Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus in Firefox, Google Chrome


  • This topic is locked This topic is locked
27 replies to this topic

#1 spdrasr14

spdrasr14

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 15 January 2010 - 07:49 PM

Whenever I perform a Google search and click on a link I'm redirected to ad sites. Sometimes the address bar will popup with one and then will redirect again to a different ad site. I haven't noticed any pattern in the redirection or to any specific sites.

Obviously I have no idea how to fix it. I've tried reinstalling the browsers and running anti-spyware: Spybot, Malwarebytes, Spydoctor - though I'm too cheap to actually pay for the program, restarting the computer. It hasn't gone away.

Thank you in advance for your help. I've included and attached the requested information.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Laura S at 17:16:25.43 on Fri 01/15/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.65 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laura Shearer\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\laura shearer\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [TFncKy] TFncKy.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} - hxxp://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.amiglia.com/a/ImageUploader4.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lauras~1\applic~1\mozilla\firefox\profiles\bvjinsja.default\
FF - plugin: c:\documents and settings\laura shearer\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\laura shearer\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\laura shearer\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-14 207792]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-1-14 112592]
S3 DVC;USB DVC Svc;c:\windows\system32\drivers\DVC.sys [2007-3-13 38604]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-14 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-14 1141712]

=============== Created Last 30 ================

2010-01-15 15:51:35 0 d-----w- c:\program files\TrendMicro
2010-01-15 00:06:27 882 ----a-w- c:\windows\RegSDImport.xml
2010-01-15 00:06:27 880 ----a-w- c:\windows\RegISSImport.xml
2010-01-15 00:06:27 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-15 00:06:27 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-15 00:06:27 131 ----a-w- c:\windows\IDB.zip
2010-01-15 00:06:26 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-15 00:06:26 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-15 00:06:26 1152444 ----a-w- c:\windows\UDB.zip
2010-01-14 23:59:44 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-01-14 23:59:44 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-14 23:59:08 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-14 23:59:08 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-01-14 23:59:08 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-01-14 23:59:08 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-14 23:58:31 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-01-14 23:58:31 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-14 23:58:09 0 d-----w- c:\program files\common files\PC Tools
2010-01-14 23:58:06 0 d-----w- c:\program files\Spyware Doctor
2010-01-14 23:58:06 0 d-----w- c:\docume~1\lauras~1\applic~1\PC Tools
2010-01-14 23:58:06 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-01-14 22:17:13 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 22:17:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-13 00:15:35 230 ----a-w- c:\windows\system32\spupdsvc.inf
2010-01-07 18:29:39 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-06 17:55:03 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2010-01-13 04:07:15 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-07 23:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 05:04:25 668672 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll

============= FINISH: 17:17:53.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:40 AM

Posted 22 January 2010 - 07:51 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • GMER log

Please do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box.


Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 spdrasr14

spdrasr14
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 25 January 2010 - 12:03 AM

Hi! Thanks for responding! I'm still having the same Google search redirect and now, also, when my laptop screen goes black from power save or whatever I can't get it to come back on even though the computer is on - the screen stays black.

Here are the logs:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/29/2006 2:51:16 PM
System Uptime: 1/23/2010 8:25:00 PM (0 hours ago)

Motherboard: ATI | | SB450
Processor: Intel® Celeron® M processor 1.70GHz | U23 | 1691/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 51.904 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 37 GiB total, 4.22 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP905: 1/20/2010 6:18:06 PM - Software Distribution Service 3.0
RP906: 1/21/2010 3:46:07 AM - System Checkpoint
RP907: 1/22/2010 3:00:36 AM - Software Distribution Service 3.0
RP908: 1/23/2010 8:30:07 AM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite 2.1
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
Bonjour
BookSmart® 2.5.0 2.5.0
Canon Utilities PhotoStitch 3.1
CCleaner
CD/DVD Drive Acoustic Silencer
CutePDF Writer 2.7
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVC5.0 Driver
DVD-RAM Driver
eMusic Remote 1.0
Google Chrome
Google Gmail Notifier
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 4
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Move Media Player
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Music Rescue
Office 2003 Trial Assistant
PhotoStitch
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
Samsung Camcorder USB-D03 Capture Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Sibelius Scorch (ActiveX Only)
Skype web features
Skype™ 4.1
Sonic DLA
Sonic RecordNow!
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/20/2010 9:24:48 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'L' on the volume 'C2CAD972#4079#4fd3#A68D#AD34CC121074'. It has stopped monitoring the volume.
1/20/2010 6:17:40 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file '34F5CEB6.sys' on the volume 'C2CAD972#40 .. D34CC121074'. It has stopped monitoring the volume.
1/18/2010 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
1/18/2010 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
1/18/2010 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
1/18/2010 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
1/18/2010 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
1/18/2010 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
1/17/2010 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
1/17/2010 11:00:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
1/16/2010 9:00:01 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
1/16/2010 9:00:01 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
1/16/2010 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
1/16/2010 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
1/16/2010 8:00:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
1/16/2010 8:00:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
1/16/2010 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
1/16/2010 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
1/16/2010 7:00:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
1/16/2010 7:00:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
1/16/2010 6:46:37 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
1/16/2010 6:06:11 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/16/2010 6:02:52 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
1/16/2010 6:02:52 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/16/2010 6:00:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
1/16/2010 6:00:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
1/16/2010 6:00:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
1/16/2010 6:00:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
1/16/2010 5:00:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
1/16/2010 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
1/16/2010 5:00:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
1/16/2010 5:00:00 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
1/16/2010 4:00:04 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
1/16/2010 4:00:03 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
1/16/2010 4:00:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
1/16/2010 4:00:00 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
1/16/2010 3:00:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
1/16/2010 3:00:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
1/16/2010 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
1/16/2010 3:00:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
1/16/2010 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
1/16/2010 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
1/16/2010 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
1/16/2010 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
1/16/2010 12:34:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: General access denied error
1/16/2010 12:25:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
1/16/2010 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
1/16/2010 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
1/16/2010 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
1/16/2010 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
1/16/2010 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
1/16/2010 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
1/16/2010 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
1/16/2010 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402

==== End Of File ===========================


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-24 21:45:56
Windows 5.1.2600 Service Pack 2
Running: sm3t9z2y.exe; Driver: C:\DOCUME~1\LAURAS~1\LOCALS~1\Temp\uxldapow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[820] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00FA000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\Bonjour\mDNSResponder.exe[340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\Bonjour\mDNSResponder.exe[340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\system32\lsass.exe[612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\system32\lsass.exe[612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\System32\svchost.exe[964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\System32\svchost.exe[964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\system32\spoolsv.exe[1352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\system32\spoolsv.exe[1352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\Explorer.EXE[1940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\Explorer.EXE[1940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\Google\Gmail Notifier\gnotify.exe[2244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\Google\Gmail Notifier\gnotify.exe[2244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\System32\alg.exe[3740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\WINDOWS\System32\alg.exe[3740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \Driver\Kbdclass \Device\KeyboardClass0 [F7AC0DD8] \SystemRoot\system32\DRIVERS\kbdclass.sys[unknown section] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; SUB ESP, 0x18; MOV EAX, [EBP+0x8]}

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Kbdclass \Device\KeyboardClass1 [F7AC0DD8] \SystemRoot\system32\DRIVERS\kbdclass.sys[unknown section] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; SUB ESP, 0x18; MOV EAX, [EBP+0x8]}

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\Disk \GLOBAL??\C2CAD972#4079#4fd3#A68D#AD34CC121074 F7A82BDE
Device \FileSystem\Cdfs \Cdfs EFC44400
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.15 ----

Thread System [4:116] F7A8393A
---- Processes - GMER 1.0.15 ----

Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [148] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [340] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [612] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [820] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [920] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [964] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1108] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1160] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1352] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1444] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [1524] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1940] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Google\Gmail Notifier\gnotify.exe [2244] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [2328] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2368] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3740] 0x35670000

---- EOF - GMER 1.0.15 ----


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:40 AM

Posted 25 January 2010 - 05:21 AM

Hello spdrasr14,

We have a nasty and relatively new rootkit on board. Since our tools get constantly updated, at this point, we need to see what cleans it, and otherwise do it manually. But, please consider the following information first.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 spdrasr14

spdrasr14
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 25 January 2010 - 06:43 PM

Oh dang.

So...I installed ComboFix. It installed the Microsoft Recovery Console. When I said yes to scan it said it needed to restart. And now, my computer won't properly start up. I've tried Safe Mode I've started Start Windows Normally. It keeps failing.



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:40 AM

Posted 26 January 2010 - 04:17 AM

Ouch, thats not nice, lets see if we can find out what went wrong.

Please note that there are other ways to do this. I prefer the following because it will provide me with detailed information and will give me the opportunity to make a fix as well.

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 spdrasr14

spdrasr14
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 26 January 2010 - 06:59 PM

Ok, well that worked. I hope.

Here's the OTL.txt:

OTL logfile created on: 1/26/2010 4:45:56 PM - Run
OTLPE by OldTimer - Version 3.1.26.2 Folder = X:\Programs\OTLPE
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 242.00 Mb Available Physical Memory | 54.00% Memory free
366.00 Mb Paging File | 274.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.29 Gb Total Space | 52.41 Gb Free Space | 70.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 18:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 12:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/24 18:50:58 | 00,183,280 | ---- | M] (Google) [Auto] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 02:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/05 13:43:36 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/02 16:46:56 | 00,124,832 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/08/10 13:15:50 | 00,035,328 | ---- | M] (TOSHIBA Corp.) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/08/04 01:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/07/12 20:14:42 | 00,040,960 | ---- | M] () [Auto] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/07/08 02:13:14 | 00,036,864 | ---- | M] () [Auto] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/17 19:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 03:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2003/03/09 15:31:02 | 00,065,795 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/01/25 17:54:56 | 00,060,416 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Combo-Fix.sys -- (vkquwexg)
DRV - [2010/01/22 05:37:30 | 00,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.svs -- (atapi)
DRV - [2009/08/28 20:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 15:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/01/05 13:36:42 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/06/29 15:51:05 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/11/15 19:40:24 | 00,043,264 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/15 12:00:22 | 01,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/10 19:44:12 | 04,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/20 17:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/12 21:08:30 | 00,468,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/08/24 18:20:28 | 00,009,472 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/04 01:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/01 08:10:00 | 00,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 08:10:00 | 00,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 08:10:00 | 00,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 08:10:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 08:10:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 08:10:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 08:10:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/28 06:30:00 | 00,088,704 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/07/07 12:03:34 | 00,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 12:02:56 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/07/07 08:10:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/02 06:33:00 | 00,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/03/04 14:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/12 03:05:46 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/01/07 20:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/14 18:14:04 | 00,185,728 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/04 07:00:00 | 00,024,576 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 07:00:00 | 00,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/11 01:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/06/26 22:08:38 | 00,313,216 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2003/04/01 03:19:00 | 00,038,604 | ---- | M] (Your Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DVC.sys -- (DVC)
DRV - [2003/03/09 15:31:02 | 00,021,456 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 15:31:02 | 00,016,080 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 15:31:00 | 00,051,024 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/01/29 17:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 15:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/01 11:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 15:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Laura_Shearer_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Laura_Shearer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Components: C:\Program Files\eMusic Remote\xulrunner\components [2009/11/25 17:39:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Plugins: C:\Program Files\eMusic Remote\xulrunner\plugins [2009/11/25 17:39:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/14 16:58:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/14 16:58:22 | 00,000,000 | ---D | M]

[2010/01/25 17:41:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Laura_Shearer_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF18086.cfx File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\Laura_Shearer_ON_C..\Run: [Google Update] C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\Laura_Shearer_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Laura_Shearer_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [atapi] C:\ComboFix\SW_atapi.reg ()
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF18086.cfx File not found
O4 - HKLM..\RunOnce: [ComboFix_Pre] C:\ComboFix\Res.bat ()
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helper32.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\helper32.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab (Microsoft ProgressBar Control, version 5.0 (SP2))
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://www.ritzpix.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.amiglia.com/a/ImageUploader4.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/04 21:30:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 00,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/25 17:50:52 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/25 17:47:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/25 17:47:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/25 17:47:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/25 17:47:14 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/25 17:47:12 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010
[2010/01/25 17:46:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/25 17:46:37 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/25 17:46:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/15 10:51:35 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/14 17:17:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laura Shearer\Desktop\Spybot - Search & Destroy
[2010/01/14 17:17:13 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/12 20:56:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laura Shearer\My Documents\Old Test lessons
[2010/01/12 19:19:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laura Shearer\My Documents\Downloads
[2010/01/07 13:29:39 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/06 20:53:51 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Laura Shearer\Recent
[2010/01/06 12:55:03 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/05 12:53:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\PCHealth
[2005/11/04 21:59:49 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[3 C:\Documents and Settings\Laura Shearer\My Documents\*.tmp files -> C:\Documents and Settings\Laura Shearer\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/25 18:00:08 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Laura Shearer\NTUSER.DAT
[2010/01/25 18:00:08 | 00,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/01/25 18:00:08 | 00,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/01/25 18:00:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/25 17:59:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Laura Shearer\ntuser.ini
[2010/01/25 17:54:56 | 00,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2010/01/25 17:51:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/25 17:51:08 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/25 17:48:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/25 17:31:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/01/25 17:31:11 | 00,025,088 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/25 17:31:01 | 00,002,931 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/01/25 17:30:45 | 00,026,624 | ---- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/25 17:30:45 | 00,026,624 | ---- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010/01/25 17:21:42 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/25 17:20:58 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/25 17:20:16 | 46,791,4752 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/25 00:14:02 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1058438941-10897212-2865439465-1006UA.job
[2010/01/25 00:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/01/25 00:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/01/24 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/01/24 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/01/24 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/01/24 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/01/24 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/01/24 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/01/24 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/01/24 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/01/24 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/01/24 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/01/24 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/01/24 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/01/24 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/01/24 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/01/24 02:34:00 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/01/24 02:25:01 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/01/24 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/01/24 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/01/23 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/01/23 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/01/23 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/01/23 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/01/23 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/01/23 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/01/23 10:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/01/23 10:00:08 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/01/22 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/01/22 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/01/22 05:37:30 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/22 05:37:30 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.svs
[2010/01/21 21:51:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/21 19:14:05 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1058438941-10897212-2865439465-1006Core.job
[2010/01/21 19:00:04 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/01/21 19:00:03 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/01/21 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/01/21 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/01/21 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/01/21 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/01/21 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/01/21 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/01/21 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/01/21 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/01/21 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/01/21 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/01/21 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/01/21 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/01/21 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/01/21 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/01/21 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/01/21 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/01/20 11:24:44 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 11:24:44 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/15 10:59:41 | 00,002,457 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\HiJackThis.lnk
[2010/01/14 17:17:19 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\Spybot - Search & Destroy.lnk
[2010/01/14 05:06:47 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 19:30:31 | 00,012,496 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\My Documents\TP Memo.docx
[2010/01/12 19:15:35 | 00,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/01/12 19:11:34 | 00,002,355 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\Google Chrome.lnk
[2010/01/07 18:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 18:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 12:55:14 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\CCleaner.lnk
[2010/01/03 19:07:25 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\Christmas List.doc
[3 C:\Documents and Settings\Laura Shearer\My Documents\*.tmp files -> C:\Documents and Settings\Laura Shearer\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/25 17:54:56 | 00,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2010/01/25 17:51:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/25 17:51:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/25 17:50:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/25 17:47:14 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/25 17:47:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/25 17:47:14 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/25 17:47:14 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/25 17:47:14 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/25 17:31:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/01/25 17:31:11 | 00,025,088 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/25 17:31:01 | 00,002,931 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/01/25 17:30:55 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/25 17:30:55 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe
[2010/01/20 11:24:44 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 11:24:44 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/15 10:51:36 | 00,002,457 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Desktop\HiJackThis.lnk
[2010/01/14 17:17:19 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Desktop\Spybot - Search & Destroy.lnk
[2010/01/13 18:55:49 | 00,012,496 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\My Documents\TP Memo.docx
[2010/01/12 19:15:35 | 00,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/01/12 19:13:47 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 19:11:34 | 00,002,355 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Desktop\Google Chrome.lnk
[2010/01/12 19:09:42 | 00,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1058438941-10897212-2865439465-1006UA.job
[2010/01/12 19:09:40 | 00,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1058438941-10897212-2865439465-1006Core.job
[2010/01/06 12:55:12 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Desktop\CCleaner.lnk
[2009/10/13 12:17:53 | 00,014,938 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/05/01 22:00:29 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/02/02 21:55:15 | 00,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/12/11 13:27:24 | 00,401,503 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Application Data\com.kennettnet.MusicRescue4.Profiles.plist
[2008/12/11 12:53:22 | 00,152,468 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Application Data\com.kennettnet.MusicRescue4.plist
[2008/05/22 17:22:18 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 17:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/22 17:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 17:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/05/18 23:07:04 | 00,003,270 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Application Data\com.kennettnet.MusicRescue.plist
[2007/05/18 23:06:48 | 00,630,604 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Application Data\com.kennettnet.MusicRescueProfiles.plist
[2007/03/13 20:58:30 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SDVC03.drv
[2006/10/29 19:00:37 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2006/08/27 15:33:23 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/07/06 21:52:57 | 00,076,288 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/01 19:50:18 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/07/01 19:50:18 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/07/01 19:50:18 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/06/29 16:33:49 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/29 15:52:12 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\fusioncache.dat
[2005/12/21 20:04:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/30 18:16:05 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/11/30 18:16:05 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/11/30 18:16:05 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/11/30 18:16:05 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/11/29 17:52:15 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/11/29 17:22:08 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/11 17:12:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/07 12:00:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/07 11:27:47 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/11/04 23:07:42 | 00,000,272 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/04 23:03:51 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/04 23:03:51 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/04 23:03:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/04 23:03:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/04 23:03:51 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/04 23:03:51 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/04 22:31:32 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/11/04 22:27:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/11/04 21:59:49 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/11/04 21:26:52 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/04 19:56:25 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/24 18:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/08/03 17:58:34 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2003/03/09 15:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/02/26 17:47:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2002/12/19 09:23:21 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[1999/01/27 15:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 09:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/06/21 11:44:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\Aim
[2009/07/09 17:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\eMusic
[2006/08/08 21:02:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\InterVideo
[2006/06/29 18:33:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\toshiba
[2007/07/10 22:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\Viewpoint
[2010/01/24 02:25:01 | 00,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/01/23 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/01/23 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/01/23 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/01/21 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/01/21 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/01/21 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/01/21 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/01/21 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/01/21 19:00:03 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/01/24 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/01/24 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/01/24 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/01/24 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/01/24 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/01/25 00:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/01/24 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/01/24 02:34:00 | 00,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/01/24 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/01/24 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/01/24 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/01/22 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/01/24 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/01/21 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/01/21 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/01/21 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/01/23 10:00:08 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/01/23 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/01/23 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/01/23 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/01/21 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/01/21 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/01/21 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/01/24 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/01/21 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/01/21 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/01/21 19:00:04 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/01/24 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/01/24 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/01/24 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/01/24 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/01/25 00:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/01/24 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/01/22 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/01/21 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/01/21 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/01/21 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/01/23 10:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2006/10/30 09:12:50 | 00,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1153379896.job

========== Purity Check ==========


< End of report >


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:40 AM

Posted 27 January 2010 - 04:34 AM

Hello spdrasr14,
We need to run an OTL Fix
  1. Please reopen OTLPE.
  2. Copy and Paste the following code into the Custom scan/fix textbox. Do not include the word "Code" (make sure to copy all text, the codebox has a scrollbar down.)
    [codebox]
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi]
    "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
    52,00,49,00,56,00,45,00,52,00,53,00,5c,00,61,00,74,00,61,00,70,00,69,00,2e,\
    00,73,00,79,00,73,00,00,00

    :files
    c:\windows\system32\drivers\atapi.sys|c:\windows\servicepackfiles\i386\atapi.sys /replace

    :OTL
    FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Components: C:\Program Files\eMusic Remote\xulrunner\components [2009/11/25 17:39:58 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Plugins: C:\Program Files\eMusic Remote\xulrunner\plugins [2009/11/25 17:39:57 | 00,000,000 | ---D | M]
    O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe ()
    O4 - HKLM..\RunOnce: [atapi] C:\ComboFix\SW_atapi.reg ()
    [2010/01/25 17:31:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
    [2010/01/25 17:31:11 | 00,025,088 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
    [2010/01/25 17:31:01 | 00,002,931 | ---- | C] () -- C:\WINDOWS\System32\warning.html
    [2010/01/25 17:30:55 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\winlogon32.exe
    [2010/01/25 17:30:55 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\smss32.exe
    [2010/01/21 19:00:04 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
    [2010/01/21 19:00:03 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2010/01/21 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
    [2010/01/21 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2010/01/21 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
    [2010/01/21 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
    [2010/01/21 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
    [2010/01/21 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2010/01/21 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
    [2010/01/21 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
    [2010/01/21 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
    [2010/01/21 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
    [2010/01/21 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2010/01/21 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
    [2010/01/21 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2010/01/21 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
    [2010/01/21 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2010/01/21 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
    [2010/01/25 00:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
    [2010/01/25 00:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2010/01/24 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
    [2010/01/24 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2010/01/24 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
    [2010/01/24 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2010/01/24 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
    [2010/01/24 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2010/01/24 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
    [2010/01/24 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2010/01/24 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2010/01/24 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
    [2010/01/24 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2010/01/24 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
    [2010/01/24 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
    [2010/01/24 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2010/01/24 02:34:00 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
    [2010/01/24 02:25:01 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2010/01/24 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
    [2010/01/24 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2010/01/23 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
    [2010/01/23 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
    [2010/01/23 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
    [2010/01/23 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2010/01/23 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
    [2010/01/23 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2010/01/23 10:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
    [2010/01/23 10:00:08 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
    [2010/01/22 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
    [2010/01/22 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job

    :commands
    [emptytemp][/codebox]
  3. Push
Let me know if your computer boots afterwards.

Note, if your computer boots, Combofix will finish its run, let it run unhindered and post me the log. If your computer still does not boot, post me a new OTLPE log.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 spdrasr14

spdrasr14
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 27 January 2010 - 07:15 PM

So I copied the code, ran the fix and it still won't boot up from my hard drive. Here's the new OTL log:

OTL logfile created on: 1/27/2010 3:56:26 PM - Run
OTLPE by OldTimer - Version 3.1.26.2 Folder = X:\Programs\OTLPE
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 245.00 Mb Available Physical Memory | 55.00% Memory free
366.00 Mb Paging File | 275.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.29 Gb Total Space | 53.31 Gb Free Space | 71.76% Space Free | Partition Type: NTFS
Drive D: | 976.13 Mb Total Space | 408.30 Mb Free Space | 41.83% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 18:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 12:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/24 18:50:58 | 00,183,280 | ---- | M] (Google) [Auto] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 02:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/05 13:43:36 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/02 16:46:56 | 00,124,832 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/08/10 13:15:50 | 00,035,328 | ---- | M] (TOSHIBA Corp.) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/08/04 01:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/07/12 20:14:42 | 00,040,960 | ---- | M] () [Auto] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/07/08 02:13:14 | 00,036,864 | ---- | M] () [Auto] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/17 19:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 03:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2003/03/09 15:31:02 | 00,065,795 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/01/25 17:54:56 | 00,060,416 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Combo-Fix.sys -- (vkquwexg)
DRV - [2009/08/28 20:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 15:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/01/05 13:36:42 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/06/29 15:51:05 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/11/15 19:40:24 | 00,043,264 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/15 12:00:22 | 01,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/10 19:44:12 | 04,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/20 17:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/12 21:08:30 | 00,468,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/08/24 18:20:28 | 00,009,472 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/04 01:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/01 08:10:00 | 00,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 08:10:00 | 00,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 08:10:00 | 00,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 08:10:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 08:10:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 08:10:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 08:10:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/28 06:30:00 | 00,088,704 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/07/07 12:03:34 | 00,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 12:02:56 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/07/07 08:10:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/02 06:33:00 | 00,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/03/04 14:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/12 03:05:46 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/01/07 20:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/14 18:14:04 | 00,185,728 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/04 07:00:00 | 00,024,576 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 07:00:00 | 00,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/11 01:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/06/26 22:08:38 | 00,313,216 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2003/04/01 03:19:00 | 00,038,604 | ---- | M] (Your Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DVC.sys -- (DVC)
DRV - [2003/03/09 15:31:02 | 00,021,456 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 15:31:02 | 00,016,080 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 15:31:00 | 00,051,024 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/01/29 17:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 15:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/01 11:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 15:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Laura_Shearer_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Laura_Shearer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/14 16:58:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/14 16:58:22 | 00,000,000 | ---D | M]

[2010/01/25 17:41:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Laura_Shearer_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF18086.cfx File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\Laura_Shearer_ON_C..\Run: [Google Update] C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\Laura_Shearer_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Laura_Shearer_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF18086.cfx File not found
O4 - HKLM..\RunOnce: [ComboFix_Pre] C:\ComboFix\Res.bat ()
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helper32.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\helper32.dll File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab (Microsoft ProgressBar Control, version 5.0 (SP2))
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://www.ritzpix.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.amiglia.com/a/ImageUploader4.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/04 21:30:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 00,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/27 15:30:03 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/25 17:50:52 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/25 17:47:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/25 17:47:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/25 17:47:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/25 17:47:14 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/25 17:47:12 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010
[2010/01/25 17:46:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/25 17:46:37 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/25 17:46:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/15 10:51:35 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/14 17:17:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laura Shearer\Desktop\Spybot - Search & Destroy
[2010/01/14 17:17:13 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/12 20:56:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laura Shearer\My Documents\Old Test lessons
[2010/01/12 19:19:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laura Shearer\My Documents\Downloads
[2010/01/07 13:29:39 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/06 20:53:51 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Laura Shearer\Recent
[2010/01/06 12:55:03 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/05 12:53:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\PCHealth
[2005/11/04 21:59:49 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[3 C:\Documents and Settings\Laura Shearer\My Documents\*.tmp files -> C:\Documents and Settings\Laura Shearer\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/27 15:41:52 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Laura Shearer\NTUSER.DAT
[2010/01/25 18:00:08 | 00,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/01/25 18:00:08 | 00,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/01/25 18:00:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/25 17:59:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Laura Shearer\ntuser.ini
[2010/01/25 17:54:56 | 00,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2010/01/25 17:51:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/25 17:51:08 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/25 17:48:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/25 17:21:42 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/25 17:20:58 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/25 17:20:16 | 46,791,4752 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/25 00:14:02 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1058438941-10897212-2865439465-1006UA.job
[2010/01/22 05:37:30 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/22 05:37:30 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.svs
[2010/01/21 21:51:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/21 19:14:05 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1058438941-10897212-2865439465-1006Core.job
[2010/01/20 11:24:44 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 11:24:44 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/15 10:59:41 | 00,002,457 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\HiJackThis.lnk
[2010/01/14 17:17:19 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\Spybot - Search & Destroy.lnk
[2010/01/14 05:06:47 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 19:30:31 | 00,012,496 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\My Documents\TP Memo.docx
[2010/01/12 19:15:35 | 00,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/01/12 19:11:34 | 00,002,355 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\Google Chrome.lnk
[2010/01/07 18:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 18:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 12:55:14 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\CCleaner.lnk
[2010/01/03 19:07:25 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\Christmas List.doc
[3 C:\Documents and Settings\Laura Shearer\My Documents\*.tmp files -> C:\Documents and Settings\Laura Shearer\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/25 17:54:56 | 00,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2010/01/25 17:51:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/25 17:51:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/25 17:50:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/25 17:47:14 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/25 17:47:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/25 17:47:14 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/25 17:47:14 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/25 17:47:14 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/20 11:24:44 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 11:24:44 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/15 10:51:36 | 00,002,457 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Desktop\HiJackThis.lnk
[2010/01/14 17:17:19 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Desktop\Spybot - Search & Destroy.lnk
[2010/01/13 18:55:49 | 00,012,496 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\My Documents\TP Memo.docx
[2010/01/12 19:15:35 | 00,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/01/12 19:13:47 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 19:11:34 | 00,002,355 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Desktop\Google Chrome.lnk
[2010/01/12 19:09:42 | 00,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1058438941-10897212-2865439465-1006UA.job
[2010/01/12 19:09:40 | 00,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1058438941-10897212-2865439465-1006Core.job
[2010/01/06 12:55:12 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Desktop\CCleaner.lnk
[2009/10/13 12:17:53 | 00,014,938 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/05/01 22:00:29 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/02/02 21:55:15 | 00,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/12/11 13:27:24 | 00,401,503 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Application Data\com.kennettnet.MusicRescue4.Profiles.plist
[2008/12/11 12:53:22 | 00,152,468 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Application Data\com.kennettnet.MusicRescue4.plist
[2008/05/22 17:22:18 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 17:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/22 17:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 17:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/05/18 23:07:04 | 00,003,270 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Application Data\com.kennettnet.MusicRescue.plist
[2007/05/18 23:06:48 | 00,630,604 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Application Data\com.kennettnet.MusicRescueProfiles.plist
[2007/03/13 20:58:30 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SDVC03.drv
[2006/10/29 19:00:37 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2006/08/27 15:33:23 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/07/06 21:52:57 | 00,076,288 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/01 19:50:18 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/07/01 19:50:18 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/07/01 19:50:18 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/06/29 16:33:49 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/29 15:52:12 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\fusioncache.dat
[2005/12/21 20:04:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/30 18:16:05 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/11/30 18:16:05 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/11/30 18:16:05 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/11/30 18:16:05 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/11/29 17:52:15 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/11/29 17:22:08 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/11 17:12:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/07 12:00:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/07 11:27:47 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/11/04 23:07:42 | 00,000,272 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/04 23:03:51 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/04 23:03:51 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/04 23:03:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/04 23:03:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/04 23:03:51 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/04 23:03:51 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/04 22:31:32 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/11/04 22:27:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/11/04 21:59:49 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/11/04 21:26:52 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/04 19:56:25 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/24 18:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/08/03 17:58:34 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2003/03/09 15:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/02/26 17:47:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2002/12/19 09:23:21 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[1999/01/27 15:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 09:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/06/21 11:44:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\Aim
[2009/07/09 17:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\eMusic
[2006/08/08 21:02:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\InterVideo
[2006/06/29 18:33:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\toshiba
[2007/07/10 22:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\Viewpoint
[2006/10/30 09:12:50 | 00,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1153379896.job

========== Purity Check ==========


< End of report >


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:40 AM

Posted 28 January 2010 - 06:52 AM

Please paste the text in the codebox below into OTLPE and click Run Scan. Post me the log afterwards.
CODE
/md5start
atapi.sys
/md5stop

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 spdrasr14

spdrasr14
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 29 January 2010 - 12:40 PM

Oh dear, I hope everything is ok. Here's the new OTL log. I look forward to hearing from you Monday.

OTL logfile created on: 1/28/2010 6:08:35 PM - Run
OTLPE by OldTimer - Version 3.1.26.2 Folder = X:\Programs\OTLPE
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 219.00 Mb Available Physical Memory | 49.00% Memory free
366.00 Mb Paging File | 259.00 Mb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.29 Gb Total Space | 53.31 Gb Free Space | 71.76% Space Free | Partition Type: NTFS
Drive D: | 976.13 Mb Total Space | 408.22 Mb Free Space | 41.82% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 18:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 12:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/24 18:50:58 | 00,183,280 | ---- | M] (Google) [Auto] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 02:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/05 13:43:36 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/02 16:46:56 | 00,124,832 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/08/10 13:15:50 | 00,035,328 | ---- | M] (TOSHIBA Corp.) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/08/04 01:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/07/12 20:14:42 | 00,040,960 | ---- | M] () [Auto] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/07/08 02:13:14 | 00,036,864 | ---- | M] () [Auto] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/17 19:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 03:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2003/03/09 15:31:02 | 00,065,795 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/01/25 17:54:56 | 00,060,416 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Combo-Fix.sys -- (vkquwexg)
DRV - [2009/08/28 20:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 15:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/01/05 13:36:42 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/06/29 15:51:05 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/11/15 19:40:24 | 00,043,264 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/15 12:00:22 | 01,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/10 19:44:12 | 04,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/20 17:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/12 21:08:30 | 00,468,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/08/24 18:20:28 | 00,009,472 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/04 01:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/01 08:10:00 | 00,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 08:10:00 | 00,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 08:10:00 | 00,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 08:10:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 08:10:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 08:10:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 08:10:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/28 06:30:00 | 00,088,704 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/07/07 12:03:34 | 00,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 12:02:56 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/07/07 08:10:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/02 06:33:00 | 00,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/03/04 14:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/12 03:05:46 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/01/07 20:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/14 18:14:04 | 00,185,728 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/04 07:00:00 | 00,024,576 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 07:00:00 | 00,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/11 01:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/06/26 22:08:38 | 00,313,216 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2003/04/01 03:19:00 | 00,038,604 | ---- | M] (Your Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DVC.sys -- (DVC)
DRV - [2003/03/09 15:31:02 | 00,021,456 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 15:31:02 | 00,016,080 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 15:31:00 | 00,051,024 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/01/29 17:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 15:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/01 11:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 15:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Laura_Shearer_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Laura_Shearer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/14 16:58:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/14 16:58:22 | 00,000,000 | ---D | M]

[2010/01/25 17:41:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Laura_Shearer_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF18086.cfx File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\Laura_Shearer_ON_C..\Run: [Google Update] C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\Laura_Shearer_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Laura_Shearer_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF18086.cfx File not found
O4 - HKLM..\RunOnce: [ComboFix_Pre] C:\ComboFix\Res.bat ()
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Laura_Shearer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helper32.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\helper32.dll File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab (Microsoft ProgressBar Control, version 5.0 (SP2))
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://www.ritzpix.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.amiglia.com/a/ImageUploader4.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/04 21:30:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 00,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/27 15:30:03 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/25 17:50:52 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/25 17:47:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/25 17:47:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/25 17:47:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/25 17:47:14 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/25 17:47:12 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010
[2010/01/25 17:46:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/25 17:46:37 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/25 17:46:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/15 10:51:35 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/14 17:17:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laura Shearer\Desktop\Spybot - Search & Destroy
[2010/01/14 17:17:13 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/12 20:56:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laura Shearer\My Documents\Old Test lessons
[2010/01/12 19:19:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laura Shearer\My Documents\Downloads
[2010/01/07 13:29:39 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/06 20:53:51 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Laura Shearer\Recent
[2010/01/06 12:55:03 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/05 12:53:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\PCHealth
[2005/11/04 21:59:49 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[3 C:\Documents and Settings\Laura Shearer\My Documents\*.tmp files -> C:\Documents and Settings\Laura Shearer\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/27 16:05:34 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Laura Shearer\NTUSER.DAT
[2010/01/25 18:00:08 | 00,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/01/25 18:00:08 | 00,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/01/25 18:00:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/25 17:59:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Laura Shearer\ntuser.ini
[2010/01/25 17:54:56 | 00,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2010/01/25 17:51:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/25 17:51:08 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/25 17:48:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/25 17:21:42 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/25 17:20:58 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/25 17:20:16 | 46,791,4752 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/25 00:14:02 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1058438941-10897212-2865439465-1006UA.job
[2010/01/22 05:37:30 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/22 05:37:30 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.svs
[2010/01/21 21:51:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/21 19:14:05 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1058438941-10897212-2865439465-1006Core.job
[2010/01/20 11:24:44 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 11:24:44 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/15 10:59:41 | 00,002,457 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\HiJackThis.lnk
[2010/01/14 17:17:19 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\Spybot - Search & Destroy.lnk
[2010/01/14 05:06:47 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 19:30:31 | 00,012,496 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\My Documents\TP Memo.docx
[2010/01/12 19:15:35 | 00,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/01/12 19:11:34 | 00,002,355 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\Google Chrome.lnk
[2010/01/07 18:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 18:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 12:55:14 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\CCleaner.lnk
[2010/01/03 19:07:25 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Laura Shearer\Desktop\Christmas List.doc
[3 C:\Documents and Settings\Laura Shearer\My Documents\*.tmp files -> C:\Documents and Settings\Laura Shearer\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/25 17:54:56 | 00,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2010/01/25 17:51:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/25 17:51:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/25 17:50:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/25 17:47:14 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/25 17:47:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/25 17:47:14 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/25 17:47:14 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/25 17:47:14 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/20 11:24:44 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 11:24:44 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/15 10:51:36 | 00,002,457 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Desktop\HiJackThis.lnk
[2010/01/14 17:17:19 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Desktop\Spybot - Search & Destroy.lnk
[2010/01/13 18:55:49 | 00,012,496 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\My Documents\TP Memo.docx
[2010/01/12 19:15:35 | 00,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/01/12 19:13:47 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 19:11:34 | 00,002,355 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Desktop\Google Chrome.lnk
[2010/01/12 19:09:42 | 00,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1058438941-10897212-2865439465-1006UA.job
[2010/01/12 19:09:40 | 00,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1058438941-10897212-2865439465-1006Core.job
[2010/01/06 12:55:12 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Desktop\CCleaner.lnk
[2009/10/13 12:17:53 | 00,014,938 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/05/01 22:00:29 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/02/02 21:55:15 | 00,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/12/11 13:27:24 | 00,401,503 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Application Data\com.kennettnet.MusicRescue4.Profiles.plist
[2008/12/11 12:53:22 | 00,152,468 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Application Data\com.kennettnet.MusicRescue4.plist
[2008/05/22 17:22:18 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 17:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/22 17:19:46 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 17:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/05/18 23:07:04 | 00,003,270 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Application Data\com.kennettnet.MusicRescue.plist
[2007/05/18 23:06:48 | 00,630,604 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Application Data\com.kennettnet.MusicRescueProfiles.plist
[2007/03/13 20:58:30 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SDVC03.drv
[2006/10/29 19:00:37 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2006/08/27 15:33:23 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/07/06 21:52:57 | 00,076,288 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/01 19:50:18 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/07/01 19:50:18 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/07/01 19:50:18 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/06/29 16:33:49 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/29 15:52:12 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Laura Shearer\Local Settings\Application Data\fusioncache.dat
[2005/12/21 20:04:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/30 18:16:05 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/11/30 18:16:05 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/11/30 18:16:05 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/11/30 18:16:05 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/11/29 17:52:15 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/11/29 17:22:08 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/11 17:12:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/07 12:00:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/07 11:27:47 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/11/04 23:07:42 | 00,000,272 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/04 23:03:51 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/04 23:03:51 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/04 23:03:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/04 23:03:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/04 23:03:51 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/04 23:03:51 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/04 22:31:32 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/11/04 22:27:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/11/04 21:59:49 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/11/04 21:26:52 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/04 19:56:25 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/24 18:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/08/03 17:58:34 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2003/03/09 15:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/02/26 17:47:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2002/12/19 09:23:21 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[1999/01/27 15:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 09:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/06/21 11:44:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\Aim
[2009/07/09 17:31:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\eMusic
[2006/08/08 21:02:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\InterVideo
[2006/06/29 18:33:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\toshiba
[2007/07/10 22:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Laura Shearer\Application Data\Viewpoint
[2006/10/30 09:12:50 | 00,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1153379896.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2010/01/22 05:37:30 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\ComboFix\atapi.sys
[2010/01/22 05:37:30 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/01/22 05:37:30 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< End of report >


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:40 AM

Posted 02 February 2010 - 02:08 PM

Hello, my apologies for the delay, I just got back from the hospital where I spent a few days with my son.

Please paste the following fix in OTLPE and click Run Fix. Let me know if your computer boots afterwards.

[codebox]:files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys /replace[/codebox]
Note, make sure to copy all the text in the codebox!

Edited by elise025, 02 February 2010 - 02:09 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 spdrasr14

spdrasr14
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 03 February 2010 - 10:50 AM

Elise! Welcome back. I hope your son is ok.

I ran the fix, my computer still won't boot from the hard drive. I did notice on the blue screen of death something about a driver unloaded before cancelling pending processes. I don't know if that helps.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:40 AM

Posted 03 February 2010 - 11:09 AM

Yes, that certainly would help us smile.gif

We Need to Diagnose Your BlueScreen
  1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  2. Select "Disable Automatic Restart on System Failure", as shown here:
  3. When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 spdrasr14

spdrasr14
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 05 February 2010 - 12:04 AM

Sorry I didn't mention it earlier! whistling.gif

Here's what it said:

"The problem was caused by the following file: kbdclass.sys

Driver unloaded without cancelling pending operations.

STOP: 0X000000CE (0XF7A93BDE, 0X00000000, 0XF7A93BDE, 0X00000000)
kbdclass.sys"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users