Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirct


  • This topic is locked This topic is locked
14 replies to this topic

#1 albertoj

albertoj

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 09 February 2010 - 09:55 PM

Hi,
My laptop is infected. During google search it redirects me to some other undiserable website. I had Webroot as my antivirus. It expired on 7th Feb. Do not have another AV program.
Read Grinlers List and attached are the list from DDS.TXT and ATTAC.TXT and GMER scan.
Ihave disconnected the internet to prevent further harm and using another computer with transfering data on flash drive.
Did backup and defogger. Webroot had blocked DrConnection website. BASFND tries to install once shutting. Blocked by webroot.
Thanks for your help in advance.AJ

DDS (Ver_09-12-01.01) - NTFSx86
Run by Hassan Kassam at 18:56:26.79 on Tue 02/09/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1610 [GMT -6:00]

AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot AntiVirus with Spy Sweeper *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
FW: Webroot Desktop Firewall *enabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF50}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
svchost.exe
D:\Malware Programs\DDS Tool\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
BHO: MRI_DISABLED - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [dla] "c:\windows\system32\dla\tfswctrl.exe"
mRun: [BCMSMMSG] "c:\windows\BCMSMMSG.exe"
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [Webroot Desktop Firewall] "c:\program files\webroot\webroot desktop firewall\WDF.exe"
mRun: [KernelFaultCheck] "c:\windows\system32\dumprep.exe" 0 -k
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
mPolicies-system: EnableLUA = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190651549002
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2008-7-31 103304]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 WDFNet;Webroot Desktop Firewall network service;c:\program files\webroot\webroot desktop firewall\wdfsvc.exe [2008-7-31 353672]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-2-4 1201640]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2006-8-9 43024]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S4 {afsadrvic;{afsadrvic;c:\windows\system32\drivers\bthenum.sys [2008-8-16 17024]
S4 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-3-22 9728]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-4 24652]

=============== Created Last 30 ================

2010-02-10 00:53:49 0 ----a-w- c:\documents and settings\hassan kassam\defogger_reenable
2010-02-09 00:37:29 20 --sha-w- C:\ArcDeviceInfo
2010-02-09 00:36:54 94 ----a-w- c:\windows\MusicRip.ini
2010-01-29 16:06:20 0 d-sh--w- C:\$RECYCLE.BIN
2010-01-29 16:05:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Geek Squad
2010-01-29 16:05:27 262144 ---ha-w- c:\documents and settings\hassan kassam\ntuser.dat.LOG1
2010-01-29 16:05:27 0 ---ha-w- c:\documents and settings\hassan kassam\ntuser.dat.LOG2
2010-01-21 22:49:17 0 d-----w- c:\docume~1\hassan~1\applic~1\Malwarebytes
2010-01-21 22:49:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-21 22:49:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-21 22:48:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-21 22:48:55 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-21 22:34:32 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-21 22:34:10 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-21 22:34:10 0 d-----w- c:\docume~1\hassan~1\applic~1\SUPERAntiSpyware.com
2010-01-21 22:33:01 0 d-----w- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2010-01-29 16:20:45 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-12-14 23:19:53 44051 ----a-w- c:\windows\system32\nvModes.dat
2009-11-21 15:51:04 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2006-07-20 23:59:29 447961 -c--a-w- c:\program files\CXInstall.exe
2005-05-26 19:35:42 1422 -c--a-w- c:\program files\ReadMe.txt
2005-01-17 19:16:03 4466776 -c--a-w- c:\program files\Install_AIM.exe
2005-01-17 19:10:43 203061 -c--a-w- c:\program files\AIM+Setup.exe

============= FINISH: 18:57:41.99 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:32 AM

Posted 10 February 2010 - 09:05 AM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  • Click the "Run Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 albertoj

albertoj
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 10 February 2010 - 01:12 PM

Thanks for your reply Sam,

Started my computer and webroot firewall came on screen and had blocked several incoming packets. I cannot connect to internet, the bar at the bottom shows I have connection.
While shutting webroot firewall kicks in showing BASFND trying to install "to allow" or "block".

Here are the two logs.

OTL Extras logfile created on: 2/10/2010 11:37:50 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = D:\Malware Programs\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2047 2247 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.34 Gb Total Space | 12.43 Gb Free Space | 23.76% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 1.81 Gb Free Space | 97.15% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DFGPNS51
Current User Name: Hassan Kassam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:DCOM(135)
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\NetViewer\NetViewer16ch.exe" = C:\Program Files\NetViewer\NetViewer16ch.exe:*:Disabled:Network Viewer -- ()
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Hassan Kassam\Local Settings\Temp\RarSFX0\netviewer16ch.exe" = C:\Documents and Settings\Hassan Kassam\Local Settings\Temp\RarSFX0\netviewer16ch.exe:*:Disabled:Network Viewer -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper
"{20227921-DB38-4810-9162-DDC6FCA936E7}" = Dell Home Systems Services Agreement
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22FB6750-ADDF-4726-B67F-6901E1991033}" = Nero 7 Ultra Edition
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4B0A96C1-2C2D-4C84-81B0-B87EB2522837}" = Sony Sound Forge 7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F6A91D-46D4-4919-ABE6-55BD17DEB039}" = Quick Movie Magic 1.0E
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{703C4409-D597-433A-9B17-E411D9236451}" = Button Manager v1.874
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7723A0B8-23A2-454B-8831-99965558AECD}" = Documents To Go
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F2EAC76-8BC7-473F-9E2D-3373FD693797}" = Webroot Desktop Firewall
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006 with GPS Locator
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{93356AC9-C222-4547-B743-FF1903ACCE04}" = Sprint PCS Connection Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9811A185-3D3D-11D6-9E14-00036D172B00}" = Adobe MPEG Encoder
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3A1A5F0-0B94-4E69-B3E1-92F25E31BEE9}" = H264 Codecs
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK EASYSHARE 5000 Series All-in-One Software
"{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{E07C71A6-1576-4F7F-8856-B1C439E669AC}" = MotionDV STUDIO 5.6E LE for DV
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EB866374-B705-4749-83D9-997AC77146B3}" = LGUsbDriver
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F9E3CA72-816F-3905-898C-3962A49F666A}" = Cooliris for Internet Explorer
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"3G_1.2" = JumpStart 3rd Grade v1.2
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Premiere 6.5" = Adobe Premiere 6.5
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Utility
"CCleaner" = CCleaner
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ffdshow" = ffdshow
"Flash Movie Player" = Flash Movie Player 1.4
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"JumpStart Explorers" = JumpStart Explorers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"NetViewer_is1" = NetViewer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"Shockwave" = Shockwave
"TCEssentials" = TC Native Essentials 2.02
"TTM70" = Talk to Me
"Verizon Online DSL_is1" = Verizon Online DSL
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"x264 Revision 534 x264.nl" = x264 Revision 534 x264.nl (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1485263070-421634387-1372097788-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/3/2009 4:53:43 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 11/4/2009 1:26:57 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 11/4/2009 8:57:33 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module unknown, version 0.0.0.0, fault address 0x61eb77e0.

Error - 11/19/2009 4:07:38 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 11/24/2009 6:14:27 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/21/2010 6:49:46 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/22/2010 12:33:59 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/22/2010 12:43:51 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/22/2010 1:22:44 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/23/2010 8:03:55 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 2/10/2010 1:35:35 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:36:40 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:37:45 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:38:50 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:39:55 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:41:00 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:42:05 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:43:10 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:44:15 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:45:20 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >


OTL logfile created on: 2/10/2010 11:37:50 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = D:\Malware Programs\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2047 2247 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.34 Gb Total Space | 12.43 Gb Free Space | 23.76% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 1.81 Gb Free Space | 97.15% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DFGPNS51
Current User Name: Hassan Kassam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/10 11:44:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\Malware Programs\OTL\OTL.exe
PRC - [2010/01/20 19:54:51 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SSU.exe
PRC - [2008/07/31 14:19:40 | 000,353,672 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
PRC - [2008/07/31 14:19:38 | 002,401,672 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2004/10/26 12:01:00 | 000,127,044 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2004/03/15 00:04:00 | 000,122,933 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2004/02/23 10:56:04 | 000,561,152 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
PRC - [2004/02/20 15:14:04 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
PRC - [2004/02/02 14:32:16 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2003/08/29 04:59:24 | 000,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2003/02/26 10:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 11:44:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\Malware Programs\OTL\OTL.exe
MOD - [2008/07/31 14:19:40 | 000,173,448 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\SYSTEM32\wdfproc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NBService)
SRV - [2010/01/20 19:54:51 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/07/31 14:19:40 | 000,353,672 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe -- (WDFNet)
SRV - [2008/01/22 09:13:26 | 000,275,752 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/09/26 13:41:56 | 000,503,608 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/09/06 12:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/03/22 18:04:18 | 000,009,728 | ---- | M] (SDSD) [Disabled | Stopped] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/30 18:09:40 | 000,138,168 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/01/25 10:17:04 | 000,135,168 | ---- | M] (Sprint Spectrum, L.L.C) [Disabled | Stopped] -- C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe -- (Sprint PCS v3 Utility Service)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/11/01 15:16:55 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2004/10/26 12:01:00 | 000,127,044 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2004/02/20 15:14:04 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (WLTRYSVC)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/11/27 05:30:30 | 000,065,536 | R--- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/01/29 10:20:45 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/09/15 11:42:48 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/15 11:42:46 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/15 11:42:44 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/07/31 14:19:46 | 000,103,304 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwipf6.sys -- (pwipf6)
DRV - [2008/04/13 12:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 12:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/10/01 15:24:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys -- (SSKBFD)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/18 03:00:00 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/19 13:44:04 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/01/06 11:44:46 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2005/09/02 15:06:35 | 000,042,240 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2plms.sys -- (ser2plms)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2004/10/26 12:01:00 | 002,830,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/10/08 23:38:48 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/06/22 08:05:12 | 000,051,088 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hpzid412.sys -- (HPZid412)
DRV - [2004/06/22 08:05:12 | 000,021,744 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - [2004/06/22 08:05:12 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - [2004/05/12 19:30:14 | 000,258,704 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/03/15 00:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/15 00:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/15 00:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/15 00:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/15 00:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/15 00:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/15 00:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/15 00:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/15 00:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/02/27 01:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/02/20 15:13:50 | 000,312,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/02/13 02:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 18:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 18:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/21 18:25:52 | 000,094,600 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/06/02 07:02:42 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/15 17:03:34 | 000,043,024 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgatbus.sys -- (lgatbus) LG USB Composite Device driver (WDM)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1485263070-421634387-1372097788-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1485263070-421634387-1372097788-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1485263070-421634387-1372097788-1006\S-1-5-21-1485263070-421634387-1372097788-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/01/24 15:03:20 | 000,000,707 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-1485263070-421634387-1372097788-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1485263070-421634387-1372097788-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-1485263070-421634387-1372097788-1006\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [Webroot Desktop Firewall] C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe (Webroot Software Inc (www.webroot.com))
O4 - HKU\S-1-5-21-1485263070-421634387-1372097788-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1485263070-421634387-1372097788-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1190651549002 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/shock...h/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab (Reg Error: Value error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (IO SHARED\DLLSHARED) - File not found
O30 - LSA: Security Packages - (settings..) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ba11c2f0-210e-11db-8a1d-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ba11c2f0-210e-11db-8a1d-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba11c2f0-210e-11db-8a1d-00038a000015}\Shell\AutoRun\command - "" = E:\cd1run.exe -- File not found
O33 - MountPoints2\{ba11c2f0-210e-11db-8a1d-00038a000015}\Shell\launchMP\command - "" = E:\Setup_ST.exe -- File not found
O33 - MountPoints2\{ba11c2f0-210e-11db-8a1d-00038a000015}\Shell\launchpc\command - "" = E:\pStreets\PocketPC\Setup.exe -- File not found
O33 - MountPoints2\{ba11c2f0-210e-11db-8a1d-00038a000015}\Shell\launchsp\command - "" = E:\pStreets\SmartPhn\Setup.exe -- File not found
O33 - MountPoints2\{ba11c2f0-210e-11db-8a1d-00038a000015}\Shell\readit\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008/04/13 18:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/10/08 23:04:16 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (58831663156690944)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/29 17:22:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Hassan Kassam\Recent
[2010/01/29 10:06:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/29 10:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2010/01/21 16:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hassan Kassam\Application Data\Malwarebytes
[2010/01/21 16:49:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/21 16:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/21 16:48:56 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/21 16:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/21 16:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/21 16:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hassan Kassam\Application Data\SUPERAntiSpyware.com
[2010/01/21 16:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/21 16:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/09/04 09:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/04/26 18:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SDSD
[2008/04/26 18:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SDSD
[2008/03/04 13:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\SDSD
[2008/03/04 13:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SDSD
[2007/10/17 22:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/26 16:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Webroot
[2007/02/08 17:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2007/01/23 16:08:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/01/23 14:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/07/20 17:59:28 | 000,447,961 | ---- | C] (CodecX Technologies Incorporated ) -- C:\Program Files\CXInstall.exe
[2005/12/26 19:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/02/11 20:37:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/11/02 14:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec

========== Files - Modified Within 30 Days ==========

[2010/02/10 11:16:49 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/10 11:16:48 | 000,044,051 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/02/10 11:16:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/10 11:16:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/10 11:16:39 | 2146,742,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/09 20:55:01 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Hassan Kassam\NTUSER.DAT
[2010/02/09 20:55:01 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Hassan Kassam\NTUSER.INI
[2010/02/09 18:53:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\defogger_reenable
[2010/02/08 18:37:29 | 000,000,020 | -HS- | M] () -- C:\ArcDeviceInfo
[2010/02/08 18:36:54 | 000,000,094 | ---- | M] () -- C:\WINDOWS\MusicRip.ini
[2010/02/08 18:26:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/01 19:18:44 | 000,001,610 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L03A4999E9A394C71890D49E0F5DCB224.job
[2010/01/29 10:20:45 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2010/01/24 15:03:20 | 000,000,707 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/01/23 17:55:18 | 000,001,484 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeperFullSweep.job
[2010/01/21 15:21:05 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\My Documents\cc_20100121_152045.reg
[2010/01/20 19:54:51 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus.lnk
[2010/01/20 19:53:10 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2010/01/20 17:15:39 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\Desktop\Microsoft Office Excel 2003.lnk
[2010/01/19 14:25:22 | 000,668,011 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\My Documents\AddaBeadPoster2.jpg
[2010/01/19 14:25:02 | 000,643,096 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\My Documents\AddaBeadPoster1.jpg
[2010/01/19 12:05:04 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\Desktop\Microsoft Office Word 2003.lnk
[2010/01/18 19:05:26 | 000,711,362 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\My Documents\CharmBletss.jpg
[2010/01/16 13:12:40 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\My Documents\aDDAdEADpRICE.xls
[2010/01/12 13:37:58 | 000,051,878 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\Desktop\AFC2F3C0-5B0C-43FD-AA08-BE5FC1B36793[1].pdf

========== Files Created - No Company Name ==========

[2010/02/09 18:53:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\defogger_reenable
[2010/02/08 18:37:29 | 000,000,020 | -HS- | C] () -- C:\ArcDeviceInfo
[2010/02/08 18:36:54 | 000,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini
[2010/01/23 17:52:29 | 2146,742,272 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/21 15:21:01 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\My Documents\cc_20100121_152045.reg
[2010/01/20 19:54:51 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus.lnk
[2010/01/19 14:25:20 | 000,668,011 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\My Documents\AddaBeadPoster2.jpg
[2010/01/19 14:24:57 | 000,643,096 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\My Documents\AddaBeadPoster1.jpg
[2010/01/18 19:05:21 | 000,711,362 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\My Documents\CharmBletss.jpg
[2010/01/16 13:12:40 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\My Documents\aDDAdEADpRICE.xls
[2010/01/12 13:37:58 | 000,051,878 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Desktop\AFC2F3C0-5B0C-43FD-AA08-BE5FC1B36793[1].pdf
[2009/11/30 19:52:03 | 000,001,352 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/06/21 12:26:33 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2009/06/21 12:26:33 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2009/06/21 12:26:27 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2009/05/08 09:53:29 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/04/15 13:55:12 | 002,545,152 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Local Settings\Application Data\cooliris-win-ie-release-1.10.0.24532.en-US.msi
[2008/11/13 18:55:09 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Application Data\$_hpcst$.hpc
[2008/09/03 17:24:29 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/06/26 15:22:19 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/17 17:40:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NetViewer16ch_iplog.ini
[2008/05/12 19:12:21 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2008/04/23 17:22:55 | 000,001,422 | ---- | C] () -- C:\Program Files\ReadMe.txt
[2008/03/04 17:57:53 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/01/19 19:43:06 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2008/01/17 21:19:45 | 000,003,840 | ---- | C] () -- C:\WINDOWS\DellBIOS.Sys
[2007/07/23 13:20:14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/01/16 00:00:45 | 000,579,602 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/11/21 15:48:53 | 000,000,160 | ---- | C] () -- C:\WINDOWS\DMmvHost.ini
[2006/11/21 15:42:46 | 000,000,125 | ---- | C] () -- C:\WINDOWS\multiview.ini
[2006/11/21 15:27:09 | 000,000,393 | ---- | C] () -- C:\WINDOWS\NetViewer16ch.INI
[2006/09/01 14:06:16 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Application Data\dvd.bmk
[2006/08/29 12:27:39 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/26 20:46:35 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Local Settings\Application Data\fusioncache.dat
[2006/05/22 05:47:24 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/05/21 15:56:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/02/15 15:06:11 | 000,001,996 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Application Data\AdobeDLM.log
[2006/02/15 15:06:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Application Data\dm.ini
[2006/01/17 08:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/06 12:12:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/12/26 15:22:55 | 000,000,081 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/12/26 15:22:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/10/29 16:52:41 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/14 16:11:17 | 000,000,390 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/08/14 16:10:10 | 000,000,047 | ---- | C] () -- C:\WINDOWS\firstgrd.ini
[2005/08/13 19:19:07 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/08/13 19:19:04 | 000,000,361 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/01/17 13:15:58 | 004,466,776 | ---- | C] () -- C:\Program Files\Install_AIM.exe
[2005/01/17 13:10:28 | 000,203,061 | ---- | C] () -- C:\Program Files\AIM+Setup.exe
[2004/11/01 14:26:42 | 000,000,669 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/11/01 14:05:12 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/08 23:52:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/08 23:34:49 | 000,000,187 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/08 23:07:26 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 12:13:12 | 000,000,884 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 04:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003637_.tmp.dll
[2004/08/04 04:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003605_.tmp.dll
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/26 15:21:39 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/08/16 19:25:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/08/16 19:25:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/08/16 19:25:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/08/16 19:25:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2010/01/29 10:20:45 | 000,096,512 | ---- | M] () MD5=E96692226878B0CC075EFD8CC1991218 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 18:11:53 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\expsrv.dll
[2008/07/31 14:19:40 | 000,173,448 | ---- | M] (Webroot Software Inc (www.webroot.com)) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\wdfproc.dll
[2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\wrLZMA.dll

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Hassan Kassam\Desktop\Insuring:SummaryInformation
< End of report >


#4 albertoj

albertoj
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 10 February 2010 - 01:15 PM

Thanks for your reply Sam,

Started my computer and webroot firewall came on screen and had blocked several incoming packets. I cannot connect to internet, the bar at the bottom shows I have connection.
While shutting webroot firewall kicks in showing BASFND trying to install "to allow" or "block".

Here are the two logs.

OTL Extras logfile created on: 2/10/2010 11:37:50 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = D:\Malware Programs\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2047 2247 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.34 Gb Total Space | 12.43 Gb Free Space | 23.76% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 1.81 Gb Free Space | 97.15% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DFGPNS51
Current User Name: Hassan Kassam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:DCOM(135)
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\NetViewer\NetViewer16ch.exe" = C:\Program Files\NetViewer\NetViewer16ch.exe:*:Disabled:Network Viewer -- ()
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Hassan Kassam\Local Settings\Temp\RarSFX0\netviewer16ch.exe" = C:\Documents and Settings\Hassan Kassam\Local Settings\Temp\RarSFX0\netviewer16ch.exe:*:Disabled:Network Viewer -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper
"{20227921-DB38-4810-9162-DDC6FCA936E7}" = Dell Home Systems Services Agreement
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22FB6750-ADDF-4726-B67F-6901E1991033}" = Nero 7 Ultra Edition
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4B0A96C1-2C2D-4C84-81B0-B87EB2522837}" = Sony Sound Forge 7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F6A91D-46D4-4919-ABE6-55BD17DEB039}" = Quick Movie Magic 1.0E
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{703C4409-D597-433A-9B17-E411D9236451}" = Button Manager v1.874
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7723A0B8-23A2-454B-8831-99965558AECD}" = Documents To Go
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F2EAC76-8BC7-473F-9E2D-3373FD693797}" = Webroot Desktop Firewall
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006 with GPS Locator
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{93356AC9-C222-4547-B743-FF1903ACCE04}" = Sprint PCS Connection Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9811A185-3D3D-11D6-9E14-00036D172B00}" = Adobe MPEG Encoder
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3A1A5F0-0B94-4E69-B3E1-92F25E31BEE9}" = H264 Codecs
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK EASYSHARE 5000 Series All-in-One Software
"{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{E07C71A6-1576-4F7F-8856-B1C439E669AC}" = MotionDV STUDIO 5.6E LE for DV
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EB866374-B705-4749-83D9-997AC77146B3}" = LGUsbDriver
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F9E3CA72-816F-3905-898C-3962A49F666A}" = Cooliris for Internet Explorer
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"3G_1.2" = JumpStart 3rd Grade v1.2
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Premiere 6.5" = Adobe Premiere 6.5
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Utility
"CCleaner" = CCleaner
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ffdshow" = ffdshow
"Flash Movie Player" = Flash Movie Player 1.4
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"JumpStart Explorers" = JumpStart Explorers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"NetViewer_is1" = NetViewer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"Shockwave" = Shockwave
"TCEssentials" = TC Native Essentials 2.02
"TTM70" = Talk to Me
"Verizon Online DSL_is1" = Verizon Online DSL
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"x264 Revision 534 x264.nl" = x264 Revision 534 x264.nl (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1485263070-421634387-1372097788-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/3/2009 4:53:43 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 11/4/2009 1:26:57 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 11/4/2009 8:57:33 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting
module unknown, version 0.0.0.0, fault address 0x61eb77e0.

Error - 11/19/2009 4:07:38 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 11/24/2009 6:14:27 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/21/2010 6:49:46 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/22/2010 12:33:59 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/22/2010 12:43:51 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/22/2010 1:22:44 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/23/2010 8:03:55 PM | Computer Name = DFGPNS51 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 2/10/2010 1:35:35 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:36:40 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:37:45 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:38:50 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:39:55 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:41:00 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:42:05 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:43:10 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:44:15 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/10/2010 1:45:20 PM | Computer Name = DFGPNS51 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >


OTL logfile created on: 2/10/2010 11:37:50 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = D:\Malware Programs\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2047 2247 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.34 Gb Total Space | 12.43 Gb Free Space | 23.76% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 1.81 Gb Free Space | 97.15% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DFGPNS51
Current User Name: Hassan Kassam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/10 11:44:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\Malware Programs\OTL\OTL.exe
PRC - [2010/01/20 19:54:51 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SSU.exe
PRC - [2008/07/31 14:19:40 | 000,353,672 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
PRC - [2008/07/31 14:19:38 | 002,401,672 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2004/10/26 12:01:00 | 000,127,044 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2004/03/15 00:04:00 | 000,122,933 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2004/02/23 10:56:04 | 000,561,152 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
PRC - [2004/02/20 15:14:04 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
PRC - [2004/02/02 14:32:16 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2003/08/29 04:59:24 | 000,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2003/02/26 10:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 11:44:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\Malware Programs\OTL\OTL.exe
MOD - [2008/07/31 14:19:40 | 000,173,448 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\SYSTEM32\wdfproc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NBService)
SRV - [2010/01/20 19:54:51 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/07/31 14:19:40 | 000,353,672 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe -- (WDFNet)
SRV - [2008/01/22 09:13:26 | 000,275,752 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/09/26 13:41:56 | 000,503,608 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/09/06 12:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/03/22 18:04:18 | 000,009,728 | ---- | M] (SDSD) [Disabled | Stopped] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/30 18:09:40 | 000,138,168 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/01/25 10:17:04 | 000,135,168 | ---- | M] (Sprint Spectrum, L.L.C) [Disabled | Stopped] -- C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe -- (Sprint PCS v3 Utility Service)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/11/01 15:16:55 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2004/10/26 12:01:00 | 000,127,044 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2004/02/20 15:14:04 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (WLTRYSVC)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/11/27 05:30:30 | 000,065,536 | R--- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/01/29 10:20:45 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/09/15 11:42:48 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/15 11:42:46 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/15 11:42:44 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/07/31 14:19:46 | 000,103,304 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwipf6.sys -- (pwipf6)
DRV - [2008/04/13 12:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 12:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/10/01 15:24:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys -- (SSKBFD)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/18 03:00:00 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/19 13:44:04 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/01/06 11:44:46 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2005/09/02 15:06:35 | 000,042,240 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2plms.sys -- (ser2plms)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2004/10/26 12:01:00 | 002,830,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/10/08 23:38:48 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/06/22 08:05:12 | 000,051,088 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hpzid412.sys -- (HPZid412)
DRV - [2004/06/22 08:05:12 | 000,021,744 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - [2004/06/22 08:05:12 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - [2004/05/12 19:30:14 | 000,258,704 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/03/15 00:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/15 00:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/15 00:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/15 00:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/15 00:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/15 00:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/15 00:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/15 00:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/15 00:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/02/27 01:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/02/20 15:13:50 | 000,312,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/02/13 02:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 18:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 18:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/21 18:25:52 | 000,094,600 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/06/02 07:02:42 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/15 17:03:34 | 000,043,024 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\lgatbus.sys -- (lgatbus) LG USB Composite Device driver (WDM)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1485263070-421634387-1372097788-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1485263070-421634387-1372097788-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1485263070-421634387-1372097788-1006\S-1-5-21-1485263070-421634387-1372097788-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/01/24 15:03:20 | 000,000,707 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-1485263070-421634387-1372097788-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1485263070-421634387-1372097788-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-1485263070-421634387-1372097788-1006\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [Webroot Desktop Firewall] C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe (Webroot Software Inc (www.webroot.com))
O4 - HKU\S-1-5-21-1485263070-421634387-1372097788-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1485263070-421634387-1372097788-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1190651549002 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/shock...h/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab (Reg Error: Value error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (IO SHARED\DLLSHARED) - File not found
O30 - LSA: Security Packages - (settings..) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ba11c2f0-210e-11db-8a1d-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ba11c2f0-210e-11db-8a1d-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba11c2f0-210e-11db-8a1d-00038a000015}\Shell\AutoRun\command - "" = E:\cd1run.exe -- File not found
O33 - MountPoints2\{ba11c2f0-210e-11db-8a1d-00038a000015}\Shell\launchMP\command - "" = E:\Setup_ST.exe -- File not found
O33 - MountPoints2\{ba11c2f0-210e-11db-8a1d-00038a000015}\Shell\launchpc\command - "" = E:\pStreets\PocketPC\Setup.exe -- File not found
O33 - MountPoints2\{ba11c2f0-210e-11db-8a1d-00038a000015}\Shell\launchsp\command - "" = E:\pStreets\SmartPhn\Setup.exe -- File not found
O33 - MountPoints2\{ba11c2f0-210e-11db-8a1d-00038a000015}\Shell\readit\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008/04/13 18:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/10/08 23:04:16 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (58831663156690944)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/29 17:22:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Hassan Kassam\Recent
[2010/01/29 10:06:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/29 10:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2010/01/21 16:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hassan Kassam\Application Data\Malwarebytes
[2010/01/21 16:49:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/21 16:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/21 16:48:56 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/21 16:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/21 16:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/21 16:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hassan Kassam\Application Data\SUPERAntiSpyware.com
[2010/01/21 16:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/21 16:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/09/04 09:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/04/26 18:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SDSD
[2008/04/26 18:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SDSD
[2008/03/04 13:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\SDSD
[2008/03/04 13:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SDSD
[2007/10/17 22:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/26 16:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Webroot
[2007/02/08 17:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2007/01/23 16:08:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/01/23 14:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/07/20 17:59:28 | 000,447,961 | ---- | C] (CodecX Technologies Incorporated ) -- C:\Program Files\CXInstall.exe
[2005/12/26 19:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/02/11 20:37:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/11/02 14:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec

========== Files - Modified Within 30 Days ==========

[2010/02/10 11:16:49 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/10 11:16:48 | 000,044,051 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/02/10 11:16:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/10 11:16:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/10 11:16:39 | 2146,742,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/09 20:55:01 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Hassan Kassam\NTUSER.DAT
[2010/02/09 20:55:01 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Hassan Kassam\NTUSER.INI
[2010/02/09 18:53:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\defogger_reenable
[2010/02/08 18:37:29 | 000,000,020 | -HS- | M] () -- C:\ArcDeviceInfo
[2010/02/08 18:36:54 | 000,000,094 | ---- | M] () -- C:\WINDOWS\MusicRip.ini
[2010/02/08 18:26:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/01 19:18:44 | 000,001,610 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L03A4999E9A394C71890D49E0F5DCB224.job
[2010/01/29 10:20:45 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2010/01/24 15:03:20 | 000,000,707 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/01/23 17:55:18 | 000,001,484 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeperFullSweep.job
[2010/01/21 15:21:05 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\My Documents\cc_20100121_152045.reg
[2010/01/20 19:54:51 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus.lnk
[2010/01/20 19:53:10 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2010/01/20 17:15:39 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\Desktop\Microsoft Office Excel 2003.lnk
[2010/01/19 14:25:22 | 000,668,011 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\My Documents\AddaBeadPoster2.jpg
[2010/01/19 14:25:02 | 000,643,096 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\My Documents\AddaBeadPoster1.jpg
[2010/01/19 12:05:04 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\Desktop\Microsoft Office Word 2003.lnk
[2010/01/18 19:05:26 | 000,711,362 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\My Documents\CharmBletss.jpg
[2010/01/16 13:12:40 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\My Documents\aDDAdEADpRICE.xls
[2010/01/12 13:37:58 | 000,051,878 | ---- | M] () -- C:\Documents and Settings\Hassan Kassam\Desktop\AFC2F3C0-5B0C-43FD-AA08-BE5FC1B36793[1].pdf

========== Files Created - No Company Name ==========

[2010/02/09 18:53:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\defogger_reenable
[2010/02/08 18:37:29 | 000,000,020 | -HS- | C] () -- C:\ArcDeviceInfo
[2010/02/08 18:36:54 | 000,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini
[2010/01/23 17:52:29 | 2146,742,272 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/21 15:21:01 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\My Documents\cc_20100121_152045.reg
[2010/01/20 19:54:51 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus.lnk
[2010/01/19 14:25:20 | 000,668,011 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\My Documents\AddaBeadPoster2.jpg
[2010/01/19 14:24:57 | 000,643,096 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\My Documents\AddaBeadPoster1.jpg
[2010/01/18 19:05:21 | 000,711,362 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\My Documents\CharmBletss.jpg
[2010/01/16 13:12:40 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\My Documents\aDDAdEADpRICE.xls
[2010/01/12 13:37:58 | 000,051,878 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Desktop\AFC2F3C0-5B0C-43FD-AA08-BE5FC1B36793[1].pdf
[2009/11/30 19:52:03 | 000,001,352 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/06/21 12:26:33 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2009/06/21 12:26:33 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2009/06/21 12:26:27 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2009/05/08 09:53:29 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/04/15 13:55:12 | 002,545,152 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Local Settings\Application Data\cooliris-win-ie-release-1.10.0.24532.en-US.msi
[2008/11/13 18:55:09 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Application Data\$_hpcst$.hpc
[2008/09/03 17:24:29 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/06/26 15:22:19 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/17 17:40:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NetViewer16ch_iplog.ini
[2008/05/12 19:12:21 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2008/04/23 17:22:55 | 000,001,422 | ---- | C] () -- C:\Program Files\ReadMe.txt
[2008/03/04 17:57:53 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/01/19 19:43:06 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2008/01/17 21:19:45 | 000,003,840 | ---- | C] () -- C:\WINDOWS\DellBIOS.Sys
[2007/07/23 13:20:14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/01/16 00:00:45 | 000,579,602 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/11/21 15:48:53 | 000,000,160 | ---- | C] () -- C:\WINDOWS\DMmvHost.ini
[2006/11/21 15:42:46 | 000,000,125 | ---- | C] () -- C:\WINDOWS\multiview.ini
[2006/11/21 15:27:09 | 000,000,393 | ---- | C] () -- C:\WINDOWS\NetViewer16ch.INI
[2006/09/01 14:06:16 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Application Data\dvd.bmk
[2006/08/29 12:27:39 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/26 20:46:35 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Local Settings\Application Data\fusioncache.dat
[2006/05/22 05:47:24 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/05/21 15:56:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/02/15 15:06:11 | 000,001,996 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Application Data\AdobeDLM.log
[2006/02/15 15:06:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Application Data\dm.ini
[2006/01/17 08:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/06 12:12:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/12/26 15:22:55 | 000,000,081 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/12/26 15:22:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/10/29 16:52:41 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Hassan Kassam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/14 16:11:17 | 000,000,390 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/08/14 16:10:10 | 000,000,047 | ---- | C] () -- C:\WINDOWS\firstgrd.ini
[2005/08/13 19:19:07 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/08/13 19:19:04 | 000,000,361 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/01/17 13:15:58 | 004,466,776 | ---- | C] () -- C:\Program Files\Install_AIM.exe
[2005/01/17 13:10:28 | 000,203,061 | ---- | C] () -- C:\Program Files\AIM+Setup.exe
[2004/11/01 14:26:42 | 000,000,669 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/11/01 14:05:12 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/08 23:52:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/08 23:34:49 | 000,000,187 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/08 23:07:26 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 12:13:12 | 000,000,884 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 04:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003637_.tmp.dll
[2004/08/04 04:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003605_.tmp.dll
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/26 15:21:39 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/08/16 19:25:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/08/16 19:25:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/08/16 19:25:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/08/16 19:25:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2010/01/29 10:20:45 | 000,096,512 | ---- | M] () MD5=E96692226878B0CC075EFD8CC1991218 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 18:11:53 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\expsrv.dll
[2008/07/31 14:19:40 | 000,173,448 | ---- | M] (Webroot Software Inc (www.webroot.com)) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\wdfproc.dll
[2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\wrLZMA.dll

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Hassan Kassam\Desktop\Insuring:SummaryInformation
< End of report >


#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:32 AM

Posted 11 February 2010 - 08:10 AM


We need to run this special tool.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • If prompted to reboot, please do so.
  • When it is done, a log file should be created on your desktop called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 albertoj

albertoj
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 11 February 2010 - 12:13 PM

Hi Sam,

Good Mornni
Here is the log from TDSKILLER.
Thanks for your response.

10:59:30:418 2720 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00
10:59:30:418 2720 ================================================================================
10:59:30:418 2720 SystemInfo:

10:59:30:418 2720 OS Version: 5.1.2600 ServicePack: 3.0
10:59:30:418 2720 Product type: Workstation
10:59:30:418 2720 ComputerName: DFGPNS51
10:59:30:418 2720 UserName: Hassan Kassam
10:59:30:418 2720 Windows directory: C:\WINDOWS
10:59:30:418 2720 Processor architecture: Intel x86
10:59:30:418 2720 Number of processors: 1
10:59:30:418 2720 Page size: 0x1000
10:59:30:418 2720 Boot type: Normal boot
10:59:30:418 2720 ================================================================================
10:59:30:428 2720 UnloadDriverW: NtUnloadDriver error 2
10:59:30:428 2720 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
10:59:30:568 2720 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
10:59:30:608 2720 UtilityInit: KLMD drop and load success
10:59:30:608 2720 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
10:59:30:608 2720 UtilityInit: KLMD open success
10:59:30:608 2720 UtilityInit: Initialize success
10:59:30:608 2720
10:59:30:608 2720 Scanning Services ...
10:59:30:608 2720 CreateRegParser: Registry parser init started
10:59:30:608 2720 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
10:59:30:608 2720 CreateRegParser: DisableWow64Redirection error
10:59:30:608 2720 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
10:59:30:608 2720 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
10:59:30:608 2720 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
10:59:30:608 2720 wfopen_ex: Trying to KLMD file open
10:59:30:608 2720 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
10:59:30:608 2720 wfopen_ex: File opened ok (Flags 2)
10:59:30:608 2720 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: B74948
10:59:30:608 2720 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
10:59:30:608 2720 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
10:59:30:608 2720 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
10:59:30:608 2720 wfopen_ex: Trying to KLMD file open
10:59:30:608 2720 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
10:59:30:608 2720 wfopen_ex: File opened ok (Flags 2)
10:59:30:608 2720 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: B749F0
10:59:30:608 2720 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
10:59:30:608 2720 CreateRegParser: EnableWow64Redirection error
10:59:30:608 2720 CreateRegParser: RegParser init completed
10:59:31:259 2720 GetAdvancedServicesInfo: Raw services enum returned 393 services
10:59:31:259 2720 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
10:59:31:259 2720 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
10:59:31:259 2720
10:59:31:259 2720 Scanning Kernel memory ...
10:59:31:259 2720 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
10:59:31:259 2720 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A729CC8
10:59:31:259 2720 DetectCureTDL3: KLMD_GetDeviceObjectList returned 6 DevObjects
10:59:31:259 2720
10:59:31:259 2720 DetectCureTDL3: DEVICE_OBJECT: 8A1DD5D8
10:59:31:259 2720 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A1DD5D8
10:59:31:259 2720 KLMD_ReadMem: Trying to ReadMemory 0x8A1DD5D8[0x38]
10:59:31:259 2720 DetectCureTDL3: DRIVER_OBJECT: 8A729CC8
10:59:31:259 2720 KLMD_ReadMem: Trying to ReadMemory 0x8A729CC8[0xA8]
10:59:31:259 2720 KLMD_ReadMem: Trying to ReadMemory 0xE17DFEB8[0x18]
10:59:31:259 2720 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:59:31:259 2720 DetectCureTDL3: IrpHandler (0) addr: F76DDBB0
10:59:31:259 2720 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (2) addr: F76DDBB0
10:59:31:259 2720 DetectCureTDL3: IrpHandler (3) addr: F76D7D1F
10:59:31:259 2720 DetectCureTDL3: IrpHandler (4) addr: F76D7D1F
10:59:31:259 2720 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (9) addr: F76D82E2
10:59:31:259 2720 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (14) addr: F76D83BB
10:59:31:259 2720 DetectCureTDL3: IrpHandler (15) addr: F76DBF28
10:59:31:259 2720 DetectCureTDL3: IrpHandler (16) addr: F76D82E2
10:59:31:259 2720 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (22) addr: F76D9C82
10:59:31:259 2720 DetectCureTDL3: IrpHandler (23) addr: F76DE99E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
10:59:31:259 2720 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
10:59:31:269 2720 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
10:59:31:269 2720 TDL3_FileDetect: Processing driver: Disk
10:59:31:269 2720 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
10:59:31:269 2720 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
10:59:31:309 2720 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
10:59:31:309 2720
10:59:31:309 2720 DetectCureTDL3: DEVICE_OBJECT: 89F37390
10:59:31:309 2720 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89F37390
10:59:31:309 2720 DetectCureTDL3: DEVICE_OBJECT: 8A542370
10:59:31:309 2720 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A542370
10:59:31:309 2720 DetectCureTDL3: DEVICE_OBJECT: 89F675B0
10:59:31:309 2720 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89F675B0
10:59:31:309 2720 KLMD_ReadMem: Trying to ReadMemory 0x89F675B0[0x38]
10:59:31:309 2720 DetectCureTDL3: DRIVER_OBJECT: 8A616270
10:59:31:309 2720 KLMD_ReadMem: Trying to ReadMemory 0x8A616270[0xA8]
10:59:31:309 2720 KLMD_ReadMem: Trying to ReadMemory 0xE162CB38[0x1E]
10:59:31:309 2720 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
10:59:31:309 2720 DetectCureTDL3: IrpHandler (0) addr: B7F88218
10:59:31:309 2720 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (2) addr: B7F88218
10:59:31:309 2720 DetectCureTDL3: IrpHandler (3) addr: B7F8823C
10:59:31:309 2720 DetectCureTDL3: IrpHandler (4) addr: B7F8823C
10:59:31:309 2720 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (9) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (14) addr: B7F88180
10:59:31:309 2720 DetectCureTDL3: IrpHandler (15) addr: B7F839E6
10:59:31:309 2720 DetectCureTDL3: IrpHandler (16) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (22) addr: B7F875F0
10:59:31:309 2720 DetectCureTDL3: IrpHandler (23) addr: B7F85A6E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
10:59:31:309 2720 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
10:59:31:309 2720 KLMD_ReadMem: Trying to ReadMemory 0xB7F84F26[0x400]
10:59:31:309 2720 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
10:59:31:309 2720 TDL3_FileDetect: Processing driver: USBSTOR
10:59:31:309 2720 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:59:31:309 2720 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:59:31:320 2720 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
10:59:31:320 2720
10:59:31:320 2720 DetectCureTDL3: DEVICE_OBJECT: 8A781C68
10:59:31:320 2720 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A781C68
10:59:31:320 2720 KLMD_ReadMem: Trying to ReadMemory 0x8A781C68[0x38]
10:59:31:320 2720 DetectCureTDL3: DRIVER_OBJECT: 8A729CC8
10:59:31:320 2720 KLMD_ReadMem: Trying to ReadMemory 0x8A729CC8[0xA8]
10:59:31:320 2720 KLMD_ReadMem: Trying to ReadMemory 0xE17DFEB8[0x18]
10:59:31:320 2720 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:59:31:320 2720 DetectCureTDL3: IrpHandler (0) addr: F76DDBB0
10:59:31:320 2720 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (2) addr: F76DDBB0
10:59:31:320 2720 DetectCureTDL3: IrpHandler (3) addr: F76D7D1F
10:59:31:320 2720 DetectCureTDL3: IrpHandler (4) addr: F76D7D1F
10:59:31:320 2720 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (9) addr: F76D82E2
10:59:31:320 2720 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (14) addr: F76D83BB
10:59:31:320 2720 DetectCureTDL3: IrpHandler (15) addr: F76DBF28
10:59:31:320 2720 DetectCureTDL3: IrpHandler (16) addr: F76D82E2
10:59:31:320 2720 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (22) addr: F76D9C82
10:59:31:320 2720 DetectCureTDL3: IrpHandler (23) addr: F76DE99E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
10:59:31:320 2720 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
10:59:31:320 2720 TDL3_FileDetect: Processing driver: Disk
10:59:31:320 2720 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
10:59:31:320 2720 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
10:59:31:330 2720 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
10:59:31:330 2720
10:59:31:330 2720 DetectCureTDL3: DEVICE_OBJECT: 8A780C68
10:59:31:330 2720 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A780C68
10:59:31:330 2720 KLMD_ReadMem: Trying to ReadMemory 0x8A780C68[0x38]
10:59:31:330 2720 DetectCureTDL3: DRIVER_OBJECT: 8A729CC8
10:59:31:330 2720 KLMD_ReadMem: Trying to ReadMemory 0x8A729CC8[0xA8]
10:59:31:330 2720 KLMD_ReadMem: Trying to ReadMemory 0xE17DFEB8[0x18]
10:59:31:330 2720 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:59:31:330 2720 DetectCureTDL3: IrpHandler (0) addr: F76DDBB0
10:59:31:330 2720 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (2) addr: F76DDBB0
10:59:31:330 2720 DetectCureTDL3: IrpHandler (3) addr: F76D7D1F
10:59:31:330 2720 DetectCureTDL3: IrpHandler (4) addr: F76D7D1F
10:59:31:330 2720 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (9) addr: F76D82E2
10:59:31:330 2720 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (14) addr: F76D83BB
10:59:31:330 2720 DetectCureTDL3: IrpHandler (15) addr: F76DBF28
10:59:31:330 2720 DetectCureTDL3: IrpHandler (16) addr: F76D82E2
10:59:31:330 2720 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (22) addr: F76D9C82
10:59:31:330 2720 DetectCureTDL3: IrpHandler (23) addr: F76DE99E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
10:59:31:330 2720 TDL3_FileDetect: Processing driver: Disk
10:59:31:330 2720 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
10:59:31:330 2720 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
10:59:31:330 2720 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
10:59:31:330 2720
10:59:31:330 2720 DetectCureTDL3: DEVICE_OBJECT: 8A744C68
10:59:31:330 2720 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A744C68
10:59:31:330 2720 KLMD_ReadMem: Trying to ReadMemory 0x8A744C68[0x38]
10:59:31:330 2720 DetectCureTDL3: DRIVER_OBJECT: 8A729CC8
10:59:31:330 2720 KLMD_ReadMem: Trying to ReadMemory 0x8A729CC8[0xA8]
10:59:31:330 2720 KLMD_ReadMem: Trying to ReadMemory 0xE17DFEB8[0x18]
10:59:31:330 2720 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:59:31:330 2720 DetectCureTDL3: IrpHandler (0) addr: F76DDBB0
10:59:31:330 2720 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (2) addr: F76DDBB0
10:59:31:330 2720 DetectCureTDL3: IrpHandler (3) addr: F76D7D1F
10:59:31:330 2720 DetectCureTDL3: IrpHandler (4) addr: F76D7D1F
10:59:31:330 2720 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (9) addr: F76D82E2
10:59:31:330 2720 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
10:59:31:330 2720 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (14) addr: F76D83BB
10:59:31:340 2720 DetectCureTDL3: IrpHandler (15) addr: F76DBF28
10:59:31:340 2720 DetectCureTDL3: IrpHandler (16) addr: F76D82E2
10:59:31:340 2720 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (22) addr: F76D9C82
10:59:31:340 2720 DetectCureTDL3: IrpHandler (23) addr: F76DE99E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
10:59:31:340 2720 TDL3_FileDetect: Processing driver: Disk
10:59:31:340 2720 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
10:59:31:340 2720 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
10:59:31:340 2720 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
10:59:31:340 2720
10:59:31:340 2720 DetectCureTDL3: DEVICE_OBJECT: 8A75E5C0
10:59:31:340 2720 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A75E5C0
10:59:31:340 2720 DetectCureTDL3: DEVICE_OBJECT: 8A72FD98
10:59:31:340 2720 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A72FD98
10:59:31:340 2720 KLMD_ReadMem: Trying to ReadMemory 0x8A72FD98[0x38]
10:59:31:340 2720 DetectCureTDL3: DRIVER_OBJECT: 8A72B608
10:59:31:340 2720 KLMD_ReadMem: Trying to ReadMemory 0x8A72B608[0xA8]
10:59:31:340 2720 KLMD_ReadMem: Trying to ReadMemory 0xE17DC128[0x1A]
10:59:31:340 2720 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
10:59:31:340 2720 DetectCureTDL3: IrpHandler (0) addr: F74396F2
10:59:31:340 2720 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (2) addr: F74396F2
10:59:31:340 2720 DetectCureTDL3: IrpHandler (3) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (4) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (9) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (14) addr: F7439712
10:59:31:340 2720 DetectCureTDL3: IrpHandler (15) addr: F7435852
10:59:31:340 2720 DetectCureTDL3: IrpHandler (16) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (22) addr: F743973C
10:59:31:340 2720 DetectCureTDL3: IrpHandler (23) addr: F7440336
10:59:31:340 2720 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
10:59:31:340 2720 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
10:59:31:340 2720 KLMD_ReadMem: Trying to ReadMemory 0xF7436864[0x400]
10:59:31:340 2720 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
10:59:31:340 2720 TDL3_FileDetect: Processing driver: atapi
10:59:31:340 2720 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
10:59:31:340 2720 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
10:59:31:360 2720 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
10:59:31:360 2720
10:59:31:360 2720 Completed
10:59:31:360 2720
10:59:31:360 2720 Results:
10:59:31:370 2720 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
10:59:31:370 2720 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
10:59:31:370 2720 File objects infected / cured / cured on reboot: 0 / 0 / 0
10:59:31:370 2720
10:59:31:370 2720 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
10:59:31:370 2720 UtilityDeinit: KLMD(ARK) unloaded successfully


#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:32 AM

Posted 11 February 2010 - 04:17 PM

Are you still being redirected in your Google searches?

BASFND.sys is your Broadcom NetDetect Driver. So if you are allowing Spysweeper to block it that would be why you're having connection issues.



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



Let me know what issues are you still experiencing.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 albertoj

albertoj
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 11 February 2010 - 08:01 PM

Hi Sam,
Thanks for response.
Did the Java Update and Googled to see if the computer would redirect. So far it is ok. However Webroot firewall is popping up constantly and indicates that it has blocked 17 incoming packecks. I have the firewall log listed below.

Date/Time Direction Local IP Remote IP Protocol Application
7:00:58 PM 2/11/2010 In 192.168.2.255:520 (efs) 192.168.2.1:520 (efs) UDP (17)
7:00:28 PM 2/11/2010 In 192.168.2.255:520 (efs) 192.168.2.1:520 (efs) UDP (17)
6:59:58 PM 2/11/2010 In 192.168.2.255:520 (efs) 192.168.2.1:520 (efs) UDP (17)
6:59:30 PM 2/11/2010 In 192.168.2.9:1046 65.55.13.91:443 (https) TCP (6) C:\WINDOWS\SYSTEM32\svchost.exe
6:59:29 PM 2/11/2010 In 192.168.2.255:137 (netbios-ns) 192.168.2.9:137 (netbios-ns) UDP (17)
6:59:28 PM 2/11/2010 In 192.168.2.255:137 (netbios-ns) 192.168.2.9:137 (netbios-ns) UDP (17)
6:59:28 PM 2/11/2010 In 192.168.2.255:520 (efs) 192.168.2.1:520 (efs) UDP (17)
6:59:27 PM 2/11/2010 In 192.168.2.255:137 (netbios-ns) 192.168.2.9:137 (netbios-ns) UDP (17)
6:59:27 PM 2/11/2010 In 255.255.255.255:67 (bootps) 192.168.2.9:68 (bootpc) UDP (17)
6:59:03 PM 2/11/2010 In 192.168.2.9:137 (netbios-ns) 192.168.2.1:2048 UDP (17)
6:58:58 PM 2/11/2010 In 192.168.2.255:520 (efs) 192.168.2.1:520 (efs) UDP (17)
6:58:28 PM 2/11/2010 In 192.168.2.255:520 (efs) 192.168.2.1:520 (efs) UDP (17)
6:57:58 PM 2/11/2010 In 192.168.2.255:520 (efs) 192.168.2.1:520 (efs) UDP (17)
6:57:31 PM 2/11/2010 In 192.168.2.9:1043 72.5.172.210:80 (http) TCP (6) C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
6:57:31 PM 2/11/2010 In 192.168.2.9:57767 192.168.2.1:53 (domain) UDP (17) C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
6:57:31 PM 2/11/2010 In 192.168.2.9:1042 72.5.172.201:80 (http) TCP (6) C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
6:57:31 PM 2/11/2010 In 192.168.2.9:53689 192.168.2.1:53 (domain) UDP (17) C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
6:57:28 PM 2/11/2010 In 192.168.2.255:520 (efs) 192.168.2.1:520 (efs) UDP (17)
6:57:12 PM 2/11/2010 In 239.255.255.250:1900 (UPnP) 192.168.2.9:1038 UDP (17)
6:57:12 PM 2/11/2010 In 192.168.2.9:1040 174.132.244.202:443 (https) TCP (6) C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
6:57:09 PM 2/11/2010 In 239.255.255.250:1900 (UPnP) 192.168.2.9:1038 UDP (17)
6:57:06 PM 2/11/2010 In 239.255.255.250:1900 (UPnP) 192.168.2.9:1038 UDP (17)
6:56:58 PM 2/11/2010 In 192.168.2.255:520 (efs) 192.168.2.1:520 (efs) UDP (17)
6:56:53 PM 2/11/2010 In 192.168.2.9:137 (netbios-ns) 192.168.2.1:2048 UDP (17)
6:56:49 PM 2/11/2010 In 192.168.2.9:1035 199.7.51.190:80 (http) TCP (6) C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
6:56:48 PM 2/11/2010 In 192.168.2.9:60693 192.168.2.1:53 (domain) UDP (17) C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
6:56:40 PM 2/11/2010 In 255.255.255.255:67 (bootps) 0.0.0.0:68 (bootpc) UDP (17)

I do not have AV program. please let me know what to do next.
Thanks.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:32 AM

Posted 11 February 2010 - 08:11 PM

Most of that is from your own network. Not unusual at all.
192.168.2.255 is your network's broadcast address.

It's routine traffic. Your computer is just trying to resolve names of devices on your network.


I do recommend that you install an antivirus right away.
I can recommend Avast as an excellent free solution that you can download from here.
http://www.avast.com/free-antivirus-download



Here are some final steps and recommendations for you.

Follow these steps to remove OTL and some of the other tools we've used.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  2. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  3. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  4. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  5. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  6. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

thumbup.gif smile.gif





Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 albertoj

albertoj
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 11 February 2010 - 09:12 PM

hi Sam,
thank you for your response. i have downloaded avast and its up and running. should i run defogger and enable cd emulation?
as for firewall, i have webroot. should i continue or replace it? webroot antivirus has expired, should i uninstall it since i have avast now?
was my system badly infected?
thankx for ur help

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:32 AM

Posted 12 February 2010 - 07:49 AM

QUOTE
should i run defogger and enable cd emulation?
Yes

QUOTE
as for firewall, i have webroot. should i continue or replace it?
I don't know specifically about webroot's firewall, but you should run one.

QUOTE
webroot antivirus has expired, should i uninstall it since i have avast now?
Yes, there's no reason to keep an expired antivirus program. It's of little use to you.

QUOTE
was my system badly infected?
Indications are that you had a rootkit infection based on your description of the issues you were having. I did not see signs of an infection in any of the logs that you posted though.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 albertoj

albertoj
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 13 February 2010 - 11:44 AM

Hi Sam,

Installed spybot and ran it . It found over 100 items and after restart it was like firework in dos and it did a scan again and cleared all.

Iwill install zone alarm today and remove webroot firewall.
see what happens.
Thanks

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:32 AM

Posted 14 February 2010 - 09:28 AM

Sounds good! Let me know if you have any problems, otherwise I'll go ahead and close this topic for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 albertoj

albertoj
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 16 February 2010 - 08:21 PM

Hi Sam,

Ran A-squared and found 3 virus and avast found one. Switched to Google Chrome, so far every thing is fine.
Thanks for all your help.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:32 AM

Posted 17 February 2010 - 11:55 AM

I'm glad I could help you out! smile.gif


Now that your malware problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this topic in your request.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users