Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have a rootkit and google redirect issue I cant fix


  • This topic is locked This topic is locked
36 replies to this topic

#1 ihopesomeonecanhelp

ihopesomeonecanhelp

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 17 August 2010 - 03:58 PM

I have spent nearly a week now using every anti virus, malware, and rootkit program I can find, and even after correcting everything found, I am still infected. I have easily spent 40 hours on this so far. I need expert help for sure. I am on a Dell Latitude 610 and windows xp profesiional sp2 with all updates current.

The problems are:
1. Very slow computer, hard drive is constantly reading and writing. What its doing, I dont know. Watching the processes in task manager have not clarified that much. The computer runs incredibly slow!

2. My Ad Aware active protection keeps blocking my computers attempts to connect to a couple malicious websites. I looked up the few urls and they are malicious and not normal web sites. The program shown as trying to connect was originally a hidden program I found and deleted with sophos anti-rootkit. Now the programs showing as trying to connect are usually svchost or iexplore. Multiple copies of svchost.exe are running and part of the issue I think.

3. I get pop ups for zinga, shopping websites and search engines I did not ask for. I think is called the google redirect issue, when I am using Internet explorer 8.

4. The hosts file was checked and only has localhost in it and the listings added by spybot search and destroy. That file keeps adding www.007guard.com and the large spybot list, even though I deleted Spybot via uninstall.

5. I delete all hidden files found by sophos antirootkit many times, only to restart and find four new hidden temporary internet files made again. An Sophos error message in the scan report says that I do not have access to my full registry, HKEY_LOCAL_MACHINE and also finds a hidden entry labeled HKEY_LOCAL_MACHINE\SAM that cannot be removed.

5. Malwarebytes, Superantispyware, AVAST, ESET Online Scan, Ad-AWARE, Spybot Search and Destroy and a host of other online scanners and downloaded anti virus, rootkit, and malware programs have failed to fix this infection. I do not want to reinstall the Operating System if I can otherwise resolve this.

I need some expert help!

Thanks!

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:46 AM

Posted 25 August 2010 - 05:05 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 ihopesomeonecanhelp

ihopesomeonecanhelp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 25 August 2010 - 09:56 AM

Here are the requested logs. I have the same issues as originally described. Thank you for your help.
OTListIt.txt
OTL logfile created on: 8/25/2010 9:58:03 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Chip\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 204.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 35.93 Gb Free Space | 64.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHIPSLAPTOP
Current User Name: Chip
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/25 09:46:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chip\Desktop\OTL.exe
PRC - [2010/07/19 13:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/04 12:58:06 | 000,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2004/01/13 18:15:20 | 000,376,832 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2004/01/13 18:08:52 | 000,184,320 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe
PRC - [2004/01/13 18:08:12 | 000,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2004/01/13 18:07:04 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2003/12/19 15:49:28 | 000,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
PRC - [1998/06/30 10:50:30 | 000,625,664 | ---- | M] () -- C:\Program Files\Parsons Technology\Screen Shot\Sshot.exe


========== Modules (SafeList) ==========

MOD - [2010/08/25 09:46:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chip\Desktop\OTL.exe
MOD - [2008/07/04 12:58:18 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/12 12:08:59 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/01/13 18:08:12 | 000,311,363 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/01/13 18:07:04 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\A.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - [2010/08/12 12:09:09 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/29 19:09:05 | 000,013,696 | ---- | M] (Skyhook Wireless) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wpsnuio.sys -- (Wpsnuio)
DRV - [2008/08/30 13:34:15 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/07/11 18:35:49 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2008/04/24 08:56:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/03/28 12:59:02 | 000,134,560 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SerEmulVsp.sys -- (SerEmulVsp)
DRV - [2006/05/10 18:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/12/06 18:12:18 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/06/17 18:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/04 01:26:16 | 000,080,384 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2004/01/14 08:58:26 | 001,648,640 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel®
DRV - [2003/09/15 13:20:18 | 000,011,258 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-73586283-1637723038-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-73586283-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/12 04:23:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/01/31 10:54:03 | 000,291,996 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10056 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-73586283-1637723038-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Chip\Start Menu\Programs\Startup\Screen Shot.lnk = C:\Program Files\Parsons Technology\Screen Shot\Sshot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-1637723038-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Chip\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1215799674984 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1220573397218 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F1EA17CB-F7BD-4108-A742-1BC7774383FF} https://secure.accurint.com/bps/298.1/cab/GraphViewCtl.cab (Seisint GraphView Control 1.0)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\Sebring: DllName - c:\WINDOWS\system32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/20 17:47:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/25 09:45:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chip\Desktop\OTL.exe
[2010/08/16 10:43:22 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2010/08/16 07:48:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chip\Desktop\TFC.exe
[2010/08/15 12:08:43 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/08/15 12:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/08/15 10:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chip\Application Data\SUPERAntiSpyware.com
[2010/08/15 10:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/15 10:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/12 09:58:25 | 000,000,000 | ---D | C] -- C:\download programs
[2010/08/11 13:15:14 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010/08/11 13:15:14 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2010/08/10 14:45:45 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/10 14:45:45 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/10 14:45:41 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/10 14:45:15 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/10 14:45:12 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/10 14:45:12 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/10 14:44:36 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/10 14:36:36 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/10 14:35:17 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/10 14:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/10 14:31:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/09 22:47:56 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/08/09 22:47:56 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/08/09 22:47:56 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/08/09 22:47:56 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010/08/09 22:47:56 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/08/09 22:47:56 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010/08/09 22:47:56 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010/08/09 22:47:56 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/08/09 22:47:56 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/08/09 22:47:56 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/08/09 22:47:56 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/08/09 22:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chip\Desktop\SmitfraudFix
[2010/08/09 17:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/09 17:01:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/09 17:01:23 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/09 17:01:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/09 17:01:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/09 16:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\EasyZip
[2010/08/05 22:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/07/31 02:16:21 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/31 02:16:01 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/31 00:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chip\Local Settings\Application Data\Sunbelt Software
[2010/07/31 00:32:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/07/31 00:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/07/30 19:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/30 19:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/27 10:46:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/27 10:46:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files - Modified Within 30 Days ==========

[2010/08/25 09:46:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chip\Desktop\OTL.exe
[2010/08/25 09:36:02 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D41A5AB5-A9DE-40E1-A578-66E9D3EE94A4}.job
[2010/08/25 09:32:07 | 000,000,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/08/25 09:31:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/25 09:30:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/25 09:29:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/21 11:47:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chip\ntuser.ini
[2010/08/17 23:40:45 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Chip\NTUSER.DAT
[2010/08/17 11:30:18 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Chip\Desktop\gmer.zip
[2010/08/17 11:23:01 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Chip\Desktop\dds.scr
[2010/08/17 11:19:03 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Chip\Desktop\Defogger.exe
[2010/08/17 10:33:54 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/17 10:20:42 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/16 13:34:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/16 13:24:04 | 000,493,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/16 13:24:04 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/16 13:24:04 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/16 07:48:42 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chip\Desktop\TFC.exe
[2010/08/16 01:40:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/15 22:43:08 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2010/08/15 10:29:54 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/12 09:59:35 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\Chip\Desktop\Sophos Anti-Rootkit.lnk
[2010/08/11 21:57:41 | 000,013,425 | ---- | M] () -- C:\WINDOWS\123r5.ini
[2010/08/10 14:46:43 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/10 14:45:13 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/09 23:04:04 | 000,002,232 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/08/09 22:53:46 | 000,000,108 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/08/09 16:42:15 | 000,001,462 | ---- | M] () -- C:\Documents and Settings\Chip\Desktop\EasyZip.lnk
[2010/07/31 02:16:01 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/31 00:32:14 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Chip\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/27 10:46:42 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/27 01:04:10 | 004,843,698 | -H-- | M] () -- C:\Documents and Settings\Chip\Local Settings\Application Data\IconCache.db

========== Files Created - No Company Name ==========

[2010/08/17 11:30:13 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Chip\Desktop\gmer.zip
[2010/08/17 11:22:52 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Chip\Desktop\dds.scr
[2010/08/17 11:18:58 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Chip\Desktop\Defogger.exe
[2010/08/15 22:43:07 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2010/08/15 11:44:53 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\Chip\Desktop\Sophos Anti-Rootkit.lnk
[2010/08/15 10:29:54 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/10 14:46:43 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/09 23:04:02 | 000,002,232 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/08/09 22:52:51 | 000,000,108 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/09 22:47:56 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/08/09 22:47:56 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/08/09 22:47:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/08/09 16:42:15 | 000,001,462 | ---- | C] () -- C:\Documents and Settings\Chip\Desktop\EasyZip.lnk
[2010/08/09 16:40:42 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll
[2010/08/09 16:40:42 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll
[2010/08/09 16:40:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[2010/08/01 03:01:50 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/31 08:58:29 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/31 00:32:14 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Chip\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/27 10:46:42 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/29 16:44:00 | 000,000,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/16 22:47:03 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/06/16 22:46:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/01/19 20:47:25 | 000,000,030 | ---- | C] () -- C:\WINDOWS\DeLGPS.ini
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/10/19 05:54:10 | 000,000,501 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2008/10/12 04:25:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/09/08 02:10:22 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Chip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/08 02:10:22 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/08 01:55:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/09/08 01:49:21 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Parsons.ini
[2008/09/08 01:46:56 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\POSP70US.DLL
[2008/09/08 01:46:55 | 000,425,472 | ---- | C] () -- C:\WINDOWS\System32\POSP7032.DLL
[2008/09/08 01:46:52 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\POOLE70.DLL
[2008/09/08 01:46:41 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2008/09/08 01:46:41 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2008/09/08 01:34:38 | 000,000,853 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2008/09/08 01:33:40 | 000,000,137 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2008/07/11 13:51:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/05/20 23:37:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2007/05/03 12:06:00 | 000,214,263 | ---- | C] () -- C:\WINDOWS\System32\drivers\TCPRASS3.SYS
[2007/03/28 12:59:02 | 000,134,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\SerEmulVsp.sys
[2003/04/17 15:35:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/04/17 15:35:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[1995/10/05 16:42:22 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1995/09/28 03:57:52 | 000,013,425 | ---- | C] () -- C:\WINDOWS\123r5.ini
[1995/04/24 20:45:24 | 000,000,628 | ---- | C] () -- C:\WINDOWS\odbc.ini
[1994/07/16 19:38:40 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\tvtalk.dll
[1994/05/23 13:09:26 | 000,000,478 | ---- | C] () -- C:\WINDOWS\lodbf04.ini
< End of report >

Extra.txt
OTL Extras logfile created on: 8/25/2010 9:58:03 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Chip\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 204.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 35.93 Gb Free Space | 64.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHIPSLAPTOP
Current User Name: Chip
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\microsoft frontpage\bin\fpexplor.exe" = C:\Program Files\microsoft frontpage\bin\fpexplor.exe:*:Enabled:Microsoft FrontPage Explorer -- (Microsoft Corporation)
"C:\FrontPage Webs\Server\vhttpd32.exe" = C:\FrontPage Webs\Server\vhttpd32.exe:*:Enabled:Microsoft FrontPage Personal Web Server -- (Microsoft Corporation)
"C:\Documents and Settings\Chip\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Chip\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{1AEA1334-4393-44E9-8FAC-75BEEC1AD75F}" = Volleyball Ace
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{23C7348E-131C-4BFF-9763-2C804D6B87AE}" = TIxx21/x515
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43983EB4-43DC-4C3D-9712-1EF592A31CA8}" = OpenOffice.org 2.1
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{49B43E4D-32DD-46CD-8EE0-214A947BAFA9}" = DJ_SF_03_D4300_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5380063E-2909-4d72-BFA3-625881F2E78B}" = Intel® PROSet for Wireless
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{664F96E2-7CE3-48E2-A7D9-55E002EEFB31}" = Boingo Wi-Fi
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7370B886-918B-4D52-9E93-1A496B07AF0C}" = Earth Bridge
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{8080E151-1FBF-400e-9497-29FDF9410AC6}" = HP Deskjet D4300 Printer Driver 11.0 Rel .3
"{89EE0ED7-DCE1-4D3A-9F10-2BDCCD97E9AA}" = DeLorme Serial Emulator
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD264503-9924-44CC-8FF9-DD7CB779EA1B}" = Garmin c320 City Navigator North America NT v8
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DDD512C6-2251-4046-8F25-1A5EB355015E}" = Intel® mDriver
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6B1F8A7-2EF2-47DC-B7D4-BA7E0C885D56}" = CuteFTP 6 Home
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Alarm_is1" = Alarm 2.0.4
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Corel Remove Program" = Corel Business Applications
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DTMF Dial" = DTMF Dial
"EasyZip" = EasyZip
"ESET Online Scanner" = ESET Online Scanner v3
"EssentialPIM" = EssentialPIM
"Free Easy Burner_is1" = Free Easy Burner V 3.8
"FrontPage v3.0" = Microsoft FrontPage 98
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23C7348E-131C-4BFF-9763-2C804D6B87AE}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{E6B1F8A7-2EF2-47DC-B7D4-BA7E0C885D56}" = CuteFTP 6 Home
"Lotus 1-2-3 Password" = Lotus 1-2-3 Password by Thegrideon Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer
"Screen Shot" = Screen Shot
"Simple Sudoku_is1" = Simple Sudoku 4.2
"Skyhook Wireless Wi-Fi Service" = Skyhook Wireless Wi-Fi Service
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"ThumbsPlus4" = ThumbsPlus version 4.50-R
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2008
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-73586283-1637723038-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18006F73-4701-4458-8A41-1870503D56E5}" = Volleyball ACE 7.20 (Remove only)
"f031ef6ac137efc5" = Dell Driver Download Manager
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/15/2010 11:03:08 PM | Computer Name = CHIPSLAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 8/15/2010 11:03:08 PM | Computer Name = CHIPSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/16/2010 5:48:32 AM | Computer Name = CHIPSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/16/2010 5:49:57 AM | Computer Name = CHIPSLAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 8/16/2010 8:06:47 AM | Computer Name = CHIPSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/16/2010 8:06:47 AM | Computer Name = CHIPSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/16/2010 8:07:11 AM | Computer Name = CHIPSLAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 8/16/2010 8:07:11 AM | Computer Name = CHIPSLAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 8/25/2010 9:56:37 AM | Computer Name = CHIPSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.10.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2010 9:58:47 AM | Computer Name = CHIPSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/16/2010 7:49:04 AM | Computer Name = CHIPSLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Spectrum24 Event Monitor service terminated unexpectedly. It
has done this 1 time(s).

Error - 8/16/2010 7:49:15 AM | Computer Name = CHIPSLAPTOP | Source = Service Control Manager | ID = 7034
Description = The RegSrvc service terminated unexpectedly. It has done this 1 time(s).

Error - 8/16/2010 7:49:15 AM | Computer Name = CHIPSLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 8/16/2010 7:49:15 AM | Computer Name = CHIPSLAPTOP | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 8/16/2010 7:49:16 AM | Computer Name = CHIPSLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/17/2010 10:25:58 AM | Computer Name = CHIPSLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 8/17/2010 10:46:00 AM | Computer Name = CHIPSLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 8/17/2010 11:46:37 AM | Computer Name = CHIPSLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 8/17/2010 11:49:09 AM | Computer Name = CHIPSLAPTOP | Source = ipnathlp | ID = 30009
Description = The DHCP allocator encountered a network error while attempting to
reply on IP address 108.49.70.102 to a request from a client. The data is the error
code.

Error - 8/17/2010 11:49:09 AM | Computer Name = CHIPSLAPTOP | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.1.1
on
the same network as the interface with IP address 192.168.0.1. The allocator has
disabled itself on the interface in order to avoid confusing DHCP clients.


< End of report >
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7982000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1175552 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF07E000 C:\WINDOWS\System32\ialmdd5.DLL 983040 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF764F000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF8201000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA62D000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF4E8D000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF78B1000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 372736 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xAA734000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8F1F000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF786E000 C:\WINDOWS\system32\drivers\STAC97.sys 274432 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xA8ABF000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF043000 C:\WINDOWS\System32\ialmdev5.DLL 241664 bytes (Intel Corporation, Component GHAL Driver)
0xF77F6000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 200704 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF4EEB000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF8343000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA94E6000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF81D4000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA84F0000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA69D000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF7944000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 172032 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xAA70C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA5B8000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)
0xAA607000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF784A000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7920000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7827000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA6EA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF021000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xAA6C8000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA949D000 C:\WINDOWS\System32\Drivers\SerEmulVsp.SYS 135168 bytes
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF82A5000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF82F5000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF8314000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF81BA000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF82DD000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA5A0000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF82C5000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xA96F3000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xF828E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7544000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA929C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF790C000 C:\WINDOWS\system32\DRIVERS\gtipci21.sys 81920 bytes (Texas Instruments, Texas Instruments PCI GemCore IFD Handler)
0xF763B000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF796E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA78D000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF8332000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7513000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8572000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF86B2000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8682000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8672000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 61440 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF84C2000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF86C2000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF6DF1000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7C45000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF84B2000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8692000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF86D2000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8492000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF84E2000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8512000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF86A2000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8482000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF86E2000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7C35000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xF8472000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7096000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8662000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF84A2000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8622000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7C95000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7C25000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF70A6000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF8582000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF870A000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xF87A2000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8812000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF879A000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF87BA000 C:\WINDOWS\System32\Drivers\MxlW2k.SYS 28672 bytes (MusicMatch, Inc., MusicMatch Access Layer KMD)
0xF86F2000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF885A000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF87B2000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF87AA000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8702000 pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0xF884A000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF8792000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF87D2000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA98F6000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (ALWIL Software, avast! TDI RDR Driver)
0xF87F2000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF86FA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8752000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF874A000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF880A000 C:\WINDOWS\system32\SAVRKBootTasks.sys 20480 bytes (Sophos Plc, Sophos boot tasks for Windows 2000)
0xF87C2000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8862000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAA1BC000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xA9517000 C:\WINDOWS\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xF888A000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF894E000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAA1B8000 C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF892E000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9B83000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8912000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF8962000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF895E000 C:\WINDOWS\system32\DRIVERS\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xAA5EB000 C:\WINDOWS\system32\DRIVERS\wpsnuio.sys 16384 bytes (Skyhook Wireless, WPS NDIS User Mode I/O Driver)
0xAA590000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xF8882000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8886000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF4F23000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA94C6000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF896A000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8916000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xAA1B4000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF8A18000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8A26000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8A16000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8976000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8972000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8A1A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF89FC000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8A1C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF89E0000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8A08000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8974000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8A48000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8B46000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8AE7000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8A3A000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected sad.gif



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:46 AM

Posted 25 August 2010 - 10:03 AM

Usually it is a good sign if a rootkit detector doesn't find anything stealthy. smile.gif

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 ihopesomeonecanhelp

ihopesomeonecanhelp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 25 August 2010 - 01:16 PM

When I run combofix I get the blue screen and a message saying that "a problem has been detected and windows has been shut down to prevent damage to your computer. The error was found in KERNEL_STACK_INPAGE_ERROR

Then followed by instructions if this is your first time...etc. I ran it twice, with same result. The combofix cannot be completed without the blue screen of death.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:46 AM

Posted 25 August 2010 - 01:22 PM

Please try to run it in safe mode. If that doesn't work either, run the following scan.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 ihopesomeonecanhelp

ihopesomeonecanhelp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 25 August 2010 - 02:44 PM

[size="6"]I tried to run combofix in safe more. I kept getting many many errors. Most were Deyaled write failures asking me to save the file to somehwhere else, but not giving me any chance to.
The delayed write failures were to these files:
c:\combofix
c:/windows/pfirewall.log
c:/$Mft
C:\windows\nfbtlog.txt
c:\Program Files\Common Files\Microsoft/ofice12/HTML.
c:\Program Files\cyberlink\PowerDVD/HTML.
c:\Program Files\Adobe\Photshop 7.0/Helpers
and others i got tired of writing down. All data lost messages, mostly due to delayed write errors.

I will try your MBRcheck alternative recvommendation now.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:46 AM

Posted 25 August 2010 - 02:49 PM

Okay, will wait for that. smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 ihopesomeonecanhelp

ihopesomeonecanhelp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 25 August 2010 - 03:19 PM

I ran this in a regular startup. Not safe mode. And this is what I got:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF8972000 \WINDOWS\system32\KDCOM.DLL
0xF8882000 \WINDOWS\system32\BOOTVID.dll
0xF8343000 ACPI.sys
0xF8974000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8332000 pci.sys
0xF8472000 isapnp.sys
0xF8886000 compbatt.sys
0xF888A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8A3A000 PCIIde.sys
0xF86F2000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF8976000 intelide.sys
0xF8314000 pcmcia.sys
0xF8482000 MountMgr.sys
0xF82F5000 ftdisk.sys
0xF86FA000 PartMgr.sys
0xF8702000 pavboot.sys
0xF8492000 VolSnap.sys
0xF82DD000 atapi.sys
0xF870A000 cercsr6.sys
0xF82C5000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF84A2000 disk.sys
0xF84B2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF82A5000 fltmgr.sys
0xF8293000 sr.sys
0xF827C000 KSecDD.sys
0xF81EF000 Ntfs.sys
0xF81C2000 NDIS.sys
0xF81A8000 Mup.sys
0xF85B2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF894E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7C63000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF7C4F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7C25000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF876A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7C01000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8772000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7BED000 \SystemRoot\system32\DRIVERS\gtipci21.sys
0xF8956000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xF7B92000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7B4F000 \SystemRoot\system32\drivers\STAC97.sys
0xF7B2B000 \SystemRoot\system32\drivers\portcls.sys
0xF85E2000 \SystemRoot\system32\drivers\drmk.sys
0xF7B08000 \SystemRoot\system32\drivers\ks.sys
0xF7AD7000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF79D8000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF7930000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF877A000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8612000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8782000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF878A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8622000 \SystemRoot\system32\DRIVERS\serial.sys
0xF895A000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF791C000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8632000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8792000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xF8642000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8652000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF8AAF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8662000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8962000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7905000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8672000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8682000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF879A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF78F4000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8692000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8872000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF887A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF71D1000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8562000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF89DE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7130000 \SystemRoot\system32\DRIVERS\update.sys
0xF893E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8522000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA402000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8A2C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA9563000 \??\C:\WINDOWS\system32\SAVRKBootTasks.sys
0xF89B8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8A52000 \SystemRoot\System32\Drivers\Null.SYS
0xF8996000 \SystemRoot\System32\Drivers\Beep.SYS
0xA9553000 \SystemRoot\System32\drivers\vga.sys
0xF8998000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF89BA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA954B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA9543000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA9877000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8C23000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8BCA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8BA2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8B80000 \SystemRoot\System32\drivers\afd.sys
0xA9EBB000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8B5E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xA953B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA8B33000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA946C000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xA8AC3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA97D5000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8A9D000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA97C5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9795000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8A85000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF89BC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA8EA6000 \SystemRoot\System32\drivers\Dxapi.sys
0xA90D9000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B93000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF021000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF043000 \SystemRoot\System32\ialmdev5.DLL
0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF8906000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xF890E000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xF72AD000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA8A81000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8A7D000 \SystemRoot\system32\DRIVERS\wpsnuio.sys
0xA8940000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF89E6000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA88F7000 \SystemRoot\System32\Drivers\SerEmulVsp.SYS
0xA89A9000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xA898D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA872C000 \SystemRoot\system32\DRIVERS\srv.sys
0xA84BB000 \SystemRoot\System32\Drivers\HTTP.sys
0xA833E000 \SystemRoot\system32\drivers\wdmaud.sys
0xA85A4000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7F22000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
816 C:\WINDOWS\system32\smss.exe
888 csrss.exe
916 C:\WINDOWS\system32\winlogon.exe
960 C:\WINDOWS\system32\services.exe
972 C:\WINDOWS\system32\lsass.exe
1132 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1388 C:\WINDOWS\system32\svchost.exe
1476 C:\WINDOWS\system32\S24EvMon.exe
1608 svchost.exe
1784 svchost.exe
1996 C:\WINDOWS\system32\WLTRYSVC.EXE
2008 C:\WINDOWS\system32\BCMWLTRY.EXE
192 C:\WINDOWS\system32\spoolsv.exe
228 scardsvr.exe
520 svchost.exe
656 C:\WINDOWS\system32\RegSrvc.exe
764 C:\WINDOWS\system32\svchost.exe
1976 alg.exe
392 C:\WINDOWS\system32\svchost.exe
1808 C:\WINDOWS\system32\ZCfgSvc.exe
1672 C:\WINDOWS\system32\1XConfig.exe
1780 C:\WINDOWS\system32\wscntfy.exe
1300 C:\WINDOWS\explorer.exe
1088 C:\WINDOWS\system32\WLTRAY.EXE
1368 C:\WINDOWS\system32\hkcmd.exe
1376 C:\WINDOWS\system32\igfxpers.exe
2116 C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
2144 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
2160 C:\WINDOWS\system32\ctfmon.exe
2172 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2332 C:\Program Files\Parsons Technology\Screen Shot\Sshot.exe
2456 C:\Program Files\Internet Explorer\iexplore.exe
2728 C:\Program Files\Internet Explorer\iexplore.exe
3284 C:\WINDOWS\system32\msfeedssync.exe
3448 C:\Documents and Settings\Chip\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST960815A, Rev: 3.ADE

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:46 AM

Posted 25 August 2010 - 03:22 PM

Please click Start > Run, type chkdsk /r in the runbox and press enter.

Type Y and press enter to schedule a diskcheck for the next reboot.

Restart your computer and let the disk check run unhindered. Note - this may take some time.

When done, try to rerun combofix.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 ihopesomeonecanhelp

ihopesomeonecanhelp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 26 August 2010 - 07:24 AM

Chkdsk did need some repairs. It made a lot of repairs it seemed.

ComboFix still cant complete, due to Delayed Write Errors to:
C:\$Mft
c:\windows\pfirewall.log
c:\windows
c:\windows\system32
c:\documents and settings\chip

also got a new odd warning as we started saying Windows System Error - unknown hard drive

#12 ihopesomeonecanhelp

ihopesomeonecanhelp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 26 August 2010 - 07:45 AM

I dont know if this is relevent either. When I ran chkdsk /r I got this message. The type of the file system is NIPS. Cannot lock current drive. Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the sytem restarts?
I answered yes, which is how i ran the chkdsk

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:46 AM

Posted 26 August 2010 - 07:55 AM

QUOTE
Type Y and press enter to schedule a diskcheck for the next reboot.
So, yes, you ran it the right way. smile.gif

This points more and more towards a bad harddisk.

You're going to need a program called TestDisk. It's a free and open source disk recovery program.

Step 1: Download the TestDisk executable for Windows here: Download
Step 2: Extract the downloaded zip file using your favorite archive extractor.
Step 3: Double-click on the testdisk_win.exe file (found in the win folder of the extracted archive)
Step 4: You will now be at a scary looking text-based command window:

Press Enter here to create a new log file.

Step 5: TestDisk will now detect all local hard drives, and present them in a list like this:

You have indicated that there is only one hard drive attached to your computer, with two partitions. So, use the arrow (up and down) keys to highlight the disk called /dev/sda.

Note: If /dev/sda isn't listed or you have more than one hard drive, STOP and post back here.

With /dev/sda selected, press Enter

Step 6: Now we need to specify the type of partitions that are on your disk. Select Intel (even if you have an AMD processor).

Press Enter.

Step 7: Select Analyse and press Enter.


Step 8: The next screen will list all found partitions. Press Enter to run a Quick Search.


Now type Q until you exit and post me the testdisk log (will be saved in the testdisk folder).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 ihopesomeonecanhelp

ihopesomeonecanhelp
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 26 August 2010 - 08:05 AM

The regulat windows version downloads and wont open. It says its not a valid ziip file. So I downloaded the beta version of it. It unzipped. But the exe file wont start and gives this error message. The application has failed to start because cygwin1.dll was not found. Re-installing the application may fix this problem. Reinstalling didnt fix it. sad.gif

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:46 AM

Posted 26 August 2010 - 08:20 AM

This is the one you need: http://www.cgsecurity.org/testdisk-6.11.3.win.zip

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users