Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

In need of help for Google redirect virus and more...


  • This topic is locked This topic is locked
36 replies to this topic

#1 Atticus Finch

Atticus Finch

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 08 August 2010 - 12:39 AM

Hi there,

I'm at the end of my rope here. I've tried AVG, Malwarebytes, Avast, Super Anti-spyware, Ad-aware and Spybot but nothing is detecting whatever is redirecting my Google clicks, constant blue screens, whatever is preventing Ad-Aware's Ad-watch Live from engaging and whatever keeps giving me a rundll error on every start up.
I really hope you can help me.

Thank you for taking the time to read this.

Sincerely,

Mark

BC AdBot (Login to Remove)

 


#2 Duct Taped Goat

Duct Taped Goat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 08 August 2010 - 03:01 AM

Two things on the redirect :

1. To navigate Google with a redirect, copy the address from the search result and paste it. (NOT THE HYPERLINK)

2. Take note of what you're redirecting to. It should be the same host every time. From here, you can recieve a proper solution for your specific situation.


I would like to see what is bluescreening as well.


For the spyware block, open MSCONFIG (from Run menu) and take note of what is starting up in the Startup tab. Take screenshots (low res) and attach to next post.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,110 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:35 PM

Posted 08 August 2010 - 05:36 AM

Hello Atticus Finch, please try to follow the steps in this guide and let me know if it takes care of the issue.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Atticus Finch

Atticus Finch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 08 August 2010 - 01:21 PM

Thanks guys. Ran the TdSSkiller and found two suspicious items which I just quarantined. Not sure if that was the thing to do, but it felt right.

Here's the report:

2010/08/08 14:09:52.0581 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/08 14:09:52.0581 ================================================================================
2010/08/08 14:09:52.0581 SystemInfo:
2010/08/08 14:09:52.0581
2010/08/08 14:09:52.0581 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/08 14:09:52.0581 Product type: Workstation
2010/08/08 14:09:52.0581 ComputerName: MOTHERSHIP
2010/08/08 14:09:52.0581 UserName: Marcos A. Cisneros
2010/08/08 14:09:52.0581 Windows directory: C:\WINDOWS
2010/08/08 14:09:52.0581 System windows directory: C:\WINDOWS
2010/08/08 14:09:52.0581 Processor architecture: Intel x86
2010/08/08 14:09:52.0581 Number of processors: 2
2010/08/08 14:09:52.0581 Page size: 0x1000
2010/08/08 14:09:52.0581 Boot type: Normal boot
2010/08/08 14:09:52.0581 ================================================================================
2010/08/08 14:09:56.0924 Initialize success
2010/08/08 14:10:07.0487 ================================================================================
2010/08/08 14:10:07.0487 Scan started
2010/08/08 14:10:07.0487 Mode: Manual;
2010/08/08 14:10:07.0487 ================================================================================
2010/08/08 14:10:10.0799 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/08/08 14:10:11.0018 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/08 14:10:11.0315 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/08 14:10:11.0534 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/08 14:10:11.0659 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/08/08 14:10:11.0846 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/08 14:10:12.0221 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/08/08 14:10:12.0346 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/08 14:10:12.0643 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/08/08 14:10:12.0831 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/08/08 14:10:12.0862 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/08/08 14:10:13.0003 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/08/08 14:10:13.0159 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/08/08 14:10:13.0503 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/08 14:10:13.0674 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/08 14:10:13.0815 ati2mtag (bc0089b358f5c37d74bfeceffb34eb12) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/08/08 14:10:14.0049 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/08 14:10:14.0237 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/08 14:10:14.0534 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/08/08 14:10:14.0768 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/08/08 14:10:14.0987 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/08/08 14:10:15.0315 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/08/08 14:10:15.0471 BCOREUSB (40f8c4c10ed67b1de44abf82582bac37) C:\WINDOWS\system32\Drivers\BCOREUSB.sys
2010/08/08 14:10:15.0706 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/08 14:10:15.0909 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/08/08 14:10:16.0096 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/08/08 14:10:16.0268 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/08/08 14:10:16.0518 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/08/08 14:10:16.0690 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/08 14:10:17.0034 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/08 14:10:17.0253 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/08 14:10:17.0846 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/08 14:10:18.0299 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/08/08 14:10:18.0878 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
2010/08/08 14:10:19.0065 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/08 14:10:19.0315 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/08 14:10:19.0581 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2010/08/08 14:10:19.0768 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
2010/08/08 14:10:19.0987 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/08 14:10:20.0284 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/08 14:10:20.0409 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/08 14:10:20.0628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/08 14:10:20.0768 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/08 14:10:20.0815 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/08 14:10:20.0909 ELECTRO (66a44bdda639d801c80b08d0cd053218) C:\WINDOWS\system32\drivers\electro.sys
2010/08/08 14:10:21.0159 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/08 14:10:21.0299 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/08 14:10:21.0534 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/08 14:10:21.0690 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/08 14:10:21.0940 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/08 14:10:22.0143 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/08 14:10:22.0315 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/08 14:10:22.0565 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/08/08 14:10:22.0831 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/08 14:10:23.0018 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/08 14:10:23.0237 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/08 14:10:23.0409 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/08/08 14:10:23.0628 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/08/08 14:10:23.0815 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/08/08 14:10:24.0065 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/08/08 14:10:24.0268 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/08/08 14:10:24.0596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/08 14:10:24.0799 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/08 14:10:25.0081 iLokDrvr (c78fa741e1e1a96d3235f3b6907fe9d5) C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys
2010/08/08 14:10:25.0268 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/08 14:10:25.0503 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/08 14:10:25.0659 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/08 14:10:25.0862 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/08 14:10:26.0018 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/08 14:10:26.0174 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/08 14:10:26.0315 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/08 14:10:26.0581 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/08 14:10:26.0737 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/08 14:10:26.0987 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/08 14:10:27.0128 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/08 14:10:27.0190 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/08 14:10:27.0456 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/08/08 14:10:27.0690 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/08 14:10:27.0924 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/08/08 14:10:28.0112 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/08 14:10:28.0424 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/08 14:10:28.0659 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
2010/08/08 14:10:28.0987 MotuFWA (072d0b25adc9cd18b70a6e827600c604) C:\WINDOWS\system32\drivers\MotuFWA.sys
2010/08/08 14:10:29.0190 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/08 14:10:29.0409 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/08 14:10:29.0565 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/08 14:10:29.0768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/08 14:10:29.0862 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/08 14:10:30.0128 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/08 14:10:30.0268 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/08 14:10:30.0487 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/08 14:10:30.0612 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/08 14:10:30.0862 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/08 14:10:31.0034 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/08 14:10:31.0268 NAVENG (e1f97f1090bcb11bde52289c4d5b9e3e) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060727.049\NAVENG.Sys
2010/08/08 14:10:31.0534 NAVEX15 (7551014bad268dd3026d1020fa26ac39) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060727.049\NavEx15.Sys
2010/08/08 14:10:31.0846 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/08 14:10:31.0956 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/08 14:10:32.0175 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/08 14:10:32.0190 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/08 14:10:32.0284 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/08 14:10:32.0581 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/08 14:10:32.0690 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/08 14:10:33.0018 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2010/08/08 14:10:33.0237 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/08 14:10:33.0409 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/08 14:10:33.0643 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
2010/08/08 14:10:33.0909 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/08 14:10:34.0143 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/08 14:10:34.0268 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/08 14:10:34.0393 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/08 14:10:34.0596 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/08 14:10:34.0768 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2010/08/08 14:10:34.0987 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2010/08/08 14:10:35.0096 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/08/08 14:10:35.0190 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/08 14:10:35.0409 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/08 14:10:35.0471 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/08 14:10:35.0643 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/08 14:10:35.0815 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/08 14:10:36.0081 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/08 14:10:36.0268 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/08 14:10:36.0425 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/08 14:10:36.0550 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/08 14:10:36.0956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/08 14:10:37.0409 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/08 14:10:37.0565 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/08 14:10:37.0659 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/08 14:10:37.0815 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/08 14:10:38.0050 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/08 14:10:38.0221 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/08 14:10:38.0425 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/08 14:10:38.0643 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/08 14:10:38.0862 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/08/08 14:10:39.0081 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/08/08 14:10:39.0284 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/08/08 14:10:39.0440 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/08/08 14:10:39.0675 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/08/08 14:10:39.0971 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SuperAntiSpyware\SASDIFSV.SYS
2010/08/08 14:10:40.0112 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SuperAntiSpyware\SASENUM.SYS
2010/08/08 14:10:40.0300 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SuperAntiSpyware\SASKUTIL.sys
2010/08/08 14:10:40.0706 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2010/08/08 14:10:40.0862 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/08 14:10:41.0065 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/08 14:10:41.0128 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/08 14:10:41.0425 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/08 14:10:41.0612 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/08 14:10:41.0706 sptd (ffacc5ed4d1c800991480026f7f51aca) C:\WINDOWS\system32\Drivers\sptd.sys
2010/08/08 14:10:41.0784 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: ffacc5ed4d1c800991480026f7f51aca
2010/08/08 14:10:41.0784 sptd - detected Locked file (1)
2010/08/08 14:10:41.0893 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/08 14:10:42.0065 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/08 14:10:42.0425 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2010/08/08 14:10:42.0581 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/08 14:10:42.0815 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/08 14:10:42.0909 SYMDNS (b0715be7e6acfbb1f8d2a9dbb6fa7c0a) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2010/08/08 14:10:43.0175 SymEvent (9351e17b2c6055cb0df442e54e5c1961) C:\Program Files\Symantec\SYMEVENT.SYS
2010/08/08 14:10:43.0425 SYMFW (1625f724cab061f95a843a4102d65757) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2010/08/08 14:10:43.0628 SYMIDS (d7e576e98a4ef5d8393370511205c2aa) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2010/08/08 14:10:43.0909 SYMIDSCO (1f86a0426fe9c70575e808556e659904) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20061025.029\symidsco.sys
2010/08/08 14:10:44.0112 SYMNDIS (b4c16ae203fa815cae4005b0e7ff8b68) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2010/08/08 14:10:44.0284 SYMREDRV (f26e71125da173d57caba3457c5e48cf) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/08/08 14:10:44.0518 SYMTDI (23b6adbaa7026c53b5ef102e56750b13) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/08/08 14:10:44.0737 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/08/08 14:10:44.0940 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/08 14:10:45.0018 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/08 14:10:45.0159 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/08 14:10:45.0346 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/08 14:10:45.0440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/08 14:10:45.0596 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
2010/08/08 14:10:45.0800 tosporte (aeb0a824ddb4f3cc7b476174c8692d47) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2010/08/08 14:10:45.0940 Tosrfbd (c1e77b1033969ea316c76f61adff2ad1) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2010/08/08 14:10:46.0003 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2010/08/08 14:10:46.0190 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2010/08/08 14:10:46.0268 Tosrfhid (7dfd6b1077b3ff19877fd67a04fed2a2) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2010/08/08 14:10:46.0346 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2010/08/08 14:10:46.0503 TosRfSnd (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2010/08/08 14:10:46.0753 Tosrfusb (730a65f13398a1737f1a78a7b1620ec6) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2010/08/08 14:10:46.0846 TPkd (f09c271e53a429b8b6ef717233f1c7d5) C:\WINDOWS\system32\drivers\TPkd.sys
2010/08/08 14:10:46.0987 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/08 14:10:47.0206 UKS11LDR (620ce857a21205399afc47e576a35884) C:\WINDOWS\system32\drivers\uks11ldr.sys
2010/08/08 14:10:47.0378 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/08 14:10:47.0612 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/08 14:10:47.0800 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/08 14:10:48.0065 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/08 14:10:48.0206 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/08 14:10:48.0409 USBKT1X1 (219e776dfadb932e7f82ac1d8e3f654e) C:\WINDOWS\system32\drivers\usbkt1x1.sys
2010/08/08 14:10:48.0581 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/08 14:10:48.0815 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/08 14:10:48.0956 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/08 14:10:49.0206 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/08 14:10:49.0346 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2010/08/08 14:10:49.0346 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
2010/08/08 14:10:49.0346 vaxscsi - detected Locked file (1)
2010/08/08 14:10:49.0362 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/08 14:10:49.0690 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/08 14:10:49.0878 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/08/08 14:10:50.0112 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/08 14:10:50.0284 Wdm1 (2f4b3c0e58d4a7bd8e38d1cd9ca47691) C:\WINDOWS\system32\Drivers\usbbc.sys
2010/08/08 14:10:50.0534 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/08 14:10:50.0612 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/08 14:10:50.0800 WinDriver (85101285425344db49d8aeb4aa71b716) C:\WINDOWS\system32\Drivers\windrvr.sys
2010/08/08 14:10:50.0987 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/08/08 14:10:51.0097 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/08 14:10:51.0206 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/08 14:10:51.0393 ================================================================================
2010/08/08 14:10:51.0393 Scan finished
2010/08/08 14:10:51.0393 ================================================================================
2010/08/08 14:10:51.0393 Detected object count: 2
2010/08/08 14:14:50.0754 sptd (ffacc5ed4d1c800991480026f7f51aca) C:\WINDOWS\system32\Drivers\sptd.sys
2010/08/08 14:14:50.0754 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: ffacc5ed4d1c800991480026f7f51aca
2010/08/08 14:14:50.0770 C:\WINDOWS\system32\Drivers\sptd.sys - quarantined
2010/08/08 14:14:50.0770 Locked file(sptd) - User select action: Quarantine
2010/08/08 14:14:50.0832 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2010/08/08 14:14:50.0832 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
2010/08/08 14:14:50.0926 C:\WINDOWS\System32\Drivers\vaxscsi.sys - quarantined
2010/08/08 14:14:50.0926 Locked file(vaxscsi) - User select action: Quarantine





Also, the startup rundll error I keep getting says:
"Error loading C:\WINDOWS\irokasegadav.dll
the specific module could not be found."

Thanks for taking the time everyone, I appreciate it.

Mark



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,110 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:35 PM

Posted 08 August 2010 - 02:00 PM

Yes, that was the right thing to do, however, since you also quarantined sptd.sys, you will have trouble with any CD emulators you may be using. Reinstalling the application will fix that.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Atticus Finch

Atticus Finch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 08 August 2010 - 10:53 PM

Thanks Elise! I uninstalled Malwarebytes and downloaded/reinstalled it from your link.
It found one item this time, which I removed. Strange that it didn't find this before with my previous installed version of Malwarebytes.

Here's the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4408

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/8/2010 11:49:59 PM
mbam-log-2010-08-08 (23-49-59).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 312002
Time elapsed: 2 hour(s), 37 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Marcos A. Cisneros\Local Settings\Application Data\Mozilla\Firefox\Profiles\2xif85os.default\Cache\2989E1D1d01 (Adware.Casino) -> Quarantined and deleted successfully.








#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,110 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:35 PM

Posted 09 August 2010 - 06:12 AM

Its possible MBAM detected it now because it was updated.

What problems do you still have left?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Atticus Finch

Atticus Finch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 09 August 2010 - 09:27 AM

thanks Elise. I had regularly updated Malwarebytes, so I'm surprised that it didn't catch this before.

I still get the rundll error at every start up.

rundll error I keep getting says:

"Error loading C:\WINDOWS\irokasegadav.dll
the specific module could not be found."

I also get a blue screen 99% of the time I reboot or attempt to turn the computer off.
Get a message like: "multiple tpd requests" or something like that.

Also, Ad-Aware is finally working in the Ad-Watch Live mode and is blocking the google redirects:

"Ad-Watch Live! has blocked firefox.exe from connecting to a malicious website on the internet."

The pop-up provided an IP address and port number (80), but it disappeared before I could type the IP address.

Edited by Atticus Finch, 09 August 2010 - 09:45 AM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,110 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:35 PM

Posted 09 August 2010 - 09:43 AM

While we could get easily get rid of this startup error with a script, I don't like what you mention about shut down. So I want to see a rootkit scan as well here. If it shows anything, I will move this topic to the malware removal section so we can have a deeper look.

GMER
-------
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Atticus Finch

Atticus Finch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 10 August 2010 - 12:22 AM

Thanks Elise. GMER kept freezing up during the scan, so I had to run it in safe mode.
Here's the log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-10 01:08:52
Windows 5.1.2600 Service Pack 3
Running: c4o7gcg9.exe; Driver: C:\DOCUME~1\MARCOS~1.CIS\LOCALS~1\Temp\uflcikow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF785387E]
SSDT sptd.sys ZwEnumerateKey [0xF76F6D48]
SSDT sptd.sys ZwEnumerateValueKey [0xF76F70C0]
SSDT sptd.sys ZwOpenKey [0xF76F6AE2]
SSDT sptd.sys ZwQueryKey [0xF76F718A]
SSDT sptd.sys ZwQueryValueKey [0xF76F7022]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7853BFE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD3245.SYS The process cannot access the file because it is being used by another process.
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F73134D0 16 Bytes [55, 3E, 14, 12, 09, FD, 8A, ...]
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F73134E1 31 Bytes [20, 31, F7, 19, 47, 3D, 0D, ...]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys The process cannot access the file because it is being used by another process.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F76FFF52] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7716658] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F7700550] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F7700454] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F7700620] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F7700620] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F7700550] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F7700454] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7715F6C] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F770010E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F7715BB0] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F76FFFA6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F76F2A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F76F2B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F76F2AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F76F36CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F76F35A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F771679E] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F77051BA] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F7715BB0] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7715BBC] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F771679E] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 873D2A40

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\dmio \Device\DmControl\DmIoDaemon 87384590
Device \Driver\dmio \Device\DmControl\DmConfig 87384590
Device \Driver\dmio \Device\DmControl\DmPnP 87384590
Device \Driver\dmio \Device\DmControl\DmInfo 87384590
Device \Driver\Ftdisk \Device\HarddiskVolume1 873847C8
Device \Driver\Ftdisk \Device\HarddiskVolume2 873847C8
Device \Driver\Cdrom \Device\CdRom0 873D2EB0
Device \Driver\Cdrom \Device\CdRom1 873D2EB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7646B40] atapi.sys[unknown section] {MOV EAX, 0x873d2008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7707684; RET }
Device \Driver\atapi \Device\Ide\IdePort0 [F7646B40] atapi.sys[unknown section] {MOV EAX, 0x873d2008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7707684; RET }
Device \Driver\atapi \Device\Ide\IdePort1 [F7646B40] atapi.sys[unknown section] {MOV EAX, 0x873d2008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7707684; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7646B40] atapi.sys[unknown section] {MOV EAX, 0x873d2008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7707684; RET }
Device \Driver\00000508 \Device\00000066 sptd.sys
Device \Driver\00000508 \Device\00000066 sptd.sys
Device \Driver\Disk \Device\Harddisk0\DR0 873D2C78
Device \FileSystem\Npfs \Device\NamedPipe 870F9CF0
Device \Driver\Ftdisk \Device\FtControl 873847C8
Device \FileSystem\Msfs \Device\Mailslot 873380E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 873DFEB0
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 873DFEB0
Device \FileSystem\Fastfat \Fat 870AEEB0
Device \FileSystem\Fastfat \Fat F64C6297

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 870AEB30

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016415c0d12
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -1828756750
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -940204620
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 488889955
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF6 0x05 0x94 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1C 0x09 0xFD 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x05 0xEF 0xC0 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF6 0x05 0x94 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1C 0x09 0xFD 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x05 0xEF 0xC0 0xA2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016415c0d12 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF6 0x05 0x94 0x07 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1C 0x09 0xFD 0x62 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x05 0xEF 0xC0 0xA2 ...

---- EOF - GMER 1.0.15 ----


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,110 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:35 PM

Posted 10 August 2010 - 03:11 AM

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Atticus Finch

Atticus Finch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 10 August 2010 - 12:13 PM

Thanks again Elise.
Here's the log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 156):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A91000 \WINDOWS\system32\KDCOM.DLL
0xF79A1000 \WINDOWS\system32\BOOTVID.dll
0xF73BF000 sptd.sys
0xF7A93000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF73A7000 \WINDOWS\System32\Drivers\SPTD3245.SYS
0xF7379000 ACPI.sys
0xF7368000 pci.sys
0xF7591000 isapnp.sys
0xF75A1000 ohci1394.sys
0xF75B1000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF79A5000 compbatt.sys
0xF79A9000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B59000 pciide.sys
0xF7811000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75C1000 MountMgr.sys
0xF7349000 ftdisk.sys
0xF7A95000 dmload.sys
0xF7323000 dmio.sys
0xF7819000 PartMgr.sys
0xF75D1000 VolSnap.sys
0xF730B000 atapi.sys
0xF7821000 cercsr6.sys
0xF72F3000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF75E1000 disk.sys
0xF75F1000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72D3000 fltmgr.sys
0xF72C1000 sr.sys
0xF7601000 Lbd.sys
0xF7611000 PxHelp20.sys
0xF72A8000 TPkd.sys
0xF7291000 KSecDD.sys
0xF7204000 Ntfs.sys
0xF71D7000 NDIS.sys
0xF7621000 sbp2port.sys
0xF71BD000 Mup.sys
0xF7781000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7179000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6603000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF65EF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF65C7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7901000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF65A3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7909000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7791000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF658F000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7919000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF77A1000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF6543000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF77B1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF6514000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AB5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7939000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7941000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77C1000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77D1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77E1000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF64F1000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7959000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF64A7000 \SystemRoot\System32\Drivers\vaxscsi.sys
0xF77F1000 \SystemRoot\System32\Drivers\tosrfcom.sys
0xF7C97000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7801000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7134000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6490000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7641000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6811000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7989000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF647F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6801000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7999000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7849000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF644F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF67F1000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7ABB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF63C9000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A6D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF67E1000 \SystemRoot\system32\DRIVERS\cledx.sys
0xF63AC000 \SystemRoot\System32\Drivers\windrvr.sys
0xF67D1000 \SystemRoot\system32\DRIVERS\tosporte.sys
0xF67C1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE246000 \SystemRoot\system32\drivers\sthda.sys
0xEE222000 \SystemRoot\system32\drivers\portcls.sys
0xF6791000 \SystemRoot\system32\drivers\drmk.sys
0xEE0CE000 \SystemRoot\system32\drivers\monfilt.sys
0xEE09C000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xEDF9F000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xEDEEF000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7899000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6781000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AD7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B87000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ADB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78E1000 \SystemRoot\System32\drivers\vga.sys
0xF7ADF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AE3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78F1000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7911000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6447000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDDF4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEDD9B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7651000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xEDD75000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEDD3B000 \SystemRoot\System32\Drivers\avgtdix.sys
0xEDD13000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEDCD3000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xEDCB6000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
0xF642B000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEDC94000 \SystemRoot\System32\drivers\afd.sys
0xF7661000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDC72000 \??\C:\Program Files\SuperAntiSpyware\SASKUTIL.sys
0xF7951000 \??\C:\Program Files\SuperAntiSpyware\SASDIFSV.SYS
0xEDC47000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEE36C000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xEDBAF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7681000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7969000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xEDB7B000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF76A1000 \SystemRoot\System32\Drivers\tosrfusb.sys
0xF76B1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEDB54000 \SystemRoot\System32\Drivers\aswSP.SYS
0xEDE27000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF7851000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF76E1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDB3C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B21000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEE388000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7881000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BE1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF093000 \SystemRoot\System32\atikvmag.dll
0xBF0C9000 \SystemRoot\System32\ati3duag.dll
0xBF34D000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEBA58000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF78D1000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xEB9F8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEB9E4000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xEB3CD000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xEB170000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEB0F7000 \SystemRoot\system32\drivers\wdmaud.sys
0xEB2DD000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA6EB000 \SystemRoot\system32\drivers\ctusfsyn.sys
0xBA6BB000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
0xBA695000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
0xBA304000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA5B5000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBA195000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7971000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB93E6000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xB9886000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 84):
0 System Idle Process
4 System
672 C:\WINDOWS\system32\smss.exe
728 csrss.exe
756 C:\WINDOWS\system32\winlogon.exe
804 C:\WINDOWS\system32\services.exe
816 C:\WINDOWS\system32\lsass.exe
992 C:\WINDOWS\system32\ati2evxx.exe
1012 C:\WINDOWS\system32\svchost.exe
1084 svchost.exe
1152 C:\WINDOWS\system32\svchost.exe
1252 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1296 svchost.exe
1344 C:\Program Files\AVG\AVG9\avgchsvx.exe
1352 C:\Program Files\AVG\AVG9\avgrsx.exe
1392 svchost.exe
1468 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1680 C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
1788 C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
1916 C:\WINDOWS\system32\ati2evxx.exe
2036 C:\WINDOWS\explorer.exe
456 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1180 C:\WINDOWS\system32\LEXBCES.EXE
1236 C:\WINDOWS\system32\spoolsv.exe
1212 C:\WINDOWS\system32\LEXPPS.EXE
1712 svchost.exe
1896 C:\WINDOWS\system32\svchost.exe
2060 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2080 C:\WINDOWS\system32\astsrv.exe
2092 C:\Program Files\AVG\AVG9\avgwdsvc.exe
2144 C:\Program Files\Bonjour\mDNSResponder.exe
2176 svchost.exe
2208 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
2276 C:\WINDOWS\system32\CTSVCCDA.EXE
2304 C:\WINDOWS\ehome\ehrecvr.exe
2328 C:\WINDOWS\ehome\ehSched.exe
2384 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2488 C:\Program Files\AVG\AVG9\avgnsx.exe
2816 C:\Program Files\Java\jre6\bin\jqs.exe
2860 C:\WINDOWS\system32\svchost.exe
2960 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
3064 C:\WINDOWS\system32\svchost.exe
3084 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
3108 C:\Program Files\CyberLink\Shared files\RichVideo.exe
3188 svchost.exe
3236 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
3264 C:\WINDOWS\system32\svchost.exe
3328 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
3452 mcrdsvc.exe
3868 C:\WINDOWS\system32\dllhost.exe
3884 wmiprvse.exe
3980 alg.exe
2668 C:\WINDOWS\system32\rundll32.exe
2736 C:\WINDOWS\ehome\ehtray.exe
2800 C:\WINDOWS\ehome\ehmsas.exe
2868 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2904 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2916 C:\Program Files\Dell\Media Experience\PCMService.exe
1736 C:\WINDOWS\system32\rundll32.exe
3476 C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
3740 C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
3748 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
3332 C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
3876 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3584 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
2992 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2200 C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
1172 C:\DOCUME~1\MARCOS~1.CIS\LOCALS~1\Temp\clclean.0001
2984 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2292 C:\Program Files\QuickTime\QTTask.exe
3364 C:\Program Files\iTunes\iTunesHelper.exe
2404 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
4208 C:\Program Files\SuperAntiSpyware\SUPERANTISPYWARE.EXE
4228 C:\WINDOWS\system32\ctfmon.exe
4436 C:\Program Files\iPod\bin\iPodService.exe
5072 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
5080 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
5096 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
5260 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
5268 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
5284 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
6112 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
4948 C:\Program Files\Mozilla Firefox\firefox.exe
5920 C:\Documents and Settings\Marcos A. Cisneros\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS721080G9SA00, Rev: MC4OC10H

Size Device Name MBR Status
--------------------------------------------
73 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,110 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:35 PM

Posted 10 August 2010 - 12:20 PM

That all looks okay, which means I need to see some logs to see whats wrong. I will move this topic to a more appropriate forum.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:35 AM

Posted 10 August 2010 - 06:42 PM

I'm moving this topic to the log forum for you. ~ OB


Thank you, my connection dropped while moving, so it must have slipped by. ~ Elise

Edited by elise025, 11 August 2010 - 03:25 AM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#15 Atticus Finch

Atticus Finch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 11 August 2010 - 10:50 AM

Thanks guys. Here are the two logs:

OTL logfile created on: 8/10/2010 11:05:25 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Marcos A. Cisneros\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 381.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.07 Gb Total Space | 2.69 Gb Free Space | 3.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOTHERSHIP
Current User Name: Marcos A. Cisneros
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/10 23:03:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\OTL.exe
PRC - [2010/08/10 01:14:37 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Marcos A. Cisneros\Local Settings\Temp\clclean.0001
PRC - [2010/07/29 11:30:40 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/16 14:13:45 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 14:13:40 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 14:13:40 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 14:13:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 14:13:19 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 14:13:16 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/04 00:27:25 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SuperAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/04/01 15:14:18 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\astsrv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/11 04:59:40 | 000,307,200 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2007/09/19 05:33:46 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 17:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 17:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 17:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 17:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 17:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/05/24 16:39:40 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/12/03 02:23:08 | 000,217,088 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2005/11/18 17:46:00 | 001,724,416 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2005/10/31 10:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/08/17 09:59:34 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2005/08/16 22:11:28 | 000,065,536 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005/04/01 21:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2004/12/22 17:45:42 | 000,235,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2004/12/22 17:45:22 | 000,255,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2003/09/21 11:48:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
PRC - [2003/09/21 11:21:16 | 000,270,336 | ---- | M] () -- C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe


========== Modules (SafeList) ==========

MOD - [2010/08/10 23:03:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Spskd0n)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2010/07/16 14:13:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/12 04:55:38 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/07/01 20:02:22 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/02 14:34:53 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/01 15:14:18 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\astsrv.exe -- (astcc)
SRV - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 17:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 17:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/05/24 16:39:40 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/08/30 17:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)
SRV - [2005/04/01 21:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2005/01/21 22:32:12 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/12/22 17:45:42 | 000,235,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/12/22 17:45:30 | 000,087,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/12/22 17:45:22 | 000,255,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/06/24 18:23:10 | 000,066,784 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT)
DRV - [2010/07/16 14:13:43 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 14:13:20 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/16 15:17:18 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SuperAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/04 09:15:02 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/31 12:54:03 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SuperAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/31 12:54:03 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SuperAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/04 20:39:45 | 000,054,520 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2007/08/08 09:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/13 11:54:38 | 000,078,648 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2006/12/02 18:24:24 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2006/10/25 15:47:24 | 000,176,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061025.029\SymIDSco.sys -- (SYMIDSCO)
DRV - [2006/09/25 23:44:29 | 000,643,072 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/09/02 23:12:48 | 000,022,304 | ---- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbkt1x1.sys -- (USBKT1X1)
DRV - [2006/09/02 23:12:48 | 000,013,504 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - [2006/07/27 04:00:00 | 000,828,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060727.049\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/07/27 04:00:00 | 000,079,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060727.049\NAVENG.SYS -- (NAVENG)
DRV - [2006/06/13 13:29:28 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/13 12:22:58 | 000,111,232 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2006/06/09 22:40:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/05/29 14:11:20 | 000,060,672 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2006/03/16 11:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 11:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/03/08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/02/28 22:57:10 | 001,506,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/31 14:35:34 | 000,123,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/12/05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/10/03 12:57:00 | 000,086,867 | R--- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 11:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/01 17:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/07/14 18:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 17:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/07/11 19:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2005/05/25 18:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/01/21 22:31:50 | 000,267,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/01/21 22:31:48 | 000,026,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/01/21 22:31:46 | 000,035,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/01/21 22:31:44 | 000,172,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/01/21 22:31:44 | 000,046,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/01/21 22:31:40 | 000,011,544 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2005/01/10 19:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 19:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/06 14:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/03/23 22:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2002/12/09 13:28:28 | 000,215,640 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr.sys -- (WinDriver)
DRV - [2002/05/08 16:28:36 | 000,034,260 | R--- | M] (Clavia DMI AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\electro.sys -- (ELECTRO)
DRV - [2002/03/08 21:28:54 | 000,165,512 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MotuFWA.sys -- (MotuFWA)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/01/08 09:53:24 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-436374069-1965331169-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-436374069-1965331169-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-436374069-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436374069-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-436374069-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {9B3870F8-04EA-40BB-91DE-FFF36F5138B6}:1.9.1
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 09:29:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9B3870F8-04EA-40BB-91DE-FFF36F5138B6}: C:\Documents and Settings\Marcos A. Cisneros\Local Settings\Application Data\{9B3870F8-04EA-40BB-91DE-FFF36F5138B6} [2010/06/20 12:53:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/29 11:30:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/29 11:30:57 | 000,000,000 | ---D | M]

[2009/08/11 22:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcos A. Cisneros\Application Data\Mozilla\Extensions
[2009/08/11 22:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcos A. Cisneros\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/08/10 12:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcos A. Cisneros\Application Data\Mozilla\Firefox\Profiles\2xif85os.default\extensions
[2010/06/03 21:17:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marcos A. Cisneros\Application Data\Mozilla\Firefox\Profiles\2xif85os.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/10 12:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/29 13:14:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/29 13:14:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/02/26 00:25:46 | 000,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll

O1 HOSTS File: ([2006/12/02 18:25:19 | 000,000,852 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-436374069-1965331169-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-436374069-1965331169-725345543-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-436374069-1965331169-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-436374069-1965331169-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell AIO Printer A960] C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe ()
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Wjata] C:\WINDOWS\irokasegadav.DLL File not found
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-21-436374069-1965331169-725345543-1003..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-21-436374069-1965331169-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SuperAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-436374069-1965331169-725345543-1003..\Run: [SystemExplorer] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-1965331169-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Symantec SmartIssue)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {5A99FD4F-BE4A-4FBF-8ABF-FEE1793EF79C} http://24.199.232.238/WebLoaderPro.cab (ActiveFormX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SuperAntiSpyware\SASWINLO.DLL - C:\Program Files\SuperAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Marcos A. Cisneros\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcos A. Cisneros\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SuperAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/16 17:20:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/10 23:03:48 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\OTL.exe
[2010/08/08 21:10:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/08 21:10:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/08 21:09:07 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\mbam-setup-1.46.exe
[2010/08/08 14:14:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/08/08 14:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\tdsskiller
[2010/08/02 15:13:29 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/02 15:13:22 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/02 14:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcos A. Cisneros\Local Settings\Application Data\Sunbelt Software
[2010/08/02 14:01:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/02 13:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/08/02 13:04:34 | 128,750,008 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\Ad-AwareInstall.exe
[2010/07/16 14:13:40 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/14 01:02:45 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2003/09/21 11:40:48 | 000,069,632 | ---- | C] ( ) -- C:\WINDOWS\System32\DLBFCU.DLL
[2003/09/21 11:22:52 | 000,352,256 | ---- | C] ( ) -- C:\WINDOWS\System32\DLBFUTIL.DLL
[2003/09/21 11:20:50 | 000,086,016 | ---- | C] ( ) -- C:\WINDOWS\System32\DLBFCUR.DLL
[2003/09/21 11:18:58 | 000,479,232 | ---- | C] ( ) -- C:\WINDOWS\System32\DLBFJSWR.DLL
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/10 23:04:56 | 011,534,336 | -H-- | M] () -- C:\Documents and Settings\Marcos A. Cisneros\NTUSER.DAT
[2010/08/10 23:03:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\OTL.exe
[2010/08/10 22:43:08 | 063,240,935 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/10 13:10:47 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\MBRCheck.exe
[2010/08/10 02:22:58 | 000,137,642 | ---- | M] () -- C:\logfile
[2010/08/10 02:03:31 | 001,498,112 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/08/10 02:03:30 | 002,644,992 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/08/10 01:12:52 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/10 01:12:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/10 01:12:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/10 01:12:23 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/09 11:51:50 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\c4o7gcg9.exe
[2010/08/08 23:56:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Marcos A. Cisneros\ntuser.ini
[2010/08/08 21:10:11 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/08 21:09:08 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\mbam-setup-1.46.exe
[2010/08/08 14:13:24 | 000,051,211 | ---- | M] () -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\scan results TDSSKiller.jpg
[2010/08/08 14:08:13 | 001,130,629 | ---- | M] () -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\tdsskiller.zip
[2010/08/08 13:30:14 | 000,010,230 | ---- | M] () -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\rundll error screenshot.jpg
[2010/08/07 07:11:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 20:00:00 | 000,000,574 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2010/08/05 02:14:49 | 000,048,792 | ---- | M] () -- C:\WINDOWS\System32\synsopos.soj
[2010/08/05 02:05:59 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/08/05 02:05:59 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/08/05 02:05:22 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2010/08/05 02:05:21 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2010/08/05 02:05:21 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2010/08/05 02:05:21 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2010/08/05 02:05:21 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2010/08/05 02:05:21 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2010/08/05 02:05:21 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2010/08/05 02:05:21 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2010/08/05 02:05:21 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2010/08/05 02:05:21 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2010/08/05 02:05:21 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2010/08/02 15:13:22 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/02 14:01:15 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Marcos A. Cisneros\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/02 14:01:15 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/02 13:06:07 | 128,750,008 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\Ad-AwareInstall.exe
[2010/07/28 20:00:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/16 14:13:43 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/16 14:13:40 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 14:13:20 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/14 03:23:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/12 04:55:38 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/10 13:11:10 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\MBRCheck.exe
[2010/08/10 01:12:22 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/09 11:51:53 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\c4o7gcg9.exe
[2010/08/08 21:10:11 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/08 14:13:23 | 000,051,211 | ---- | C] () -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\scan results TDSSKiller.jpg
[2010/08/08 14:08:16 | 001,130,629 | ---- | C] () -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\tdsskiller.zip
[2010/08/08 13:30:13 | 000,010,230 | ---- | C] () -- C:\Documents and Settings\Marcos A. Cisneros\Desktop\rundll error screenshot.jpg
[2010/08/02 19:56:11 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/02 15:19:29 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/02 14:01:15 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Marcos A. Cisneros\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/02 14:01:15 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/14 03:23:34 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/07 00:55:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2010/01/06 13:57:02 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2008/11/15 17:21:50 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/09/05 18:19:15 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/09/05 18:19:15 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2008/09/05 18:19:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/09/05 18:19:15 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/04/28 13:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/03/22 11:37:29 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008/01/12 13:53:21 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/02/15 22:55:26 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2007/02/15 22:55:26 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2006/09/26 00:01:52 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2006/09/25 23:44:29 | 000,643,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/09/25 23:44:29 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3245.sys
[2006/09/07 16:23:59 | 000,002,784 | ---- | C] () -- C:\WINDOWS\Notion.INI
[2006/09/02 13:26:41 | 000,000,770 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/09/02 13:25:23 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbfcoin.ini
[2006/08/10 16:59:21 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2006/08/10 16:59:12 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2006/08/01 18:31:00 | 000,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2006/07/31 15:59:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/05 01:26:57 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2006/05/30 17:55:53 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/05/24 17:01:21 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/05/17 20:33:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/01/22 01:54:37 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2006/01/22 01:54:37 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2006/01/04 15:17:14 | 001,355,181 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2005/10/14 05:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 05:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 05:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 05:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 05:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 05:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 05:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/09/01 21:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/31 11:51:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\VBUTILLight.dll
[2005/07/31 11:51:32 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll
[2005/07/31 11:51:31 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/05/29 19:51:24 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\Kernelh2.dll
[2005/05/29 14:41:43 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2004/12/28 17:47:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\AURTDIONOCVE.DLL
[2004/11/12 13:29:18 | 000,263,365 | ---- | C] () -- C:\WINDOWS\System32\drivers\hypkern.sys
[2004/10/26 18:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/10/12 01:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 01:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 01:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 01:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 03:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/02/10 16:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/09/20 03:32:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dlbfcinf.dll
[2003/09/20 03:32:34 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbfscin.dll
[2003/09/20 03:32:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dlbfcoin.dll
[2003/08/29 14:00:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\DLBFLCNP.DLL
[2003/07/15 14:56:58 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\synsopos.ini
[2002/11/13 16:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbfvs.dll
[2002/08/07 17:54:06 | 000,004,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\Wbutton.sys
[2002/08/07 17:54:06 | 000,002,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2002/06/07 16:12:52 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2001/01/08 09:53:24 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 941 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:SGGowbg2odGjYbSoBe7PFM
@Alternate Data Stream - 832 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:kNeVkhB0CDZQOo6Cg9ib3bPH2gZ
@Alternate Data Stream - 759 bytes -> C:\Documents and Settings\Marcos A. Cisneros\Local Settings\Application Data\UvzRNoT7XDGzWFS:RrmDDEj7rBRfDIbCNorPTJKQ
@Alternate Data Stream - 1179 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:UwAZfLqOL8uBA3LaM9ZRQSpJ
@Alternate Data Stream - 1149 bytes -> C:\Program Files\WindowsUpdate:1klz1aa6o4HKjRo1rPdf7TH
< End of report >











OTL Extras logfile created on: 8/10/2010 11:05:25 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Marcos A. Cisneros\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 381.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.07 Gb Total Space | 2.69 Gb Free Space | 3.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOTHERSHIP
Current User Name: Marcos A. Cisneros
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Eisenworld\Alohabob\AlohaBob.exe" = C:\Program Files\Eisenworld\Alohabob\AlohaBob.exe:*:Disabled:Alohabob PC Relocator -- (Eisenworld)
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Disabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Disabled:avgcc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Disabled:avgemc.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Disabled:avginet.exe -- File not found
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Disabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Disabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Disabled:avgupd.exe -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- ()
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Disabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Disabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Disabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\SuperAntiSpyware\SUPERANTISPYWARE.EXE" = C:\Program Files\SuperAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware Free Edition -- (SUPERAntiSpyware.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EF3183E-A492-4C77-B3AE-FF5BD02F7B0F}" = InterLok Driver Kit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2CA032FD-09D9-4B52-BA1D-4932216885FE}" = InterLok Driver Kit
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{40261D0A-A385-4C1A-A7DE-5F270D9B1033}" = Nero 7 Ultra Edition
"{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}" = StuffIt Standard
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{457B00DC-314C-48E8-870E-BE04B2DCC1E9}" = Dolet Light for Finale
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}" = Virtual Sound Canvas DXi
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5201A854-5EC2-4B23-BB01-941ADDCF1DDE}" = CSR Hall
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6014A70F-D391-405E-A4C6-7BDE54250719}" = SnagIt 7
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7169B8E4-2632-46B1-AA5F-167CB5FE5029}" = Symantec Network Drivers Update
"{7297C0B6-0C79-48DB-B7F9-BF40538F418D}" = MuseBook Metronome 1.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8689A5F3-BEEC-407D-A6EB-B79F636229A3}" = Media Center Alarm Clock
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A15B3CF2-7FB7-4102-BBC9-9680B7F0825F}" = InterLok Driver Kit
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus
"{C77A6D12-C609-4C03-B86B-30405180B513}" = ATI Catalyst Control Center
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.2.0
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D6414CC7-F215-467F-88B1-546ED863F35B}" = CC_ccStart
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D7DE2E7F-9927-491C-AFEE-CA4AB9EB4E63}" = Alohabob PC Relocator Ultra Control
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1608947-B8A4-4D65-A7B8-8B1D669C0E2C}" = SnagIt 7
"{F1E29B0E-94A4-4304-B993-4829FC2ED56C}" = Clean Access Agent
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6F272EF-6239-45A6-B9DC-D2C11CFF73C5}" = Dolet Light for Finale 2005
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FEA0CE81-7FC7-AAAE-FC8C-241A5F8684F0}" = Supercast
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"3635FC5A3FE7DACCEF2123BDBDA808BA811B977B" = Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
"452416B030C25BAA383F3DA368FECD5D48FAE727" = Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Akamai" = Akamai NetSession Interface
"All ATI Software" = ATI - Software Uninstall Utility
"Arturia.Minimoog.V.v1.5-DAC" = Arturia.Minimoog.V.v1.5-DAC
"ATI Display Driver" = ATI Display Driver
"AudioConvert" = AudioConvert
"avast5" = avast! Free Antivirus
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"BB_is1" = Band-in-a-Box 2006
"BitTorrent" = BitTorrent 4.20.8
"CCleaner" = CCleaner
"Click'N Design 3D" = Click'N Design 3D
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1" = Supercast
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Cubase SX" = Steinberg Cubase SX
"D'Accord iChords 2.0_is1" = D'Accord iChords 2.0
"Dell AIO Printer A960" = Dell AIO Printer A960
"Dell Photo Printer 720" = Dell Photo Printer 720
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESPNMotion" = ESPNMotion
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7" = Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"Finale 2003" = Finale 2003
"Finale 2005" = Finale 2005
"Finale Performance Assessment" = Finale Performance Assessment
"Inet Clipboard" = Inet Clipboard 2.2.0
"InstallShield_{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}" = StuffIt Standard
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{D7DE2E7F-9927-491C-AFEE-CA4AB9EB4E63}" = Alohabob PC Relocator Ultra Control
"KeyStation1x1" = USB Keyboard Device 1.0.1.0
"LiveReg" = LiveReg (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Elektrik Piano" = Native Instruments Elektrik Piano
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"Nord Electro Tool v3.00" = Nord Electro Tool v3.00
"Notion" = NOTION
"Ohmforce Predatohm VST PRO v1.24" = Ohmforce Predatohm VST PRO v1.24
"OrangeVocoder v2.0-OxYGeN" = OrangeVocoder v2.0-OxYGeN
"Orbit_is1" = Orbit Downloader
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1
"PrimoPDF4.1.0.9" = PrimoPDF
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"Reason_is1" = Reason 3.0
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Songbird-release-1146" = Songbird 1.2.0 (Build 1146)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Steinberg Cubase SX 1.01" = Steinberg Cubase SX 1.01
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Explorer_is1" = System Explorer 2.2.2
"TagScanner_is1" = TagScanner 5.0 build 530
"Timeworks EQ | CompressorX For SONAR XL 2" = Timeworks EQ | CompressorX For SONAR XL 2
"Transcribe!_is1" = Transcribe! 7.30
"URS Classic Console EQ Bundle VST Native1.0" = URS Classic Console EQ Bundle VST Native
"Videora iPod classic Converter" = Videora iPod classic Converter 5.04
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter 7.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinUtilities" = WinUtilities 6.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"YouTube Downloader App" = YouTube Downloader App 2.03
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-436374069-1965331169-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Smilebox" = Hallmark Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2010 11:07:42 AM | Computer Name = MOTHERSHIP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/31/2010 11:07:42 AM | Computer Name = MOTHERSHIP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15750

Error - 7/31/2010 11:07:42 AM | Computer Name = MOTHERSHIP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15750

Error - 8/2/2010 2:43:50 PM | Computer Name = MOTHERSHIP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/4/2010 11:51:44 PM | Computer Name = MOTHERSHIP | Source = Application Hang | ID = 1002
Description = Hanging application Nuendo3.exe, version 3.2.0.1128, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2010 11:55:13 PM | Computer Name = MOTHERSHIP | Source = Application Hang | ID = 1002
Description = Hanging application Nuendo3.exe, version 3.2.0.1128, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/5/2010 1:07:43 AM | Computer Name = MOTHERSHIP | Source = Application Hang | ID = 1002
Description = Hanging application Nuendo3.exe, version 3.2.0.1128, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2010 9:36:37 PM | Computer Name = MOTHERSHIP | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6535.5005, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2010 9:36:38 PM | Computer Name = MOTHERSHIP | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6535.5005, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2010 9:38:02 PM | Computer Name = MOTHERSHIP | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6535.5005, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/10/2010 6:39:29 PM | Computer Name = MOTHERSHIP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.3 on
the Network Card with network address 0013025B3B8D.

Error - 8/10/2010 7:00:24 PM | Computer Name = MOTHERSHIP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.3 on
the Network Card with network address 0013025B3B8D.

Error - 8/10/2010 7:16:09 PM | Computer Name = MOTHERSHIP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.3 on
the Network Card with network address 0013025B3B8D.

Error - 8/10/2010 8:13:39 PM | Computer Name = MOTHERSHIP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.3 on
the Network Card with network address 0013025B3B8D.

Error - 8/10/2010 8:18:49 PM | Computer Name = MOTHERSHIP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.3 on
the Network Card with network address 0013025B3B8D.

Error - 8/10/2010 8:34:34 PM | Computer Name = MOTHERSHIP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.3 on
the Network Card with network address 0013025B3B8D.

Error - 8/10/2010 8:39:44 PM | Computer Name = MOTHERSHIP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.3 on
the Network Card with network address 0013025B3B8D.

Error - 8/10/2010 8:50:14 PM | Computer Name = MOTHERSHIP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.3 on
the Network Card with network address 0013025B3B8D.

Error - 8/10/2010 9:32:04 PM | Computer Name = MOTHERSHIP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.3 on
the Network Card with network address 0013025B3B8D.

Error - 8/10/2010 10:24:19 PM | Computer Name = MOTHERSHIP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.3 on
the Network Card with network address 0013025B3B8D.


< End of report >










0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users