188]: KB956802 - Update
[189]: KB956803 - Update
[190]: KB956841 - Update
[191]: KB956844 - Update
[192]: KB957095 - Update
[193]: KB957097 - Update
[194]: KB958644 - Update
[195]: KB958687 - Update
[196]: KB958690 - Update
[197]: KB958869 - Update
[198]: KB959426 - Update
[199]: KB960225 - Update
[200]: KB960715 - Update
[201]: KB960803 - Update
[202]: KB960859 - Update
[203]: KB961118 - Update
[204]: KB961371 - Update
[205]: KB961373 - Update
[206]: KB961501 - Update
[207]: KB961503 - Update
[208]: KB967715 - Update
[209]: KB968389 - U

NetWork Card(s): 3 NIC(s) Installed.
[01]: Broadcom 440x 10/100 Integrated Controller
Connection Name: Local Area Connection
Status: Media disconnected
[02]: Dell Wireless 1390 WLAN Mini-Card
Connection Name: Wireless Network Connection 2
DHCP Enabled: Yes
DHCP Server: 192.168.1.1
IP address(es)
[01]: 192.168.1.100
[03]: 1394 Net Adapter
Connection Name: 1394 Connection
DHCP Enabled: Yes
DHCP Server: N/A
IP address(es)
18:56:33:218 1916 ForceUnloadDriver: NtUnloadDriver error 2
18:56:33:218 1916 ForceUnloadDriver: NtUnloadDriver error 2
18:56:33:218 1916 ForceUnloadDriver: NtUnloadDriver error 2
18:56:33:234 1916 main: Driver KLMD successfully dropped
18:56:33:234 1916 main: Driver KLMD successfully loaded
18:56:33:234 1916
Scanning Registry ...
18:56:33:234 1916 ScanServices: Searching service UACd.sys
18:56:33:234 1916 ScanServices: Open/Create key error 2
18:56:33:234 1916 ScanServices: Searching service TDSSserv.sys
18:56:33:234 1916 ScanServices: Open/Create key error 2
18:56:33:234 1916 ScanServices: Searching service gaopdxserv.sys
18:56:33:234 1916 ScanServices: Open/Create key error 2
18:56:33:234 1916 ScanServices: Searching service gxvxcserv.sys
18:56:33:234 1916 ScanServices: Open/Create key error 2
18:56:33:234 1916 ScanServices: Searching service MSIVXserv.sys
18:56:33:234 1916 ScanServices: Open/Create key error 2
18:56:33:234 1916 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
18:56:33:234 1916 UnhookRegistry: Kernel local addr: 1030000
18:56:33:234 1916 UnhookRegistry: KeServiceDescriptorTable addr: 10B5700
18:56:33:250 1916 UnhookRegistry: KiServiceTable addr: 105D460
18:56:33:250 1916 UnhookRegistry: NtEnumerateKey service number (local): 47
18:56:33:250 1916 UnhookRegistry: NtEnumerateKey local addr: 117CFF2
18:56:33:250 1916 KLMD_OpenDevice: Trying to open KLMD device
18:56:33:250 1916 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
18:56:33:250 1916 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4]
18:56:33:250 1916 UnhookRegistry: NtEnumerateKey service number (kernel): 47
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4]
18:56:33:250 1916 UnhookRegistry: NtEnumerateKey real addr: 80623FF2
18:56:33:250 1916 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2
18:56:33:250 1916 UnhookRegistry: No SDT hooks found on NtEnumerateKey
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA]
18:56:33:250 1916 UnhookRegistry: No splicing found on NtEnumerateKey
18:56:33:250 1916
Scanning Kernel memory ...
18:56:33:250 1916 KLMD_OpenDevice: Trying to open KLMD device
18:56:33:250 1916 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
18:56:33:250 1916 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
18:56:33:250 1916 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86F212E0
18:56:33:250 1916 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects
18:56:33:250 1916 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 86F3EC68
18:56:33:250 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F3EC68
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F3EC68[0x38]
18:56:33:250 1916 DetectCureTDL3: DRIVER_OBJECT addr: 86F212E0
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F212E0[0xA8]
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0xE18AFF00[0x208]
18:56:33:250 1916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:56:33:250 1916 DetectCureTDL3: IrpHandler (0) addr: F7603BB0
18:56:33:250 1916 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (2) addr: F7603BB0
18:56:33:250 1916 DetectCureTDL3: IrpHandler (3) addr: F75FDD1F
18:56:33:250 1916 DetectCureTDL3: IrpHandler (4) addr: F75FDD1F
18:56:33:250 1916 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (9) addr: F75FE2E2
18:56:33:250 1916 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (14) addr: F75FE3BB
18:56:33:250 1916 DetectCureTDL3: IrpHandler (15) addr: F7601F28
18:56:33:250 1916 DetectCureTDL3: IrpHandler (16) addr: F75FE2E2
18:56:33:250 1916 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (22) addr: F75FFC82
18:56:33:250 1916 DetectCureTDL3: IrpHandler (23) addr: F760499E
18:56:33:250 1916 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:56:33:250 1916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:250 1916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:250 1916 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 86F1BC68
18:56:33:250 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F1BC68
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F1BC68[0x38]
18:56:33:250 1916 DetectCureTDL3: DRIVER_OBJECT addr: 86F212E0
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F212E0[0xA8]
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0xE18AFF00[0x208]
18:56:33:250 1916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:56:33:250 1916 DetectCureTDL3: IrpHandler (0) addr: F7603BB0
18:56:33:250 1916 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (2) addr: F7603BB0
18:56:33:250 1916 DetectCureTDL3: IrpHandler (3) addr: F75FDD1F
18:56:33:250 1916 DetectCureTDL3: IrpHandler (4) addr: F75FDD1F
18:56:33:250 1916 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (9) addr: F75FE2E2
18:56:33:250 1916 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (14) addr: F75FE3BB
18:56:33:250 1916 DetectCureTDL3: IrpHandler (15) addr: F7601F28
18:56:33:250 1916 DetectCureTDL3: IrpHandler (16) addr: F75FE2E2
18:56:33:250 1916 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (22) addr: F75FFC82
18:56:33:250 1916 DetectCureTDL3: IrpHandler (23) addr: F760499E
18:56:33:250 1916 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:56:33:250 1916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:250 1916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:250 1916 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 86F7BC68
18:56:33:250 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F7BC68
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F7BC68[0x38]
18:56:33:250 1916 DetectCureTDL3: DRIVER_OBJECT addr: 86F212E0
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F212E0[0xA8]
18:56:33:250 1916 KLMD_ReadMem: Trying to ReadMemory 0xE18AFF00[0x208]
18:56:33:250 1916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:56:33:250 1916 DetectCureTDL3: IrpHandler (0) addr: F7603BB0
18:56:33:250 1916 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (2) addr: F7603BB0
18:56:33:250 1916 DetectCureTDL3: IrpHandler (3) addr: F75FDD1F
18:56:33:250 1916 DetectCureTDL3: IrpHandler (4) addr: F75FDD1F
18:56:33:250 1916 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (9) addr: F75FE2E2
18:56:33:250 1916 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (14) addr: F75FE3BB
18:56:33:250 1916 DetectCureTDL3: IrpHandler (15) addr: F7601F28
18:56:33:250 1916 DetectCureTDL3: IrpHandler (16) addr: F75FE2E2
18:56:33:250 1916 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (22) addr: F75FFC82
18:56:33:250 1916 DetectCureTDL3: IrpHandler (23) addr: F760499E
18:56:33:250 1916 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:56:33:250 1916 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:56:33:250 1916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:250 1916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:265 1916 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 86F3FC68
18:56:33:265 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F3FC68
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F3FC68[0x38]
18:56:33:265 1916 DetectCureTDL3: DRIVER_OBJECT addr: 86F212E0
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F212E0[0xA8]
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0xE18AFF00[0x208]
18:56:33:265 1916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:56:33:265 1916 DetectCureTDL3: IrpHandler (0) addr: F7603BB0
18:56:33:265 1916 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (2) addr: F7603BB0
18:56:33:265 1916 DetectCureTDL3: IrpHandler (3) addr: F75FDD1F
18:56:33:265 1916 DetectCureTDL3: IrpHandler (4) addr: F75FDD1F
18:56:33:265 1916 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (9) addr: F75FE2E2
18:56:33:265 1916 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (14) addr: F75FE3BB
18:56:33:265 1916 DetectCureTDL3: IrpHandler (15) addr: F7601F28
18:56:33:265 1916 DetectCureTDL3: IrpHandler (16) addr: F75FE2E2
18:56:33:265 1916 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (22) addr: F75FFC82
18:56:33:265 1916 DetectCureTDL3: IrpHandler (23) addr: F760499E
18:56:33:265 1916 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:56:33:265 1916 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:56:33:265 1916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:265 1916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
18:56:33:265 1916 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86F1DAB8
18:56:33:265 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F1DAB8
18:56:33:265 1916 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86F8B310
18:56:33:265 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F8B310
18:56:33:265 1916 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86F44940
18:56:33:265 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F44940
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F44940[0x38]
18:56:33:265 1916 DetectCureTDL3: DRIVER_OBJECT addr: 86F6B388
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F6B388[0xA8]
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F89030[0x38]
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F8B880[0xA8]
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0xE18381A8[0x208]
18:56:33:265 1916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
18:56:33:265 1916 DetectCureTDL3: IrpHandler (0) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (1) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (2) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (3) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (4) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (5) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (6) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (7) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (8) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (9) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (10) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (11) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (12) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (13) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (14) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (15) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (16) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (17) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (18) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (19) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (20) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (21) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (22) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (23) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (24) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (25) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: IrpHandler (26) addr: 86F48369
18:56:33:265 1916 DetectCureTDL3: All IRP handlers pointed to one addr: 86F48369
18:56:33:265 1916 KLMD_ReadMem: Trying to ReadMemory 0x86F48369[0x400]
18:56:33:265 1916 TDL3_HookDetect: TDL3 is already cured
18:56:33:265 1916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\atapi.sys
18:56:33:265 1916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\atapi.sys
18:56:33:265 1916 KLMD_CreateFileW: DeviceIoControl error 2
18:56:33:265 1916 TDL3_FileDetect: Driver file C:\WINDOWS\system32\Drivers\atapi.sys not found!
18:56:33:265 1916
Completed

Results:
18:56:33:265 1916 Infected / Cured drivers in memory: 0 / 0
18:56:33:265 1916 Infected / Cured drivers on disk: 0 / 0
18:56:33:265 1916 Files deleted on next reboot: 0
18:56:33:265 1916 Registry nodes deleted on next reboot: 0
18:56:33:265 1916


----

I doubled clicked on TDSSK at first and as soon as I did, my Avast popped up and said Malware Was Found: C:\WINDOWS\system32\drivers\atapi.sys. But when I press "Move to chest" it says "avast! the system cannot find the file specified". Then when I click OK, the flashing Malware Was Found window pops up again. I don't want to delete it because I don't know if it might delete something I might need (I did that before and it screwed up my computer). What should I do?

Edited by nyrinia, 30 November 2009 - 07:03 PM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:49 PM

Posted 30 November 2009 - 07:25 PM

Are you still being redirected from Google searches?

Please post a new log from Gmer.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 nyrinia

nyrinia
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 01 December 2009 - 01:00 AM

Hi! I don't have the problem anymore! Things seem to be working smoothly! Just in case, here's the scan from GMER:

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-01 00:58:49
Windows 5.1.2600 Service Pack 3
Running: s3cr0obk.exe; Driver: C:\DOCUME~1\SARAHO~1\LOCALS~1\Temp\awloapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA95816B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA9581574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA9581A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA958114C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA958164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA958108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA95810F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA958176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA958172E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA95818AE]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xF7B97812]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[1484] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[1528] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003A0002
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003A0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat A7816D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----



I'm so happy :( Thank you so much and if there's anything else I need to do (just for fine tuning or whatever else) please let me know! You guys are awesome!! :(

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:49 PM

Posted 01 December 2009 - 08:21 AM

Looks good to me! :(

It's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 nyrinia

nyrinia
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 01 December 2009 - 06:46 PM

Done and done! Thanks again for all your help! :(

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:49 PM

Posted 01 December 2009 - 06:56 PM

I'm glad I could help you out! :(

Now that your problem appears to be resolved, this topic will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users