Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help... i have a virus with the name Backdoor.tidserv.l!st or something like this


  • This topic is locked This topic is locked
15 replies to this topic

#1 jackie1215

jackie1215

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 11 December 2009 - 08:01 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:43 PM, on 12/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesCommon FilesMotiveMcciCMService.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32svchost.exe
C:Program FilesTrend MicroAntiVirus 2007tavsvc.exe
C:Program FilesTrend MicroAntiVirus 2007Componentstmproxy.exe
C:Program FilesCanonCALCALMAIN.exe
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:WINDOWSehomeehtray.exe
C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesHPQuickPlayQPService.exe
C:WINDOWSsystem32mqsvc.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:WINDOWSsystem32mqtgsvc.exe
C:Program FilesPalmHotsync.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesHPDigital Imagingbinhpqthb08.exe
C:Program FilesYahoo!Yahoo! Music Jukeboxymetray.exe
C:Program FilesSprint music managerMEMonitor.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
C:Program FilesTrend MicroAntiVirus 2007tavui.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesNorton 360ScanStub.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&...amp;O=I&UT=
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:Program FilesHPSmart Web Printinghpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:Program FilesHPSmart Web Printinghpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:Program FilesYahoo!SearchSuggestYSearchSuggest.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:PROGRA~1COMMON~1SYMANT~1IDSIPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6CoIEPlg.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [hpWirelessAssistant] C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [QPService] "C:Program FilesHPQuickPlayQPService.exe"
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [QlbCtrl] %ProgramFiles%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKLM..Run: [Cpqset] C:Program FilesHPQDefault Settingscpqset.exe
O4 - HKLM..Run: [RecGuard] C:WindowsSMINSTRecGuard.exe
O4 - HKLM..Run: [Reminder] C:WindowsCREATORRemind_XP.exe
O4 - HKLM..Run: [Trend Micro AntiVirus 2007] C:Program FilesTrend MicroAntiVirus 2007tavui.exe -1 --delay 15
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [osCheck] "C:Program FilesNorton 360osCheck.exe"
O4 - HKLM..Run: [ISUSPM Startup] "C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - S-1-5-18 Startup: MEMonitor.lnk = C:Program FilesSprint music managerMEMonitor.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: MEMonitor.lnk = C:Program FilesSprint music managerMEMonitor.exe (User 'Default user')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:Program FilesVongoTray.exe (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:Program FilesSprint music managerMEMonitor.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:Program FilesPalmHotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe
O4 - Global Startup: ymetray.lnk = C:Program FilesYahoo!Yahoo! Music Jukeboxymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32tmlsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32tmlsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32tmlsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32tmlsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 - Filter hijack: text/html - {ab0361fe-f421-4348-933e-3c083d5a0790} - (no file)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardHP Quick Launch ButtonsAddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedVAScannercomHost.exe
O23 - Service: Symantec Eraser Service (EraserSvc10923) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:Program FilesSymantecLiveUpdateLuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:Program FilesCommon FilesMotiveMcciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:PROGRA~1COMMON~1SYMANT~1CCPD-LCsymlcsvc.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:Program FilesTrend MicroAntiVirus 2007tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:Program FilesTrend MicroAntiVirus 2007Componentstmproxy.exe

--
End of file - 14446 bytes

I forgot to mention that i am getting redirected to other random site from all search engines and both types of safe mode options are not working.

Merged posts. ~ OB

Edited by Orange Blossom, 11 December 2009 - 08:13 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:25 PM

Posted 12 December 2009 - 10:20 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 jackie1215

jackie1215
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 12 December 2009 - 01:51 PM

Ok these are the log files from the first tool and cannot run a full scan with the other tool. When i do, i get a blue computer screen saying that the computer had to shut down.


OTL logfile created on: 12/12/2009 11:50:45 AM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\HP\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.54 Mb Total Physical Memory | 140.89 Mb Available Physical Memory | 14.70% Memory free
2.26 Gb Paging File | 1.47 Gb Available in Paging File | 65.20% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.00 Gb Total Space | 60.15 Gb Free Space | 60.76% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.37 Gb Free Space | 11.64% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC136231091344
Current User Name: HP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/12 11:38:18 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP\Desktop\OTL.exe
PRC - [2009/10/28 00:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/06/22 05:49:23 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
PRC - [2009/06/22 05:49:04 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/25 07:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/05/08 16:44:18 | 04,613,384 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
PRC - [2008/04/08 09:09:10 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/02/21 16:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/02/05 13:29:20 | 00,054,512 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
PRC - [2007/09/18 08:29:34 | 00,951,640 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Sprint music manager\MEMonitor.exe
PRC - [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/03/11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007/03/11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/03/02 16:51:40 | 00,173,672 | R--- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
PRC - [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/19 16:48:58 | 00,251,408 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
PRC - [2007/01/10 18:19:26 | 00,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AntiVirus 2007\components\TmProxy.exe
PRC - [2006/08/24 12:40:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/07/11 22:55:34 | 00,102,400 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2006/06/19 12:33:12 | 00,163,840 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2006/06/16 23:22:46 | 00,794,713 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/05/18 17:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/05/03 23:58:26 | 00,458,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005/09/24 10:39:30 | 00,073,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
PRC - [2005/08/11 17:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/06/09 14:27:34 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe


========== Modules (SafeList) ==========

MOD - [2009/12/12 11:38:18 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP\Desktop\OTL.exe
MOD - [2006/08/25 09:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/08/31 19:41:53 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/05 21:32:08 | 01,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/06/22 05:49:23 | 00,117,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2009/06/22 05:49:04 | 00,004,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ)
SRV - [2009/03/26 14:42:00 | 00,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/04/08 09:09:10 | 00,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/02/21 16:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/08/22 02:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/03/11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/03/11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/01/31 13:55:42 | 00,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/19 16:48:58 | 00,251,408 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe -- (tavsvc)
SRV - [2007/01/10 18:19:26 | 00,566,872 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AntiVirus 2007\components\TmProxy.exe -- (tmproxy)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/08/24 12:40:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/06/12 14:27:28 | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/18 17:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/10/06 19:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 10:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
IE - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\S-1-5-21-849460004-3954182951-3734441233-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2008/04/14 08:56:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2008/04/14 08:55:59 | 00,000,000 | ---D | M]

[2009/05/18 19:29:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP\Application Data\Mozilla\Extensions
[2009/05/18 19:29:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\0wevdsia.default\extensions

O1 HOSTS File: (909 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-849460004-3954182951-3734441233-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\HP\Start Menu\Programs\StartUp\MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe (Smith Micro Software, Inc.)
O4 - Startup: C:\Documents and Settings\HP\Start Menu\Programs\StartUp\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\StartUp\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe File not found
O4 - Startup: C:\Documents and Settings\VALUED CUSTOMER\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\TmLsp.dll (Trend Micro Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\TmLsp.dll (Trend Micro Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\TmLsp.dll (Trend Micro Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\TmLsp.dll (Trend Micro Inc.)
O15 - HKLM\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-849460004-3954182951-3734441233-1005\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/08/25 14:14:12 | 00,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: ('autocheck autochk *') - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/10/10 06:15:33 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (52920744480342016)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/12 11:38:51 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP\Desktop\OTL.exe
[2009/12/11 13:06:31 | 01,410,704 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\FPSPR70.ocx
[2009/12/11 13:06:31 | 00,729,161 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\fpimage.dll
[2009/12/11 13:06:30 | 00,000,000 | ---D | C] -- C:\Program Files\Respondus LockDown Browser
[2009/12/11 13:06:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP\Application Data\InstallShield
[2009/12/06 14:22:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP\Application Data\QuosaDDM
[2009/12/06 12:51:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
[2009/12/06 09:48:06 | 00,000,000 | -HSD | C] -- C:\found.001
[2009/12/06 00:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP\Local Settings\Application Data\Symantec
[2009/12/05 22:23:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/12/05 21:39:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP\Application Data\Symantec
[2009/12/05 21:33:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/12/05 21:32:18 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2009/12/05 21:29:43 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/05 21:29:43 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/05 21:29:16 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/12/05 19:34:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP\Application Data\Malwarebytes
[2009/12/05 19:33:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/04 21:06:05 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\HP\Application Data\Smiley.ico
[2009/12/04 20:01:54 | 00,000,000 | ---D | C] -- C:\Program Files\PowerDataRecovery
[2009/12/04 19:08:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP\My Documents\trying to recover
[2009/12/04 17:29:23 | 00,000,000 | ---D | C] -- C:\Program Files\Restore My Files Data Recovery v6.01
[2009/12/04 16:20:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/04 16:02:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP\Local Settings\Application Data\urvaql
[2009/08/26 13:05:14 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\HP\Local Settings\Application Data\PUTTY.RND
[2008/10/10 16:55:39 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/17 18:59:59 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP\Local Settings\Application Data\FnF4.txt
[2008/05/08 15:21:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/24 17:29:06 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\HP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/17 15:17:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\HP
[2007/10/10 07:50:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\HP\Application Data\desktop.ini
[2007/10/10 07:50:09 | 00,051,192 | ---- | C] () -- C:\Documents and Settings\HP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/10/10 07:50:09 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\HP\Local Settings\Application Data\fusioncache.dat
[2007/10/10 07:50:09 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP\Local Settings\Application Data\DSwitch.txt
[2007/10/10 07:50:09 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP\Local Settings\Application Data\AtStart.txt
[2007/10/10 07:50:07 | 02,112,220 | -H-- | C] () -- C:\Documents and Settings\HP\Local Settings\Application Data\IconCache.db
[2007/10/10 07:50:06 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP\Local Settings\Application Data\QSwitch.txt
[2007/04/15 18:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Webroot
[2006/12/14 10:19:36 | 00,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/09/30 07:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2006/09/15 06:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/09/15 06:55:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/06/29 12:49:18 | 00,001,832 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 05:00:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/09/24 09:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/12 11:38:18 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP\Desktop\OTL.exe
[2009/12/12 11:14:58 | 00,001,660 | ---- | M] () -- C:\hpqp.ini
[2009/12/12 10:45:06 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/12 10:44:47 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2009/12/12 10:44:41 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/12 10:44:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/12 10:44:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/12 10:43:56 | 10,051,70688 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/11 18:47:15 | 00,394,542 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/11 18:47:15 | 00,056,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/11 18:47:13 | 00,457,446 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/11 18:39:02 | 08,912,896 | -H-- | M] () -- C:\Documents and Settings\HP\NTUSER.DAT
[2009/12/11 18:39:02 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\HP\ntuser.ini
[2009/12/11 18:38:29 | 02,112,220 | -H-- | M] () -- C:\Documents and Settings\HP\Local Settings\Application Data\IconCache.db
[2009/12/11 18:20:30 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\HP\Desktop\HijackThis.lnk
[2009/12/11 13:17:31 | 00,000,145 | ---- | M] () -- C:\Documents and Settings\HP\My Documents\Shortcut to Removable Disk (E).lnk
[2009/12/11 13:06:33 | 00,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LockDown Browser.lnk
[2009/12/10 16:22:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/10 16:00:29 | 01,609,728 | ---- | M] () -- C:\WINDOWS\MEDB.mdb
[2009/12/10 00:29:50 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/09 10:52:21 | 00,000,736 | ---- | M] () -- C:\WINDOWS\DigimaxMaster.INI
[2009/12/08 19:55:39 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/06 10:56:31 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\HP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/06 00:34:25 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/06 00:34:25 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/06 00:34:25 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/06 00:34:24 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/05 23:04:48 | 00,000,909 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/12/05 21:38:18 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.lnk
[2009/12/05 00:16:42 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/12/05 00:16:42 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/05 00:12:30 | 00,000,162 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/12/04 17:06:15 | 00,000,129 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Shortcut to Removable Disk (E).lnk
[2009/12/01 21:48:18 | 00,010,873 | ---- | M] () -- C:\Documents and Settings\HP\My Documents\Our Payments.xlsx
[2009/11/30 08:29:34 | 00,073,004 | ---- | M] () -- C:\Documents and Settings\HP\Desktop\Group_Research_Proposal_Arturo_Ermelinda.pptx
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/11 18:20:30 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\HP\Desktop\HijackThis.lnk
[2009/12/11 13:06:33 | 00,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LockDown Browser.lnk
[2009/12/09 10:52:18 | 00,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2009/12/05 21:38:17 | 00,001,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.lnk
[2009/12/05 21:29:43 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/05 21:29:43 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/05 00:16:42 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/12/05 00:16:42 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/12/04 17:06:21 | 00,000,145 | ---- | C] () -- C:\Documents and Settings\HP\My Documents\Shortcut to Removable Disk (E).lnk
[2009/12/04 17:06:15 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Shortcut to Removable Disk (E).lnk
[2009/11/30 08:29:31 | 00,073,004 | ---- | C] () -- C:\Documents and Settings\HP\Desktop\Group_Research_Proposal_Arturo_Ermelinda.pptx
[2008/06/20 22:37:34 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/01/20 18:52:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/10/16 11:40:06 | 00,091,520 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/04/15 17:58:10 | 00,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2007/04/15 17:48:15 | 00,000,571 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2007/02/17 14:33:27 | 00,000,116 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2007/02/17 14:23:35 | 00,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/02/17 14:19:04 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2006/09/15 07:55:32 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/15 07:52:20 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/15 07:32:05 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/15 07:11:43 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/15 05:51:38 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/15 05:51:29 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/15 05:51:29 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/15 05:51:28 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/15 05:51:27 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/15 05:51:27 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/29 13:18:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 12:46:56 | 00,000,162 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 12:43:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/04 01:07:34 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 12:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/16 14:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2002/08/27 14:26:58 | 00,028,316 | ---- | C] () -- C:\WINDOWS\System32\ntwks.dll

========== LOP Check ==========

[2006/11/04 23:30:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chasing Dogs Studios
[2008/01/20 18:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2007/10/15 17:24:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2006/11/06 22:27:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/11/04 13:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/04/24 18:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/05/10 20:07:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/10/10 05:33:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/03/22 16:03:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/12/05 22:23:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2006/11/04 23:30:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Chasing Dogs Studios
[2007/01/11 18:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\funkitron
[2006/09/30 23:08:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2006/11/06 22:27:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PlayFirst
[2007/04/24 18:52:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ulead Systems
[2007/05/10 20:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/09/30 10:49:04 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2005/10/31 09:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/04 08:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 07:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2006/03/15 22:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/13 03:07:12 | 00,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SWSetup\HDD\iastor.sys
[2005/10/13 03:07:12 | 00,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/15 22:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\nvata.sys
[2009/12/11 18:39:51 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2006/03/15 22:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

< MD5 for: [2004/08/04 07:59:44 | 00,095,360 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 07:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: [2004/08/04 08:07:42 | 00,042,368 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 08:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: [2005/10/13 03:07:12 | 00,874,240 | ---- | M] (INTEL CORPORATION) >
[2005/10/13 03:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\SWSetup\HDD\iastor.sys
[2005/10/13 03:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: [2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA CORPORATION) >
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\nvatabus.sys

< MD5 for: [2006/03/15 22:00:00 | 00,055,808 | ---- | M] (MICROSOFT CORPORATION) >
[2006/03/15 22:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: [2006/03/15 22:00:00 | 00,180,224 | ---- | M] (MICROSOFT CORPORATION) >
[2006/03/15 22:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< MD5 for: [2006/03/15 22:00:00 | 00,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2006/03/15 22:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: [2008/04/13 12:36:38 | 00,042,368 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: [2008/04/13 12:40:30 | 00,096,512 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys

< MD5 for: [2008/04/13 18:11:53 | 00,056,320 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll

< MD5 for: [2008/04/13 18:12:01 | 00,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll

< MD5 for: [2008/04/13 18:12:05 | 00,181,248 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< MD5 for: [2009/02/06 12:46:09 | 00,408,064 | ---- | M] (MICROSOFT CORPORATION) >
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: [2009/12/11 18:39:51 | 00,099,584 | ---- | M] (NVIDIA CORPORATION) >
[2009/12/11 18:39:51 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys

< %systemroot%\*. /mp /s >

< End of report >

< MD5 for: [2004/08/04 07:59:44 | 00,095,360 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 07:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: [2004/08/04 08:07:42 | 00,042,368 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 08:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: [2005/10/13 03:07:12 | 00,874,240 | ---- | M] (INTEL CORPORATION) >
[2005/10/13 03:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\SWSetup\HDD\iastor.sys
[2005/10/13 03:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: [2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA CORPORATION) >
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\nvata.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 09:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\nvatabus.sys

< MD5 for: [2006/03/15 22:00:00 | 00,055,808 | ---- | M] (MICROSOFT CORPORATION) >
[2006/03/15 22:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: [2006/03/15 22:00:00 | 00,180,224 | ---- | M] (MICROSOFT CORPORATION) >
[2006/03/15 22:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< MD5 for: [2006/03/15 22:00:00 | 00,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2006/03/15 22:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: [2008/04/13 12:36:38 | 00,042,368 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: [2008/04/13 12:40:30 | 00,096,512 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys

< MD5 for: [2008/04/13 18:11:53 | 00,056,320 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll

< MD5 for: [2008/04/13 18:12:01 | 00,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll

< MD5 for: [2008/04/13 18:12:05 | 00,181,248 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< MD5 for: [2009/02/06 12:46:09 | 00,408,064 | ---- | M] (MICROSOFT CORPORATION) >
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: [2009/12/11 18:39:51 | 00,099,584 | ---- | M] (NVIDIA CORPORATION) >
[2009/12/11 18:39:51 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys

< %systemroot%\*. /mp /s >

< End of report >

OTL Extras logfile created on: 12/12/2009 11:50:45 AM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\HP\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.54 Mb Total Physical Memory | 140.89 Mb Available Physical Memory | 14.70% Memory free
2.26 Gb Paging File | 1.47 Gb Available in Paging File | 65.20% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.00 Gb Total Space | 60.15 Gb Free Space | 60.76% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.37 Gb Free Space | 11.64% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC136231091344
Current User Name: HP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{32EF6F81-583E-4127-918D-D3768A8957C4}" = Palm
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}" = HP User Guides 0027
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71E4D679-20AB-41E9-A350-D5BF92088FFE}" = Trend Micro AntiVirus
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
"{E4D0041F-EF88-443B-8359-3CF8407FF729}" = SymNet
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATT-RC" = ATT-RC Self Support Tool
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_wis30B5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"CSCLIB" = Canon Camera Support Core Library
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"oggcodecs" = oggcodecs 0.71.0946
"PhotoStitch" = Canon Utilities PhotoStitch
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Shop for HP Supplies" = Shop for HP Supplies
"SprintMusicManagerA" = Sprint music manager
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WGA" = Windows Genuine Advantage Validation Tool
"WildTangent hplaptop Master Uninstall" = My HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! IE Suggest" = Yahoo! Search Suggest Add-on for IE7
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2009 1:48:37 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 439
Description = wuauclt (5020) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1022.

Error - 12/12/2009 1:48:38 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 485
Description = wuauclt (980) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/12/2009 1:48:38 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 490
Description = wuauclt (980) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
for read / write access failed with system error 1392 (0x00000570): "The file or
directory is corrupted and unreadable. ". The open file operation will fail with
error -1022 (0xfffffc02).

Error - 12/12/2009 1:48:38 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 439
Description = wuauclt (980) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1022.

Error - 12/12/2009 1:48:40 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 485
Description = wuauclt (2568) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/12/2009 1:48:40 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 490
Description = wuauclt (2568) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
for read / write access failed with system error 1392 (0x00000570): "The file or
directory is corrupted and unreadable. ". The open file operation will fail with
error -1022 (0xfffffc02).

Error - 12/12/2009 1:48:40 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 439
Description = wuauclt (2568) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1022.

Error - 12/12/2009 1:48:41 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 485
Description = wuauclt (1464) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/12/2009 1:48:41 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 490
Description = wuauclt (1464) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
for read / write access failed with system error 1392 (0x00000570): "The file or
directory is corrupted and unreadable. ". The open file operation will fail with
error -1022 (0xfffffc02).

Error - 12/12/2009 1:48:41 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 439
Description = wuauclt (1464) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1022.

[ Application Events ]
Error - 12/12/2009 1:48:37 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 439
Description = wuauclt (5020) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1022.

Error - 12/12/2009 1:48:38 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 485
Description = wuauclt (980) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/12/2009 1:48:38 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 490
Description = wuauclt (980) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
for read / write access failed with system error 1392 (0x00000570): "The file or
directory is corrupted and unreadable. ". The open file operation will fail with
error -1022 (0xfffffc02).

Error - 12/12/2009 1:48:38 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 439
Description = wuauclt (980) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1022.

Error - 12/12/2009 1:48:40 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 485
Description = wuauclt (2568) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/12/2009 1:48:40 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 490
Description = wuauclt (2568) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
for read / write access failed with system error 1392 (0x00000570): "The file or
directory is corrupted and unreadable. ". The open file operation will fail with
error -1022 (0xfffffc02).

Error - 12/12/2009 1:48:40 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 439
Description = wuauclt (2568) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1022.

Error - 12/12/2009 1:48:41 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 485
Description = wuauclt (1464) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 1392 (0x00000570): "The file or directory is corrupted
and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Error - 12/12/2009 1:48:41 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 490
Description = wuauclt (1464) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
for read / write access failed with system error 1392 (0x00000570): "The file or
directory is corrupted and unreadable. ". The open file operation will fail with
error -1022 (0xfffffc02).

Error - 12/12/2009 1:48:41 PM | Computer Name = PC136231091344 | Source = ESENT | ID = 439
Description = wuauclt (1464) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1022.

[ OSession Events ]
Error - 3/11/2008 10:43:23 PM | Computer Name = PC136231091344 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3068 seconds with 2160 seconds of active time. This session ended with a
crash.

Error - 4/23/2008 3:35:58 PM | Computer Name = PC136231091344 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 76 seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/30/2008 6:25:17 PM | Computer Name = PC136231091344 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 1798 seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/23/2009 12:31:16 PM | Computer Name = PC136231091344 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2774
seconds with 300 seconds of active time. This session ended with a crash.

Error - 12/5/2009 10:01:11 PM | Computer Name = PC136231091344 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 634
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/12/2009 3:54:56 AM | Computer Name = PC136231091344 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 12/12/2009 3:54:58 AM | Computer Name = PC136231091344 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Trend Micro AntiVirus
Protection Service service to connect.

Error - 12/12/2009 4:08:56 AM | Computer Name = PC136231091344 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/12/2009 12:40:45 PM | Computer Name = PC136231091344 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/12/2009 12:43:00 PM | Computer Name = PC136231091344 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/12/2009 12:43:01 PM | Computer Name = PC136231091344 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/12/2009 12:46:40 PM | Computer Name = PC136231091344 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 12/12/2009 12:47:14 PM | Computer Name = PC136231091344 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service COMSysApp with
arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}

Error - 12/12/2009 12:47:15 PM | Computer Name = PC136231091344 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the COM+ System Application
service to connect.

Error - 12/12/2009 12:47:15 PM | Computer Name = PC136231091344 | Source = Service Control Manager | ID = 7000
Description = The COM+ System Application service failed to start due to the following
error: %%1053


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:25 PM

Posted 12 December 2009 - 03:48 PM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 jackie1215

jackie1215
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 12 December 2009 - 04:24 PM

I was able to run the GMER scan after all this is the log and I will do that online scan as requested as well.


GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-12 15:18:21
Windows 5.1.2600 Service Pack 2
Running: l08mkeww.exe; Driver: C:\DOCUME~1\HP\LOCALS~1\Temp\fxlorkod.sys


---- System - GMER 1.0.15 ----

SSDT 85E90A78 ZwAlertResumeThread
SSDT 85639780 ZwAlertThread
SSDT 856176C8 ZwAllocateVirtualMemory
SSDT 85B3E6E0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEB34A020]
SSDT 855421A8 ZwCreateMutant
SSDT 856C76C8 ZwCreateThread
SSDT 85E932F0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEB34A2A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEB34A800]
SSDT 8594B628 ZwFreeVirtualMemory
SSDT 85E925D8 ZwImpersonateAnonymousToken
SSDT 85E92240 ZwImpersonateThread
SSDT 856C26C8 ZwMapViewOfSection
SSDT 85E92770 ZwOpenEvent
SSDT 8554C6B0 ZwOpenProcessToken
SSDT 85E92DC8 ZwOpenSection
SSDT 8590C628 ZwOpenThreadToken
SSDT 8550BE50 ZwResumeThread
SSDT 853FB208 ZwSetContextThread
SSDT 8588B628 ZwSetInformationProcess
SSDT 858E5628 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEB34AA50]
SSDT 85E92B08 ZwSuspendProcess
SSDT 85639748 ZwSuspendThread
SSDT 8554B380 ZwTerminateProcess
SSDT 85517180 ZwTerminateThread
SSDT 85FEC160 ZwUnmapViewOfSection
SSDT 85856628 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2BEC 80504458 8 Bytes JMP E3E7C4E2
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB0 8050481C 8 Bytes JMP E3E790A6
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC1 8050482D 7 Bytes [B3, 54, 85, 80, 71, 51, 85]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5B97360, 0x221BBD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1556] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00CD000A
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[2608] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2009-12-12 18:43:22
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextSqmReportTime 2009-12-12 18:43:22

---- Files - GMER 1.0.15 ----

File C:\Program Files\Common Files\Symantec Shared\EENGINE\{EF111819-74CB-40EE-BB16-2FEAB011D224}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{EF80620B-E208-4D7D-9E85-F2E3B97DC628}.results.dat 3860 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{EF80620B-E208-4D7D-9E85-F2E3B97DC628}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{EFD16F88-9C44-4903-AA95-510987BCF4DE}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{F03C45B1-6312-4C72-B1D4-52B36A52EC6D}.results.dat 262 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{5FF272E8-C08B-4729-9F54-0B4D3998FC8B}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{61100611-8760-43D7-9598-830B77C5C8A9}.results.dat 262 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{61100611-8760-43D7-9598-830B77C5C8A9}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{63AA8ED9-D2E4-4EFE-8FE4-8BE555E5CD2B}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{CB2D2D6F-AFD6-4317-ACB8-E10386F3687F}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{CE3788C3-4633-4CB1-B2F2-1FB6C909BD16}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{CE3788C3-4633-4CB1-B2F2-1FB6C909BD16}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{CEC18E78-2166-478B-88E7-8B05C4DBECDD}.results.dat 4422 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{B2F2980C-845F-4FD9-8EEF-9311DE44358C}.results.dat 1285 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{B2F2980C-845F-4FD9-8EEF-9311DE44358C}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{B6060308-F086-4A2D-9962-1E4850917CCD}.results.dat 683 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{B6060308-F086-4A2D-9962-1E4850917CCD}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{98120832-4ACC-4286-B7A2-9A22F978CAF9}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{9CBCB002-0D9A-441D-9A20-00071AAC5E95}.results.dat 1660 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{9CBCB002-0D9A-441D-9A20-00071AAC5E95}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{9E251052-ABFA-4392-8D45-3E3ABB95B56C}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{A1393805-8CE3-4796-B48A-B3FFCDF1A3B3}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{A1393805-8CE3-4796-B48A-B3FFCDF1A3B3}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{581AAF85-7362-47A9-80FD-E35808FC8719}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{5A0D72CD-A302-4741-AC7F-5C8ADD86AC43}.results.dat 10330 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{5A0D72CD-A302-4741-AC7F-5C8ADD86AC43}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{5A518F60-53FA-4CA1-BE20-C1880009220D}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{5A518F60-53FA-4CA1-BE20-C1880009220D}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{68ABD83D-9E06-4B87-A13B-1CAFC71819E6}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{DCD6C1A5-5896-4439-B74F-C149149FA8AF}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{E1116EA8-7249-4878-B12B-600390DAB0F2}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{3DBF062C-C5CF-4C35-BFB7-737DB29F7466}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{3FDCF442-0F54-4F65-BF6B-818A5B849572}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{3FDCF442-0F54-4F65-BF6B-818A5B849572}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{47E5C24B-ACB4-48BB-8916-173B8E80553E}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{49B1FF79-10B1-4DCD-AA64-D39DE46A31BB}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{4BAD1A42-8EA6-4E15-A942-8F38F0C3F796}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{B9C666E3-AD0C-47D3-B2FD-35CA53CBEE7E}.results.dat 1298 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{B9C666E3-AD0C-47D3-B2FD-35CA53CBEE7E}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{BCE6B93B-0AE5-419B-AE72-D2BD7200E73C}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{D85097D3-D2FC-4172-A665-519BCCB0CEB7}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{D91993BA-E204-42C7-BA7A-215F041D6E5E}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{D91993BA-E204-42C7-BA7A-215F041D6E5E}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{CA0E34F3-3EA1-471D-952D-5B274AEB6614}.results.dat 10080 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{CA0E34F3-3EA1-471D-952D-5B274AEB6614}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{CA37AE6C-B682-4E96-8B1D-50B32412F134}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{A27225AA-AC17-42DF-8EF8-B12DAD53F63D}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{A7A409BC-1E44-4B47-AA06-A1CE629EC4DD}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{AAB57F49-28FD-4075-9EBE-8C0C6ACC3DDD}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 371248 bytes <-- ROOTKIT !!!
File C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT 48 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{0151414E-E9AD-4007-B3DA-3BA3DDDC1D5E}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{021797F4-49C3-419E-B544-36B027774323}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{0368B4D6-6489-4B34-B733-A9AFCF099290}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{09A81631-6F8C-49BF-B274-C02ECB0CD7FD}.results.dat 13026 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{7365616F-F076-44FA-84D9-28ADAC11813D}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{742B6A8E-55BA-4660-BC9B-02CCE1680426}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{C0DBF9E2-783C-402A-9669-A66E29F8EE1A}.results.dat 39 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{C0DBF9E2-783C-402A-9669-A66E29F8EE1A}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{2A8D3E87-5DE4-4C8F-9430-6D0549C5F338}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{2B2CA111-EB59-4708-B7FB-4C7522DB6B61}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{2CCC6EF6-C3DB-43F0-B0EE-34F7C66A4E49}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{09A81631-6F8C-49BF-B274-C02ECB0CD7FD}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{321E23BF-745A-4DF1-AA08-F9077B065C92}.results.dat 2628 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{3453DFB3-8664-4E5C-980B-60EC8D2A711D}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{36AE7707-E39D-4B4F-BDE2-84C125738144}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{3ABE0527-8F9C-429C-A7C9-28F27258BAB9}.results.dat 49504 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{3ABE0527-8F9C-429C-A7C9-28F27258BAB9}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{AEBC2994-FC87-43C9-A6AF-3BCD9BBA1AF0}.results.dat 3801 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{B15948C1-B72B-40B6-A0CD-A24BAF00F3F9}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{B16580FC-990C-42D3-9C32-5AC1A1AF867F}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{86A83CED-27D7-47EC-9326-056CAEAAA7EB}.results.dat 262 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{87059D41-C12E-475D-96B2-AEA7F73C5A01}.results.dat 27038 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{87059D41-C12E-475D-96B2-AEA7F73C5A01}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{895F7843-71EC-46F6-ADB8-6F80C2E74A75}.results.dat 16384 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{895F7843-71EC-46F6-ADB8-6F80C2E74A75}.undo.dat 719 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{21B74FD0-C772-48DC-A598-0CF8DAFFBE30}.results.dat 0 bytes
File C:\Program Files\Common Files\Symantec Shared\EENGINE\{266BE368-98A3-4E0A-B9FC-16DDAC1BA8EE}.undo.dat 719 bytes

---- Services - GMER 1.0.15 ----

Service C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Eraser Control Driver/Symantec Corporation) [SYSTEM] eeCtrl <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

#6 jackie1215

jackie1215
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 12 December 2009 - 07:23 PM

I dont know if this is what you want for the log becasue this is all i could get I cannot get anyother type of log for the results. Let me know if this is right or wrong.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent18.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent48.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent8.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\HP\Desktop\TAV15.1\Setup\Program Files\Trend Micro\32bit\TAVTool.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\Documents and Settings\HP\Desktop\TAV15.1\Tools\TAVTool.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\Program Files\Trend Micro\AntiVirus 2007\TAVTool.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:25 PM

Posted 13 December 2009 - 10:58 AM

That's fine, but it's not showing any type of active infection. Actually none of your logs are.

What issues are you still having?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 jackie1215

jackie1215
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 13 December 2009 - 11:19 AM

I am still getting redirected to other websites when i so a search in any search engine.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:25 PM

Posted 13 December 2009 - 11:28 AM

Which browser are you using? Firefox or IE?
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 jackie1215

jackie1215
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 13 December 2009 - 11:56 AM

ok this is the log file. I also wanted to thank you for helping me, which i have not done. Oh and i am using IE.


Host Name: PC136231091344
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: HP
Registered Organization:
Product ID: 76487-OEM-0011903-00803
Original Install Date: 10/10/2007, 8:48:21 AM
System Up Time: 0 Days, 22 Hours, 13 Minutes, 12 Seconds
System Manufacturer: Hewlett-Packard
System Model: HP Pavilion dv2000 (RG408UA#ABA)
System type: X86-based PC
Processor(s): 2 Processor(s) Installed.
[01]: x86 Family 15 Model 72 Stepping 2 AuthenticAMD ~1607 Mhz
[02]: x86 Family 15 Model 72 Stepping 2 AuthenticAMD ~1607 Mhz
BIOS Version: HPQOEM - 6040000
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT-06:00) Central Time (US & Canada)
Total Physical Memory: 959 MB
Available Physical Memory: 374 MB
Virtual Memory: Max Size: 2,048 MB
Virtual Memory: Available: 2,004 MB
Virtual Memory: In Use: 44 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\PC136231091344
Hotfix(s): 459 Hotfix(s) Installed.
[01]: File 1
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: File 1
[64]: File 1
[65]: File 1
[66]: File 1
[67]: File 1
[68]: File 1
[69]: File 1
[70]: File 1
[71]: File 1
[72]: File 1
[73]: File 1
[74]: File 1
[75]: File 1
[76]: File 1
[77]: File 1
[78]: File 1
[79]: File 1
[80]: File 1
[81]: File 1
[82]: File 1
[83]: File 1
[84]: File 1
[85]: File 1
[86]: File 1
[87]: File 1
[88]: File 1
[89]: File 1
[90]: File 1
[91]: File 1
[92]: File 1
[93]: File 1
[94]: File 1
[95]: File 1
[96]: File 1
[97]: File 1
[98]: File 1
[99]: File 1
[100]: File 1
[101]: File 1
[102]: File 1
[103]: File 1
[104]: File 1
[105]: File 1
[106]: File 1
[107]: File 1
[108]: File 1
[109]: File 1
[110]: File 1
[111]: File 1
[112]: File 1
[113]: File 1
[114]: File 1
[115]: File 1
[116]: File 1
[117]: File 1
[118]: File 1
[119]: File 1
[120]: File 1
[121]: File 1
[122]: File 1
[123]: File 1
[124]: File 1
[125]: File 1
[126]: File 1
[127]: File 1
[128]: File 1
[129]: File 1
[130]: File 1
[131]: File 1
[132]: File 1
[133]: File 1
[134]: File 1
[135]: File 1
[136]: File 1
[137]: File 1
[138]: File 1
[139]: File 1
[140]: File 1
[141]: File 1
[142]: File 1
[143]: File 1
[144]: File 1
[145]: File 1
[146]: File 1
[147]: File 1
[148]: File 1
[149]: File 1
[150]: File 1
[151]: File 1
[152]: File 1
[153]: File 1
[154]: File 1
[155]: File 1
[156]: File 1
[157]: File 1
[158]: File 1
[159]: File 1
[160]: File 1
[161]: File 1
[162]: File 1
[163]: File 1
[164]: File 1
[165]: File 1
[166]: File 1
[167]: File 1
[168]: File 1
[169]: File 1
[170]: File 1
[171]: File 1
[172]: File 1
[173]: File 1
[174]: File 1
[175]: File 1
[176]: File 1
[177]: File 1
[178]: File 1
[179]: File 1
[180]: File 1
[181]: File 1
[182]: File 1
[183]: File 1
[184]: File 1
[185]: File 1
[186]: File 1
[187]: File 1
[188]: File 1
[189]: File 1
[190]: File 1
[191]: File 1
[192]: File 1
[193]: File 1
[194]: File 1
[195]: File 1
[196]: File 1
[197]: File 1
[198]: File 1
[199]: File 1
[200]: File 1
[201]: File 1
[202]: File 1
[203]: File 1
[204]: File 1
[205]: File 1
[206]: File 1
[207]: File 1
[208]: File 1
[209]: File 1
[210]: File 1
[211]: File 1
[212]: File 1
[213]: File 1
[214]: File 1
[215]: File 1
[216]: File 1
[217]: File 1
[218]: File 1
[219]: File 1
[220]: Q147222
[221]: KB930494 - QFE
[222]: KB953295 - QFE
[223]: M953297 - Update
[224]: S867460 - Update
[225]: KB900325 - Update
[226]: Q936181
[227]: Q954430
[228]: Q973688
[229]: KB923723 - Update
[230]: IDNMitigationAPIs - Update
[231]: NLSDownlevelMapping - Update
[232]: KB929399
[233]: KB952069_WM9
[234]: KB954155_WM9
[235]: KB968816_WM9
[236]: KB973540_WM9L
[237]: KB913800
[238]: KB926251
[239]: KB936782_WMP10
[240]: KB925398_WMP64
[241]: KB923689
[242]: KB941569
[243]: KB938127-IE7 - Update
[244]: KB944533-IE7 - Update
[245]: KB947864-IE7 - Update
[246]: KB950759-IE7 - Update
[247]: KB953838-IE7 - Update
[248]: KB956390-IE7 - Update
[249]: KB961260-IE7 - Update
[250]: KB963027-IE7 - Update
[251]: KB969897-IE7 - Update
[252]: KB972260-IE7 - Update
[253]: KB974455-IE7 - Update
[254]: KB976325-IE7 - Update
[255]: KB976749-IE7 - Update
[256]: KB873333 - Update
[257]: KB873339 - Update
[258]: KB883667 - Update
[259]: KB885250 - Update
[260]: KB885835 - Update
[261]: KB885836 - Update
[262]: KB885855 - Update
[263]: KB886185 - Update
[264]: KB887472 - Update
[265]: KB888113 - Update

NetWork Card(s): 3 NIC(s) Installed.
[01]: Broadcom 802.11b/g WLAN
Connection Name: Wireless Network Connection 2
DHCP Enabled: Yes
DHCP Server: 192.168.1.254
IP address(es)
[01]: 192.168.1.66
[02]: 1394 Net Adapter
Connection Name: 1394 Connection
DHCP Enabled: Yes
DHCP Server: N/A
IP address(es)
[03]: NVIDIA nForce Networking Controller
Connection Name: Local Area Connection
Status: Media disconnected
10:52:45:152 2588 ForceUnloadDriver: NtUnloadDriver error 2
10:52:45:168 2588 ForceUnloadDriver: NtUnloadDriver error 2
10:52:45:168 2588 ForceUnloadDriver: NtUnloadDriver error 2
10:52:45:183 2588 main: Driver KLMD successfully dropped
10:52:45:605 2588 main: Driver KLMD successfully loaded
10:52:45:605 2588
Scanning Registry ...
10:52:45:699 2588 ScanServices: Searching service UACd.sys
10:52:45:699 2588 ScanServices: Open/Create key error 2
10:52:45:699 2588 ScanServices: Searching service TDSSserv.sys
10:52:45:699 2588 ScanServices: Open/Create key error 2
10:52:45:699 2588 ScanServices: Searching service gaopdxserv.sys
10:52:45:699 2588 ScanServices: Open/Create key error 2
10:52:45:699 2588 ScanServices: Searching service gxvxcserv.sys
10:52:45:699 2588 ScanServices: Open/Create key error 2
10:52:45:699 2588 ScanServices: Searching service MSIVXserv.sys
10:52:45:699 2588 ScanServices: Open/Create key error 2
10:52:45:699 2588 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
10:52:46:121 2588 UnhookRegistry: Kernel local addr: E40000
10:52:46:152 2588 UnhookRegistry: KeServiceDescriptorTable addr: EC4700
10:52:46:230 2588 UnhookRegistry: KiServiceTable addr: E6D428
10:52:46:230 2588 UnhookRegistry: NtEnumerateKey service number (local): 47
10:52:46:230 2588 UnhookRegistry: NtEnumerateKey local addr: F8BDE2
10:52:46:246 2588 KLMD_OpenDevice: Trying to open KLMD device
10:52:46:246 2588 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
10:52:46:246 2588 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
10:52:46:246 2588 KLMD_ReadMem: Trying to ReadMemory 0x80500299[0x4]
10:52:46:246 2588 UnhookRegistry: NtEnumerateKey service number (kernel): 47
10:52:46:246 2588 KLMD_ReadMem: Trying to ReadMemory 0x80504544[0x4]
10:52:46:246 2588 UnhookRegistry: NtEnumerateKey real addr: 80622DE2
10:52:46:246 2588 UnhookRegistry: NtEnumerateKey calc addr: 80622DE2
10:52:46:246 2588 UnhookRegistry: No SDT hooks found on NtEnumerateKey
10:52:46:246 2588 KLMD_ReadMem: Trying to ReadMemory 0x80622DE2[0xA]
10:52:46:246 2588 UnhookRegistry: No splicing found on NtEnumerateKey
10:52:46:246 2588
Scanning Kernel memory ...
10:52:46:246 2588 KLMD_OpenDevice: Trying to open KLMD device
10:52:46:246 2588 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
10:52:46:246 2588 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
10:52:46:246 2588 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86243030
10:52:46:246 2588 DetectCureTDL3: KLMD_GetDeviceObjectList returned 9 DevObjects
10:52:46:246 2588 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: F8142C68
10:52:46:246 2588 KLMD_GetLowerDeviceObject: Trying to get lower device object for F8142C68
10:52:46:246 2588 KLMD_ReadMem: Trying to ReadMemory 0xF8142C68[0x38]
10:52:46:246 2588 DetectCureTDL3: DRIVER_OBJECT addr: 86243030
10:52:46:246 2588 KLMD_ReadMem: Trying to ReadMemory 0x86243030[0xA8]
10:52:46:246 2588 KLMD_ReadMem: Trying to ReadMemory 0xE1021B48[0x208]
10:52:46:246 2588 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:52:46:246 2588 DetectCureTDL3: IrpHandler (0) addr: F74EDC30
10:52:46:246 2588 DetectCureTDL3: IrpHandler (1) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (2) addr: F74EDC30
10:52:46:246 2588 DetectCureTDL3: IrpHandler (3) addr: F74E7D9B
10:52:46:246 2588 DetectCureTDL3: IrpHandler (4) addr: F74E7D9B
10:52:46:246 2588 DetectCureTDL3: IrpHandler (5) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (6) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (7) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (8) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (9) addr: F74E8366
10:52:46:246 2588 DetectCureTDL3: IrpHandler (10) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (11) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (12) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (13) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (14) addr: F74E844D
10:52:46:246 2588 DetectCureTDL3: IrpHandler (15) addr: F74EBFC3
10:52:46:246 2588 DetectCureTDL3: IrpHandler (16) addr: F74E8366
10:52:46:246 2588 DetectCureTDL3: IrpHandler (17) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (18) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (19) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (20) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (21) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (22) addr: F74E9EF3
10:52:46:246 2588 DetectCureTDL3: IrpHandler (23) addr: F74EEA24
10:52:46:246 2588 DetectCureTDL3: IrpHandler (24) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (25) addr: 804F4544
10:52:46:246 2588 DetectCureTDL3: IrpHandler (26) addr: 804F4544
10:52:46:246 2588 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
10:52:46:246 2588 KLMD_ReadMem: DeviceIoControl error 1
10:52:46:246 2588 TDL3_StartIoHookDetect: Unable to get StartIo handler code
10:52:46:246 2588 TDL3_FileDetect: Processing driver: Disk
10:52:46:246 2588 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
10:52:46:246 2588 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
10:52:46:246 2588 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
10:52:46:277 2588 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: F7C344C8
10:52:46:277 2588 KLMD_GetLowerDeviceObject: Trying to get lower device object for F7C344C8
10:52:46:277 2588 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: F7D44EA0
10:52:46:277 2588 KLMD_GetLowerDeviceObject: Trying to get lower device object for F7D44EA0
10:52:46:277 2588 KLMD_ReadMem: Trying to ReadMemory 0xF7D44EA0[0x38]
10:52:46:277 2588 DetectCureTDL3: DRIVER_OBJECT addr: FCFED828
10:52:46:277 2588 KLMD_ReadMem: Trying to ReadMemory 0xFCFED828[0xA8]
10:52:46:277 2588 KLMD_ReadMem: Trying to ReadMemory 0xE79092D0[0x208]
10:52:46:277 2588 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
10:52:46:277 2588 DetectCureTDL3: IrpHandler (0) addr: EE5C5218
10:52:46:277 2588 DetectCureTDL3: IrpHandler (1) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (2) addr: EE5C5218
10:52:46:277 2588 DetectCureTDL3: IrpHandler (3) addr: EE5C523C
10:52:46:277 2588 DetectCureTDL3: IrpHandler (4) addr: EE5C523C
10:52:46:277 2588 DetectCureTDL3: IrpHandler (5) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (6) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (7) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (8) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (9) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (10) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (11) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (12) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (13) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (14) addr: EE5C5180
10:52:46:277 2588 DetectCureTDL3: IrpHandler (15) addr: EE5C09E6
10:52:46:277 2588 DetectCureTDL3: IrpHandler (16) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (17) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (18) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (19) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (20) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (21) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (22) addr: EE5C45F0
10:52:46:277 2588 DetectCureTDL3: IrpHandler (23) addr: EE5C2A6E
10:52:46:277 2588 DetectCureTDL3: IrpHandler (24) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (25) addr: 804F4544
10:52:46:277 2588 DetectCureTDL3: IrpHandler (26) addr: 804F4544
10:52:46:277 2588 KLMD_ReadMem: Trying to ReadMemory 0xEE5C1F26[0x400]
10:52:46:277 2588 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
10:52:46:277 2588 TDL3_FileDetect: Processing driver: USBSTOR
10:52:46:277 2588 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\tsk_usbstor.sys, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\tsk_usbstor.sys
10:52:46:277 2588 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
10:52:46:277 2588 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
10:52:46:324 2588 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: F8093030
10:52:46:324 2588 KLMD_GetLowerDeviceObject: Trying to get lower device object for F8093030
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0xF8093030[0x38]
10:52:46:324 2588 DetectCureTDL3: DRIVER_OBJECT addr: 86243030
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0x86243030[0xA8]
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0xE1021B48[0x208]
10:52:46:324 2588 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:52:46:324 2588 DetectCureTDL3: IrpHandler (0) addr: F74EDC30
10:52:46:324 2588 DetectCureTDL3: IrpHandler (1) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (2) addr: F74EDC30
10:52:46:324 2588 DetectCureTDL3: IrpHandler (3) addr: F74E7D9B
10:52:46:324 2588 DetectCureTDL3: IrpHandler (4) addr: F74E7D9B
10:52:46:324 2588 DetectCureTDL3: IrpHandler (5) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (6) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (7) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (8) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (9) addr: F74E8366
10:52:46:324 2588 DetectCureTDL3: IrpHandler (10) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (11) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (12) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (13) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (14) addr: F74E844D
10:52:46:324 2588 DetectCureTDL3: IrpHandler (15) addr: F74EBFC3
10:52:46:324 2588 DetectCureTDL3: IrpHandler (16) addr: F74E8366
10:52:46:324 2588 DetectCureTDL3: IrpHandler (17) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (18) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (19) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (20) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (21) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (22) addr: F74E9EF3
10:52:46:324 2588 DetectCureTDL3: IrpHandler (23) addr: F74EEA24
10:52:46:324 2588 DetectCureTDL3: IrpHandler (24) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (25) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (26) addr: 804F4544
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
10:52:46:324 2588 KLMD_ReadMem: DeviceIoControl error 1
10:52:46:324 2588 TDL3_StartIoHookDetect: Unable to get StartIo handler code
10:52:46:324 2588 TDL3_FileDetect: Processing driver: Disk
10:52:46:324 2588 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
10:52:46:324 2588 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
10:52:46:324 2588 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
10:52:46:324 2588 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: F7F1AAB8
10:52:46:324 2588 KLMD_GetLowerDeviceObject: Trying to get lower device object for F7F1AAB8
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0xF7F1AAB8[0x38]
10:52:46:324 2588 DetectCureTDL3: DRIVER_OBJECT addr: 86243030
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0x86243030[0xA8]
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0xE1021B48[0x208]
10:52:46:324 2588 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:52:46:324 2588 DetectCureTDL3: IrpHandler (0) addr: F74EDC30
10:52:46:324 2588 DetectCureTDL3: IrpHandler (1) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (2) addr: F74EDC30
10:52:46:324 2588 DetectCureTDL3: IrpHandler (3) addr: F74E7D9B
10:52:46:324 2588 DetectCureTDL3: IrpHandler (4) addr: F74E7D9B
10:52:46:324 2588 DetectCureTDL3: IrpHandler (5) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (6) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (7) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (8) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (9) addr: F74E8366
10:52:46:324 2588 DetectCureTDL3: IrpHandler (10) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (11) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (12) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (13) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (14) addr: F74E844D
10:52:46:324 2588 DetectCureTDL3: IrpHandler (15) addr: F74EBFC3
10:52:46:324 2588 DetectCureTDL3: IrpHandler (16) addr: F74E8366
10:52:46:324 2588 DetectCureTDL3: IrpHandler (17) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (18) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (19) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (20) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (21) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (22) addr: F74E9EF3
10:52:46:324 2588 DetectCureTDL3: IrpHandler (23) addr: F74EEA24
10:52:46:324 2588 DetectCureTDL3: IrpHandler (24) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (25) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (26) addr: 804F4544
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
10:52:46:324 2588 KLMD_ReadMem: DeviceIoControl error 1
10:52:46:324 2588 TDL3_StartIoHookDetect: Unable to get StartIo handler code
10:52:46:324 2588 TDL3_FileDetect: Processing driver: Disk
10:52:46:324 2588 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
10:52:46:324 2588 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
10:52:46:324 2588 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
10:52:46:324 2588 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: F7C06800
10:52:46:324 2588 KLMD_GetLowerDeviceObject: Trying to get lower device object for F7C06800
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0xF7C06800[0x38]
10:52:46:324 2588 DetectCureTDL3: DRIVER_OBJECT addr: 86243030
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0x86243030[0xA8]
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0xE1021B48[0x208]
10:52:46:324 2588 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:52:46:324 2588 DetectCureTDL3: IrpHandler (0) addr: F74EDC30
10:52:46:324 2588 DetectCureTDL3: IrpHandler (1) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (2) addr: F74EDC30
10:52:46:324 2588 DetectCureTDL3: IrpHandler (3) addr: F74E7D9B
10:52:46:324 2588 DetectCureTDL3: IrpHandler (4) addr: F74E7D9B
10:52:46:324 2588 DetectCureTDL3: IrpHandler (5) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (6) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (7) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (8) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (9) addr: F74E8366
10:52:46:324 2588 DetectCureTDL3: IrpHandler (10) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (11) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (12) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (13) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (14) addr: F74E844D
10:52:46:324 2588 DetectCureTDL3: IrpHandler (15) addr: F74EBFC3
10:52:46:324 2588 DetectCureTDL3: IrpHandler (16) addr: F74E8366
10:52:46:324 2588 DetectCureTDL3: IrpHandler (17) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (18) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (19) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (20) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (21) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (22) addr: F74E9EF3
10:52:46:324 2588 DetectCureTDL3: IrpHandler (23) addr: F74EEA24
10:52:46:324 2588 DetectCureTDL3: IrpHandler (24) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (25) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (26) addr: 804F4544
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
10:52:46:324 2588 KLMD_ReadMem: DeviceIoControl error 1
10:52:46:324 2588 TDL3_StartIoHookDetect: Unable to get StartIo handler code
10:52:46:324 2588 TDL3_FileDetect: Processing driver: Disk
10:52:46:324 2588 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
10:52:46:324 2588 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
10:52:46:324 2588 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
10:52:46:324 2588 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 861EE030
10:52:46:324 2588 KLMD_GetLowerDeviceObject: Trying to get lower device object for 861EE030
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0x861EE030[0x38]
10:52:46:324 2588 DetectCureTDL3: DRIVER_OBJECT addr: 86243030
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0x86243030[0xA8]
10:52:46:324 2588 KLMD_ReadMem: Trying to ReadMemory 0xE1021B48[0x208]
10:52:46:324 2588 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:52:46:324 2588 DetectCureTDL3: IrpHandler (0) addr: F74EDC30
10:52:46:324 2588 DetectCureTDL3: IrpHandler (1) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (2) addr: F74EDC30
10:52:46:324 2588 DetectCureTDL3: IrpHandler (3) addr: F74E7D9B
10:52:46:324 2588 DetectCureTDL3: IrpHandler (4) addr: F74E7D9B
10:52:46:324 2588 DetectCureTDL3: IrpHandler (5) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (6) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (7) addr: 804F4544
10:52:46:324 2588 DetectCureTDL3: IrpHandler (8) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (9) addr: F74E8366
10:52:46:340 2588 DetectCureTDL3: IrpHandler (10) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (11) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (12) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (13) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (14) addr: F74E844D
10:52:46:340 2588 DetectCureTDL3: IrpHandler (15) addr: F74EBFC3
10:52:46:340 2588 DetectCureTDL3: IrpHandler (16) addr: F74E8366
10:52:46:340 2588 DetectCureTDL3: IrpHandler (17) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (18) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (19) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (20) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (21) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (22) addr: F74E9EF3
10:52:46:340 2588 DetectCureTDL3: IrpHandler (23) addr: F74EEA24
10:52:46:340 2588 DetectCureTDL3: IrpHandler (24) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (25) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (26) addr: 804F4544
10:52:46:340 2588 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
10:52:46:340 2588 KLMD_ReadMem: DeviceIoControl error 1
10:52:46:340 2588 TDL3_StartIoHookDetect: Unable to get StartIo handler code
10:52:46:340 2588 TDL3_FileDetect: Processing driver: Disk
10:52:46:340 2588 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
10:52:46:340 2588 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
10:52:46:340 2588 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
10:52:46:340 2588 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 86240C68
10:52:46:340 2588 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86240C68
10:52:46:340 2588 KLMD_ReadMem: Trying to ReadMemory 0x86240C68[0x38]
10:52:46:340 2588 DetectCureTDL3: DRIVER_OBJECT addr: 86243030
10:52:46:340 2588 KLMD_ReadMem: Trying to ReadMemory 0x86243030[0xA8]
10:52:46:340 2588 KLMD_ReadMem: Trying to ReadMemory 0xE1021B48[0x208]
10:52:46:340 2588 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:52:46:340 2588 DetectCureTDL3: IrpHandler (0) addr: F74EDC30
10:52:46:340 2588 DetectCureTDL3: IrpHandler (1) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (2) addr: F74EDC30
10:52:46:340 2588 DetectCureTDL3: IrpHandler (3) addr: F74E7D9B
10:52:46:340 2588 DetectCureTDL3: IrpHandler (4) addr: F74E7D9B
10:52:46:340 2588 DetectCureTDL3: IrpHandler (5) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (6) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (7) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (8) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (9) addr: F74E8366
10:52:46:340 2588 DetectCureTDL3: IrpHandler (10) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (11) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (12) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (13) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (14) addr: F74E844D
10:52:46:340 2588 DetectCureTDL3: IrpHandler (15) addr: F74EBFC3
10:52:46:340 2588 DetectCureTDL3: IrpHandler (16) addr: F74E8366
10:52:46:340 2588 DetectCureTDL3: IrpHandler (17) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (18) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (19) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (20) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (21) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (22) addr: F74E9EF3
10:52:46:340 2588 DetectCureTDL3: IrpHandler (23) addr: F74EEA24
10:52:46:340 2588 DetectCureTDL3: IrpHandler (24) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (25) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (26) addr: 804F4544
10:52:46:340 2588 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
10:52:46:340 2588 KLMD_ReadMem: DeviceIoControl error 1
10:52:46:340 2588 TDL3_StartIoHookDetect: Unable to get StartIo handler code
10:52:46:340 2588 TDL3_FileDetect: Processing driver: Disk
10:52:46:340 2588 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
10:52:46:340 2588 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
10:52:46:340 2588 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
10:52:46:340 2588 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 861AE9F0
10:52:46:340 2588 KLMD_GetLowerDeviceObject: Trying to get lower device object for 861AE9F0
10:52:46:340 2588 KLMD_ReadMem: Trying to ReadMemory 0x861AE9F0[0x38]
10:52:46:340 2588 DetectCureTDL3: DRIVER_OBJECT addr: 86243030
10:52:46:340 2588 KLMD_ReadMem: Trying to ReadMemory 0x86243030[0xA8]
10:52:46:340 2588 KLMD_ReadMem: Trying to ReadMemory 0xE1021B48[0x208]
10:52:46:340 2588 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:52:46:340 2588 DetectCureTDL3: IrpHandler (0) addr: F74EDC30
10:52:46:340 2588 DetectCureTDL3: IrpHandler (1) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (2) addr: F74EDC30
10:52:46:340 2588 DetectCureTDL3: IrpHandler (3) addr: F74E7D9B
10:52:46:340 2588 DetectCureTDL3: IrpHandler (4) addr: F74E7D9B
10:52:46:340 2588 DetectCureTDL3: IrpHandler (5) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (6) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (7) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (8) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (9) addr: F74E8366
10:52:46:340 2588 DetectCureTDL3: IrpHandler (10) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (11) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (12) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (13) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (14) addr: F74E844D
10:52:46:340 2588 DetectCureTDL3: IrpHandler (15) addr: F74EBFC3
10:52:46:340 2588 DetectCureTDL3: IrpHandler (16) addr: F74E8366
10:52:46:340 2588 DetectCureTDL3: IrpHandler (17) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (18) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (19) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (20) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (21) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (22) addr: F74E9EF3
10:52:46:340 2588 DetectCureTDL3: IrpHandler (23) addr: F74EEA24
10:52:46:340 2588 DetectCureTDL3: IrpHandler (24) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (25) addr: 804F4544
10:52:46:340 2588 DetectCureTDL3: IrpHandler (26) addr: 804F4544
10:52:46:340 2588 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
10:52:46:340 2588 KLMD_ReadMem: DeviceIoControl error 1
10:52:46:340 2588 TDL3_StartIoHookDetect: Unable to get StartIo handler code
10:52:46:340 2588 TDL3_FileDetect: Processing driver: Disk
10:52:46:340 2588 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
10:52:46:340 2588 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
10:52:46:340 2588 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
10:52:46:340 2588 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 8624DAB8
10:52:46:340 2588 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8624DAB8
10:52:46:340 2588 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 86178F18
10:52:46:340 2588 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86178F18
10:52:46:340 2588 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 861C4030
10:52:46:340 2588 KLMD_GetLowerDeviceObject: Trying to get lower device object for 861C4030
10:52:46:340 2588 KLMD_ReadMem: Trying to ReadMemory 0x861C4030[0x38]
10:52:46:340 2588 DetectCureTDL3: DRIVER_OBJECT addr: 8552E228
10:52:46:340 2588 KLMD_ReadMem: Trying to ReadMemory 0x8552E228[0xA8]
10:52:46:340 2588 KLMD_ReadMem: Trying to ReadMemory 0x862165D0[0x38]
10:52:46:340 2588 KLMD_ReadMem: Trying to ReadMemory 0x861BA670[0xA8]
10:52:46:340 2588 KLMD_ReadMem: Trying to ReadMemory 0xE1008A28[0x208]
10:52:46:340 2588 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvata, Driver Name: nvata
10:52:46:340 2588 DetectCureTDL3: IrpHandler (0) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (1) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (2) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (3) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (4) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (5) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (6) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (7) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (8) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (9) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (10) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (11) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (12) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (13) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (14) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (15) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (16) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (17) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (18) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (19) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (20) addr: 8618E618
10:52:46:340 2588 DetectCureTDL3: IrpHandler (21) addr: 8618E618
10:52:46:355 2588 DetectCureTDL3: IrpHandler (22) addr: 8618E618
10:52:46:355 2588 DetectCureTDL3: IrpHandler (23) addr: 8618E618
10:52:46:355 2588 DetectCureTDL3: IrpHandler (24) addr: 8618E618
10:52:46:355 2588 DetectCureTDL3: IrpHandler (25) addr: 8618E618
10:52:46:355 2588 DetectCureTDL3: IrpHandler (26) addr: 8618E618
10:52:46:355 2588 DetectCureTDL3: All IRP handlers pointed to one addr: 8618E618
10:52:46:355 2588 KLMD_ReadMem: Trying to ReadMemory 0x8618E618[0x400]
10:52:46:355 2588 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89
10:52:46:355 2588 Driver "nvata" Irp handler infected by TDSS rootkit ... 10:52:46:355 2588 KLMD_WriteMem: Trying to WriteMemory 0x8618E67D[0xD]
10:52:46:355 2588 cured
10:52:46:355 2588 KLMD_ReadMem: Trying to ReadMemory 0x8618E4BF[0x400]
10:52:46:355 2588 TDL3_StartIoHookDetect: CheckParameters: 7, FFDF0308, 334, 1
10:52:46:355 2588 Driver "nvata" StartIo handler infected by TDSS rootkit ... 10:52:46:355 2588 TDL3_StartIoHookCure: Number of patches 1
10:52:46:355 2588 KLMD_WriteMem: Trying to WriteMemory 0x8618E5B6[0x6]
10:52:46:355 2588 cured
10:52:46:355 2588 TDL3_FileDetect: Processing driver: nvata
10:52:46:355 2588 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\nvata.sys, C:\WINDOWS\system32\Drivers\tsk_nvata.sys, SYSTEM\CurrentControlSet\Services\nvata, system32\Drivers\tsk_nvata.sys
10:52:46:355 2588 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\nvata.sys
10:52:46:355 2588 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\nvata.sys
10:52:46:355 2588 File C:\WINDOWS\system32\drivers\nvata.sys infected by TDSS rootkit ... 10:52:46:355 2588 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\drivers\nvata.sys
10:52:46:355 2588 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\nvata.sys
10:52:46:355 2588 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\Drivers\tsk_nvata.sys
10:52:46:402 2588 TDL3_FileCure: Image path (system32\Drivers\tsk_nvata.sys) was set for service (SYSTEM\CurrentControlSet\Services\nvata)
10:52:46:402 2588 TDL3_FileCure: KLMD_PendCopyFileW (C:\WINDOWS\system32\Drivers\tsk_nvata.sys, C:\WINDOWS\system32\drivers\nvata.sys) success
10:52:46:402 2588 will be cured on next reboot
10:52:46:402 2588
Completed

Results:
10:52:46:402 2588 Infected objects in memory: 2
10:52:46:402 2588 Cured objects in memory: 2
10:52:46:402 2588 Infected objects on disk: 1
10:52:46:402 2588 Objects on disk cured on reboot: 1
10:52:46:402 2588 Objects on disk deleted on reboot: 0
10:52:46:402 2588 Registry nodes deleted on reboot: 0
10:52:46:402 2588

Edited by jackie1215, 13 December 2009 - 11:59 AM.


#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:25 PM

Posted 13 December 2009 - 12:00 PM

Aha, there it is. :(

How is your computer behaving now?
Are you still being redirected?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 jackie1215

jackie1215
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 13 December 2009 - 12:07 PM

yes still getting redirected :( Was I supposed to reboot though.

Edited by jackie1215, 13 December 2009 - 12:10 PM.


#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:25 PM

Posted 13 December 2009 - 01:00 PM

Yes, reboot.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 jackie1215

jackie1215
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 13 December 2009 - 01:06 PM

YAY!!!! ok i rebooted and everything seems fine does this mean it is fixed?

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:25 PM

Posted 13 December 2009 - 01:14 PM

That should be it. :(

It's time to clean up.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users