Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fake (AVG?) anti-virus program


  • This topic is locked This topic is locked
26 replies to this topic

#1 bpv_newhacker

bpv_newhacker

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern new jersey
  • Local time:03:49 AM

Posted 02 October 2010 - 02:29 PM

Hi,

thank you orange blossom for giving me instructions on how to proceed.l

The infection is an anti-virus trojan. It comes up with a dialogue saying:

"Resident shield alert"
"multiple threats detected"

there will be several infections listed in the dialogue, and when I closed it it would still pop up later.

I first ran malware bytes and it found some infections but it still didn't get rid of it. I searched on the net for different removal instructions and followed some of the suggestions such as using msconfig. I then rebooted in safe mode and ran
malware bytes again. I deleted some of the suspicious programs in the windows directory, and did some work in the registry to get rid of any keys that dealt with some of the names I found that were suspicious. malware bytes found some more infections and I thought I was good but when I rebooted in normal mode, the virus still came up. I ran AVG this time and it found multiple infections, but they were in programs I use such as AVG, and some other programs that are on my toolbar, such as my tomtom software and qtask. that is when I made my post.

after following the preperation guide I downloaded the 2 programs and here is what happened.

1. DDS worked fine and I got the logs

2. GMER came up with several problems right away and said there may be a rootkit. when I did a scan, I got about 20-25 listed in the dialogue, but after awhile I came back and I got the blue screen of death. I rebooted my computer again and I got 2 partial logs, one when GMER first ran, and then I did a scan again and waited to the list box stopped showing me any more problem areas and I saved that.

The Ark.txt file from GMER is the partial log I saved.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/23/2004 7:15:15 PM
System Uptime: 10/2/2010 10:41:09 AM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 53 GiB total, 13.916 GiB free.
D: is CDROM ()
E: is Removable
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05741317&REV_11\4&1C660DD6&0&10F0
Manufacturer: Linksys
Name: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) #2
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05741317&REV_11\4&1C660DD6&0&10F0
Service: AN983

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

23_24_2500Tour
2400
2400_2500Help
2400_2500trb
3DVIA Player 4.1
AccessData Dongle Driver
AccessData KFF Database
ACDSee for Pentax 2.0
Action Replay DSi Code Manager
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
AIM 7
AIM Search
AiO_Scan
AIOMinimal
AiOSoftware
ArcSoft Panorama Maker 4
AVG Free 9.0
Banctec Service Agreement
CDBurnerXP
Compatibility Pack for the 2007 Office system
Copy
Coupon Printer for Windows
CouponBar
CreativeProjects
DataLifter v2.0
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell System Restore
DellSupport
Director
DocProc
Download Updater (AOL LLC)
EA Download Manager
EA Download Manager UI
Ethereal 0.10.14
Fax
Green Eggs and Ham
HHD Software Hex Editor
HijackThis 2.0.2
Homey
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
hpmdtab
HPSystemDiagnostics
iMesh
InstantShare
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
IsoBuster 1.9
Java™ 6 Update 3
Lawicel canusb driver
Learn2 Player (Uninstall Only)
LEGO Alpha Team
LEGO Creator Knights' Kingdom
LEGO Digital Designer
LEGO Digital Designer 2.0
LicenseManager
Macallan Outlook Express Extraction
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2000 Professional
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft OLE DB Provider for Visual FoxPro
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Mozilla Firefox (3.5.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
My Way Search Assistant
Nikon Message Center
Nikon Transfer
Norton CleanSweep
Norton Speed Disk 7.0 for Windows NT
Norton Utilities 2003 for Windows
Notepad++
NSIS SensitivityToolkit
NVIDIA Drivers
NVIDIA nView Desktop Manager
OE-Mail Recovery 1.7.7
OutlookEX Recovery
overland
Palm Desktop
Passware Kit 7.1 Enterprise Edition
PhotoGallery
PicoZip Recovery Tool 1.02
PowerISO
PrintScreen
QFolder
Questionmark Secure Browser
Quick View Plus
QuickProjects
QuickTime
Readme
RealPlayer
Sam Spade version 1.14
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
SkinsHP2
SmartWhois
Sonic 3D
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Speedy Eggbert
Speedy Eggbert Game
SPORE™
SQL Server System CLR Types
Stop the Morbuzakh (remove only)
The Best of Creative Lettering
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
TrayApp
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Verizon Help and Support Tool
Verizon Online
Verizon Online Help and Support
VLC media player 0.9.2
Vuze
Vuze Toolbar
Vz In Home Agent
Web Historian
WebFldrs XP
WebReg
WIDCOMM BTW Development Kit
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Service Pack 3
WinHex
WinPcap 3.1
WinPET XP 2.5.5
WordPerfect Office 12
WS_FTP Password Recoverer 2.5
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/30/2010 9:08:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/30/2010 8:54:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/30/2010 8:54:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/30/2010 8:39:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
9/30/2010 8:00:01 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
9/30/2010 5:07:50 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file rundll32.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
9/30/2010 4:56:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.
9/30/2010 4:56:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
9/30/2010 4:56:49 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/29/2010 6:42:20 AM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: A device attached to the system is not functioning.
9/28/2010 7:00:29 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows User Mode Driver Framework service to connect.
9/28/2010 7:00:29 AM, error: Service Control Manager [7000] - The Windows User Mode Driver Framework service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/28/2010 7:00:29 AM, error: Service Control Manager [7000] - The Keil ULINK SERVICE (keilul.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/2/2010 11:13:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
10/2/2010 11:00:00 AM, error: Schedule [7901] - The At60.job command failed to start due to the following error: %%2147942402
10/2/2010 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
10/1/2010 9:13:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
10/1/2010 9:00:03 PM, error: Schedule [7901] - The At70.job command failed to start due to the following error: %%2147942402
10/1/2010 9:00:03 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
10/1/2010 8:48:39 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
10/1/2010 8:37:39 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
10/1/2010 3:58:11 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m AFD agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 AvgLdx86 AvgMfx86 AvgTdiX cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o Fips hpn i2omp ini910u IntelIde intelppm IPSec mraid35x MRxSmb NetBIOS NetBT perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 RasAcd Rdbss SCDEmu sisagp Sparrow symc810 symc8xx sym_hi sym_u3 Tcpip TosIde ultra viaagp ViaIde
10/1/2010 3:58:11 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2010 3:58:11 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2010 3:58:11 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2010 3:58:11 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2010 10:13:01 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
10/1/2010 10:00:01 PM, error: Schedule [7901] - The At71.job command failed to start due to the following error: %%2147942402
10/1/2010 10:00:01 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402

==== End Of File ===========================


DDS (Ver_10-03-17.01) - NTFSx86
Run by Bernie at 11:24:13.38 on Sat 10/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.355 [GMT -4:00]

AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Bernie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
Filter: text/html - {5ab80814-4eb9-4678-8d75-9384bce86264} -
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Quick View Plus - ShellExecute Hook: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - qvphook.dll
IFEO: taskmgr.exe - "c:\documents and settings\bernie\my documents\forensics\sysinternals\processexplorer\PROCEXP.EXE"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bernie\applic~1\mozilla\firefox\profiles\oeatlefi.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {D67575B2-85E2-4A33-9FF3-1745417C467B} - c:\documents and settings\bernie\local settings\application data\{D67575B2-85E2-4A33-9FF3-1745417C467B}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101059100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-30 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-30 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-30 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
S0 vbxdi;vbxdi;c:\windows\system32\drivers\hgrcoatp.sys --> c:\windows\system32\drivers\hgrcoatp.sys [?]
S2 KEILUL;Keil ULINK SERVICE (keilul.sys);c:\windows\system32\drivers\keilul.sys [2007-1-13 35306]
S2 Parclass;Parclass;c:\windows\system32\drivers\parclass.sys [2006-4-29 19824]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-1-18 29184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 PIOdriver;PIOdriver;c:\windows\system32\drivers\PIOdriver.sys [2006-2-21 3712]
S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-11-26 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-11-26 234888]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-4-30 430152]
S4 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\postgresql\8.2\bin\pg_ctl.exe [2008-10-31 94376]

============== File Associations ===============

regfile=*** no open command defined ***

=============== Created Last 30 ================

2010-10-02 00:28:33 112 ----a-w- c:\docume~1\alluse~1\applic~1\13m7JEC.dat
2010-09-29 10:44:32 120 ----a-w- c:\windows\Aqiqagovagifobaw.dat
2010-09-29 10:44:32 0 ----a-w- c:\windows\Nxakevifohahuroz.bin
2010-09-29 10:43:33 0 d-----w- c:\docume~1\bernie\applic~1\Genieo
2010-09-29 10:43:16 143 ----a-w- c:\docume~1\bernie\applic~1\jsdfgs.bat
2010-09-29 10:42:03 0 ----a-w- c:\windows\system32\drivers\lzdexyl.sys
2010-09-29 10:41:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-09-26 16:53:20 0 d-----w- c:\program files\common files\Software Update Utility

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-16 12:40:48 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2006-04-26 10:32:45 32 --sha-w- c:\windows\{0B1548F3-56EF-40A8-A8C7-B1A722E0912F}.dat
2006-04-26 10:30:52 32 --sha-w- c:\windows\{3D33E7D9-909E-405D-9A50-0253C39912E1}.dat
2006-04-26 10:30:52 32 --sha-w- c:\windows\{6D7333C4-788F-49BF-954E-8EE2B0D7C63E}.dat
2006-04-26 10:30:52 32 --sha-w- c:\windows\{B1C4B48C-5397-42A8-A915-3B9FA2BE86C3}.dat
2006-04-26 10:31:46 32 --sha-w- c:\windows\{C0EF124D-9FCD-47F0-9B57-D25C2ECC7BFC}.dat
2006-04-26 10:29:31 32 --sha-w- c:\windows\{C647AB9E-4CA2-43B4-A239-316CB4446588}.dat
2006-04-26 10:32:21 32 --sha-w- c:\windows\{DDD508F4-CAA5-4FBC-905F-96A5DF2F2EF4}.dat
2007-10-09 18:59:20 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2006-04-26 10:29:31 32 --sha-w- c:\windows\system32\{017C680A-A7DB-4649-8EBC-7065CBFD24EE}.dat
2006-04-26 10:30:52 32 --sha-w- c:\windows\system32\{246E4B29-9401-4BC9-9EC8-FC061BB44264}.dat
2006-04-26 10:30:52 32 --sha-w- c:\windows\system32\{26C25696-1D49-498D-932D-F260E9EB243F}.dat
2006-04-26 10:30:52 32 --sha-w- c:\windows\system32\{514A80DE-1170-42E1-8ED2-63AEAB912A88}.dat
2006-04-26 10:32:21 32 --sha-w- c:\windows\system32\{536AE424-24B2-40CD-9EB7-7F725530CE5F}.dat
2006-04-26 10:32:45 32 --sha-w- c:\windows\system32\{69F34086-5362-4EE3-93E2-1465F182465D}.dat
2006-04-26 10:31:46 32 --sha-w- c:\windows\system32\{8FE46DC1-08EC-455A-B2F9-43BC401179E0}.dat
2010-05-15 07:28:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010051520100516\index.dat

============= FINISH: 11:26:19.39 ===============





Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 08 October 2010 - 05:55 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 bpv_newhacker

bpv_newhacker
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern new jersey
  • Local time:03:49 AM

Posted 10 October 2010 - 07:25 AM

Hi,

thank you for getting back to me. I still have the problem. My first post with the description still applies with some additional information.

1. My AVG program is no longer in the tool bar, but AVG processes are still running. I don't know if this was caused by the malware.

2. I did do some investigating this week with hijackthis, process explorer and msconfig. I did find a rogue dll called 'xreg32.dll in the WINDOWS/SYSTEM32/ directory. I searched for it on the Web and it did indicate that this was a trojan. I was about to get rid of it but I figured I would wait will you guys got back to me.

3. OTL worked find and I saved the logs.

4. GMER had the same problem when I ran it before my last post, but a little different results.

I did run it on saturday and it took like 5 hrs, but when I came in to inspect it, it showed what you see in the log I first posted, but it also showed around 20 file names and GMER and my PC locked up at that point and I had to reboot. I couldn't save the log at that point. I think it got to the 'FILE' section of GMER when it locked up. I tried all day saturday to get just that log, but it was getting the blue screen of death and I don't have any idea where the problem occured at.

If you need the whole log, Ill continue trying to see if can get to the point where the files are listed and I will write them down and post them.

here are the logs: ---------------------


OTL logfile created on: 10/8/2010 8:40:29 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Bernie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.08 Gb Total Space | 13.42 Gb Free Space | 25.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 246.23 Mb Total Space | 63.53 Mb Free Space | 25.80% Space Free | Partition Type: FAT
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BERNIEV
Current User Name: Bernie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/08 17:10:42 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
PRC - [2010/09/23 08:09:33 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 08:40:49 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 08:40:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 08:39:39 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 08:39:36 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/18 20:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2003/05/14 12:10:46 | 000,045,056 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccess.exe


========== Modules (SafeList) ==========

MOD - [2010/10/08 17:10:42 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/16 08:40:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/10/31 04:42:16 | 000,094,376 | ---- | M] (PostgreSQL Global Development Group) [Disabled | Stopped] -- C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe -- (pgsql-8.2)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/01/05 03:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/05/14 12:10:46 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccess.exe -- (NMSAccess)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\hgrcoatp.sys -- (vbxdi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - [2010/07/16 08:40:54 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 08:39:39 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 08:17:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/27 19:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/03/13 13:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 13:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftser2k.sys -- (FTSER2K)
DRV - [2007/04/09 08:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/08 09:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/06/02 21:10:08 | 000,003,712 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PIOdriver.sys -- (PIOdriver)
DRV - [2006/05/01 04:17:32 | 000,022,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBkey.sys -- (USBDongle)
DRV - [2006/02/10 17:55:36 | 000,034,688 | ---- | M] (Dolphin, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\samfilt.sys -- (SAMFILT)
DRV - [2005/10/22 22:42:09 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2005/06/10 13:20:44 | 000,035,306 | ---- | M] (KEIL) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\keilul.sys -- (KEILUL) Keil ULINK SERVICE (keilul.sys)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/13 04:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 03:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 03:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 03:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 05:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 23:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/04/26 11:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/04/13 18:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/08/29 03:00:00 | 000,006,515 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Questionmark\QS\ProcObsrv.sys -- (ProcObsrv)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/04/04 13:27:38 | 000,019,824 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\Parclass.sys -- (Parclass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {D67575B2-85E2-4A33-9FF3-1745417C467B}:1.9.1
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101059100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101059100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 08:10:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/23 11:20:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D67575B2-85E2-4A33-9FF3-1745417C467B}: C:\Documents and Settings\Bernie\Local Settings\Application Data\{D67575B2-85E2-4A33-9FF3-1745417C467B} [2010/09/29 06:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/22 06:29:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 18:59:01 | 000,000,000 | ---D | M]

[2010/06/19 20:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Extensions
[2010/06/19 20:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/11/26 14:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\extensions
[2009/11/26 14:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/10/07 19:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\oeatlefi.default\extensions
[2009/12/11 20:53:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\oeatlefi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/11 20:08:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/21 08:08:08 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O3 - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe File not found
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bernie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bernie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\DOCUMENTS AND SETTINGS\BERNIE\MY DOCUMENTS\FORENSICS\SYSINTERNALS\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Stellent, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b72afe2-7c01-11df-a10d-0011117a2ded}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\MSG711.ACM (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\MSG723.ACM (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\MSGSM32.ACM (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\MSACM32.DRV (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/10/08 20:32:59 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
[2010/10/08 16:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/10/08 16:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/03 15:48:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/02 14:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Desktop\WER9755.dir00
[2010/10/02 13:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/10/02 13:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/10/02 11:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Desktop\gmer
[2010/09/30 20:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\My Documents\malware bytes logs
[2010/09/29 06:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Local Settings\Application Data\{D67575B2-85E2-4A33-9FF3-1745417C467B}
[2010/09/29 06:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Application Data\Genieo
[2010/09/29 06:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/09/28 20:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/09/28 20:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/28 19:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/28 19:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/26 12:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/09/03 20:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Local Settings\Application Data\ufvkyqtmi
[2010/08/24 10:36:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2010/07/16 08:40:48 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/15 19:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/07/15 19:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/07/15 19:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/15 19:37:52 | 022,103,176 | ---- | C] (Electronic Arts, Inc.) -- C:\Documents and Settings\Bernie\My Documents\eadm-installer.exe
[2010/07/11 16:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinPET
[2010/07/11 16:48:24 | 008,237,205 | ---- | C] (WinPET ) -- C:\Documents and Settings\Bernie\My Documents\WinPETXP255.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Bernie\My Documents\*.tmp files -> C:\Documents and Settings\Bernie\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/08 20:46:18 | 000,843,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\lzdexyl.sys
[2010/10/08 20:32:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/10/08 20:31:33 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/10/08 20:30:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/08 20:30:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/10/08 20:30:28 | 795,922,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/08 17:31:13 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Bernie\NTUSER.DAT
[2010/10/08 17:31:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bernie\NTUSER.INI
[2010/10/08 17:26:02 | 000,008,648 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\bleepng_comp_malware_response.rtf
[2010/10/08 17:19:52 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\Defogger.exe
[2010/10/08 17:10:42 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
[2010/10/06 19:13:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/10/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/10/06 18:13:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/06 18:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/10/06 18:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/10/06 17:13:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/06 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/10/06 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/10/06 16:55:00 | 065,672,583 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/04 17:35:42 | 000,000,938 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/10/04 17:35:42 | 000,000,290 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/10/04 17:35:42 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2010/10/03 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/10/03 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/10/03 15:23:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\prvlcl.dat
[2010/10/03 13:13:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/03 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/10/03 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/10/02 12:13:03 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/02 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/10/02 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/10/02 11:33:26 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\gmer.zip
[2010/10/02 11:16:40 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\dds.scr
[2010/10/02 11:13:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/02 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/10/02 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/10/01 22:13:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/01 22:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/10/01 22:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/10/01 21:13:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/01 21:00:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/10/01 21:00:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/10/01 20:28:33 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\13m7JEC.dat
[2010/09/30 20:18:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/09/30 20:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/09/30 16:57:23 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Aqiqagovagifobaw.dat
[2010/09/30 16:57:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Nxakevifohahuroz.bin
[2010/09/29 19:52:40 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\rkill.com
[2010/09/29 06:43:16 | 000,000,143 | ---- | M] () -- C:\Documents and Settings\Bernie\Application Data\jsdfgs.bat
[2010/09/26 12:53:38 | 000,001,856 | -H-- | M] () -- C:\IPH.PH
[2010/09/26 12:53:32 | 000,001,647 | ---- | M] () -- C:\Documents and Settings\Bernie\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/09/26 12:53:32 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/09/24 18:30:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (1) (BERNIEV-Bernie).job
[2010/09/19 15:27:24 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Bernie\My Documents\articles.doc
[2010/09/18 15:53:32 | 001,242,608 | ---- | M] () -- C:\Documents and Settings\Bernie\My Documents\UndernetUprisingClient.zip
[2010/09/16 19:03:43 | 000,000,008 | ---- | M] () -- C:\WINDOWS\naviprog_colour.INI
[2010/09/16 19:03:07 | 000,000,012 | ---- | M] () -- C:\WINDOWS\naviselect.INI
[2010/09/16 19:02:48 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinPET.lnk
[2010/09/15 03:07:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/12 14:23:02 | 000,000,008 | ---- | M] () -- C:\WINDOWS\navi.skin
[2010/09/11 12:16:54 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 10:34:28 | 000,001,955 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\FiOS Information.lnk
[2010/08/18 16:07:34 | 000,002,081 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2010/08/15 19:14:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bernie\Michea;
[2010/08/13 03:54:29 | 000,232,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 03:20:32 | 000,507,640 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 03:20:32 | 000,445,738 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/08/13 03:20:32 | 000,072,944 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/08/02 16:38:21 | 000,000,024 | ---- | M] () -- C:\WINDOWS\sc11.navis
[2010/08/02 16:38:21 | 000,000,023 | ---- | M] () -- C:\WINDOWS\sc11n.navis
[2010/08/02 16:38:21 | 000,000,020 | ---- | M] () -- C:\WINDOWS\sc10.navis
[2010/08/02 16:38:21 | 000,000,012 | ---- | M] () -- C:\WINDOWS\sc10n.navis
[2010/08/02 16:37:46 | 000,000,032 | ---- | M] () -- C:\WINDOWS\sc8n.navis
[2010/08/02 16:37:46 | 000,000,026 | ---- | M] () -- C:\WINDOWS\sc7.navis
[2010/08/02 16:37:46 | 000,000,022 | ---- | M] () -- C:\WINDOWS\sc9.navis
[2010/08/02 16:37:46 | 000,000,022 | ---- | M] () -- C:\WINDOWS\sc8.navis
[2010/08/02 16:37:46 | 000,000,018 | ---- | M] () -- C:\WINDOWS\sc7n.navis
[2010/08/02 16:37:46 | 000,000,014 | ---- | M] () -- C:\WINDOWS\sc9n.navis
[2010/08/02 16:37:44 | 000,000,023 | ---- | M] () -- C:\WINDOWS\sc5.navis
[2010/08/02 16:37:44 | 000,000,021 | ---- | M] () -- C:\WINDOWS\sc4.navis
[2010/08/02 16:37:44 | 000,000,019 | ---- | M] () -- C:\WINDOWS\sc6.navis
[2010/08/02 16:37:44 | 000,000,015 | ---- | M] () -- C:\WINDOWS\sc5n.navis
[2010/08/02 16:37:44 | 000,000,013 | ---- | M] () -- C:\WINDOWS\sc4n.navis
[2010/08/02 16:37:44 | 000,000,011 | ---- | M] () -- C:\WINDOWS\sc6n.navis
[2010/08/02 16:37:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\sc2.navis
[2010/08/02 16:37:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\sc1.navis
[2010/08/02 16:37:42 | 000,000,024 | ---- | M] () -- C:\WINDOWS\sc1n.navis
[2010/08/02 16:37:42 | 000,000,019 | ---- | M] () -- C:\WINDOWS\sc3.navis
[2010/08/02 16:37:42 | 000,000,019 | ---- | M] () -- C:\WINDOWS\sc2n.navis
[2010/08/02 16:37:42 | 000,000,011 | ---- | M] () -- C:\WINDOWS\sc3n.navis
[2010/07/24 08:35:32 | 000,000,007 | ---- | M] () -- C:\WINDOWS\homdrv.navis
[2010/07/24 08:35:29 | 000,000,009 | ---- | M] () -- C:\WINDOWS\firstrun.navis
[2010/07/17 15:20:22 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\dds.pif
[2010/07/16 08:40:54 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/16 08:40:48 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 08:39:39 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/15 19:37:54 | 022,103,176 | ---- | M] (Electronic Arts, Inc.) -- C:\Documents and Settings\Bernie\My Documents\eadm-installer.exe
[2010/07/15 04:20:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\Shortcut (2) to Internet Explorer.lnk
[2010/07/12 07:07:49 | 000,000,007 | ---- | M] () -- C:\WINDOWS\msop.navis
[2010/07/11 18:08:59 | 000,000,007 | ---- | M] () -- C:\WINDOWS\sc12n.navis
[2010/07/11 18:08:59 | 000,000,007 | ---- | M] () -- C:\WINDOWS\sc12.navis
[2010/07/11 18:06:37 | 000,000,008 | ---- | M] () -- C:\WINDOWS\navi.shortcutkeys
[2010/07/11 18:05:12 | 000,000,019 | ---- | M] () -- C:\WINDOWS\navitxt.INI
[2010/07/11 16:53:29 | 000,000,008 | ---- | M] () -- C:\WINDOWS\sopt.navis
[2010/07/11 16:48:24 | 008,237,205 | ---- | M] (WinPET ) -- C:\Documents and Settings\Bernie\My Documents\WinPETXP255.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Bernie\My Documents\*.tmp files -> C:\Documents and Settings\Bernie\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/08 20:33:09 | 000,008,648 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\bleepng_comp_malware_response.rtf
[2010/10/08 20:32:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\Defogger.exe
[2010/10/08 20:30:28 | 795,922,432 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/02 11:37:33 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\gmer.zip
[2010/10/02 11:18:31 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\dds.scr
[2010/10/02 11:11:55 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\dds.pif
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/10/01 20:28:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/10/01 20:28:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/10/01 20:28:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/10/01 20:28:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/10/01 20:28:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/10/01 20:28:33 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\13m7JEC.dat
[2010/09/30 17:09:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/09/30 17:09:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/09/30 17:09:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/09/30 17:09:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/09/30 17:09:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/09/30 17:09:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/09/30 17:09:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/09/30 17:09:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/09/30 17:09:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/09/30 17:09:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/09/30 17:09:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/09/30 17:00:48 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\rkill.com
[2010/09/29 06:44:32 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Aqiqagovagifobaw.dat
[2010/09/29 06:44:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Nxakevifohahuroz.bin
[2010/09/29 06:43:16 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Bernie\Application Data\jsdfgs.bat
[2010/09/29 06:42:03 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\lzdexyl.sys
[2010/09/19 15:27:24 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Bernie\My Documents\articles.doc
[2010/09/18 15:53:31 | 001,242,608 | ---- | C] () -- C:\Documents and Settings\Bernie\My Documents\UndernetUprisingClient.zip
[2010/08/25 07:27:47 | 000,043,392 | ---- | C] () -- C:\Documents and Settings\Bernie\MMLog.log
[2010/08/24 10:34:28 | 000,001,955 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\FiOS Information.lnk
[2010/08/15 19:14:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bernie\Michea;
[2010/07/24 08:35:32 | 000,000,007 | ---- | C] () -- C:\WINDOWS\homdrv.navis
[2010/07/19 13:16:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\prvlcl.dat
[2010/07/15 19:41:02 | 000,002,081 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2010/07/15 04:20:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\Shortcut (2) to Internet Explorer.lnk
[2010/07/12 07:07:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\msop.navis
[2010/07/11 18:08:59 | 000,000,024 | ---- | C] () -- C:\WINDOWS\sc11.navis
[2010/07/11 18:08:59 | 000,000,023 | ---- | C] () -- C:\WINDOWS\sc11n.navis
[2010/07/11 18:08:59 | 000,000,020 | ---- | C] () -- C:\WINDOWS\sc10.navis
[2010/07/11 18:08:59 | 000,000,012 | ---- | C] () -- C:\WINDOWS\sc10n.navis
[2010/07/11 18:08:59 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sc12n.navis
[2010/07/11 18:08:59 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sc12.navis
[2010/07/11 18:08:57 | 000,000,032 | ---- | C] () -- C:\WINDOWS\sc8n.navis
[2010/07/11 18:08:57 | 000,000,026 | ---- | C] () -- C:\WINDOWS\sc7.navis
[2010/07/11 18:08:57 | 000,000,022 | ---- | C] () -- C:\WINDOWS\sc9.navis
[2010/07/11 18:08:57 | 000,000,022 | ---- | C] () -- C:\WINDOWS\sc8.navis
[2010/07/11 18:08:57 | 000,000,018 | ---- | C] () -- C:\WINDOWS\sc7n.navis
[2010/07/11 18:08:57 | 000,000,014 | ---- | C] () -- C:\WINDOWS\sc9n.navis
[2010/07/11 18:08:54 | 000,000,023 | ---- | C] () -- C:\WINDOWS\sc5.navis
[2010/07/11 18:08:54 | 000,000,021 | ---- | C] () -- C:\WINDOWS\sc4.navis
[2010/07/11 18:08:54 | 000,000,019 | ---- | C] () -- C:\WINDOWS\sc6.navis
[2010/07/11 18:08:54 | 000,000,015 | ---- | C] () -- C:\WINDOWS\sc5n.navis
[2010/07/11 18:08:54 | 000,000,013 | ---- | C] () -- C:\WINDOWS\sc4n.navis
[2010/07/11 18:08:54 | 000,000,011 | ---- | C] () -- C:\WINDOWS\sc6n.navis
[2010/07/11 18:08:47 | 000,000,027 | ---- | C] () -- C:\WINDOWS\sc2.navis
[2010/07/11 18:08:47 | 000,000,027 | ---- | C] () -- C:\WINDOWS\sc1.navis
[2010/07/11 18:08:47 | 000,000,024 | ---- | C] () -- C:\WINDOWS\sc1n.navis
[2010/07/11 18:08:47 | 000,000,019 | ---- | C] () -- C:\WINDOWS\sc3.navis
[2010/07/11 18:08:47 | 000,000,019 | ---- | C] () -- C:\WINDOWS\sc2n.navis
[2010/07/11 18:08:47 | 000,000,011 | ---- | C] () -- C:\WINDOWS\sc3n.navis
[2010/07/11 18:06:37 | 000,000,008 | ---- | C] () -- C:\WINDOWS\navi.shortcutkeys
[2010/07/11 18:05:12 | 000,000,019 | ---- | C] () -- C:\WINDOWS\navitxt.INI
[2010/07/11 17:55:12 | 000,000,008 | ---- | C] () -- C:\WINDOWS\navi.skin
[2010/07/11 17:54:40 | 000,000,008 | ---- | C] () -- C:\WINDOWS\naviprog_colour.INI
[2010/07/11 16:55:43 | 000,000,009 | ---- | C] () -- C:\WINDOWS\firstrun.navis
[2010/07/11 16:55:40 | 000,000,012 | ---- | C] () -- C:\WINDOWS\naviselect.INI
[2010/07/11 16:53:29 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sopt.navis
[2010/07/11 16:52:59 | 000,002,433 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinPET.lnk
[2009/07/21 09:52:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Guitars
[2009/07/21 09:52:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Bernie\Application Data\Grapher
[2009/07/21 09:52:41 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Home
[2008/09/14 20:01:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\canusbdrv.dll
[2007/05/20 16:49:55 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/13 13:11:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\FTCJTAG.dll
[2007/01/13 13:11:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\FTCJTAG.dll
[2006/10/18 20:45:42 | 000,000,113 | ---- | C] () -- C:\WINDOWS\immortal.ini
[2006/10/11 19:34:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/09/28 16:42:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bernie\Application Data\4EC308F4-A9FC-4be8-BA18-75066D6256D5_CONFIRM.cache
[2006/05/09 21:41:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2006/04/29 05:05:33 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/04/29 05:05:33 | 000,007,440 | ---- | C] () -- C:\WINDOWS\System32\ppmon.dll
[2006/04/26 06:10:32 | 000,000,045 | ---- | C] () -- C:\WINDOWS\LicenseManager.ini
[2006/03/19 11:55:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/02/20 21:54:17 | 000,000,106 | ---- | C] () -- C:\WINDOWS\ftk.INI
[2006/01/28 12:07:23 | 000,058,904 | ---- | C] () -- C:\WINDOWS\System32\is4tray.dll
[2005/11/26 09:06:35 | 000,000,078 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2005/11/22 21:55:46 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/16 18:52:59 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/03/27 13:56:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/03/12 11:41:52 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\fusioncache.dat
[2005/03/08 18:50:35 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/03/01 16:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/02/15 20:03:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/04 13:39:01 | 000,001,563 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/19 20:43:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/15 16:30:38 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Bernie\Application Data\PFP120JPR.{PB
[2005/01/15 16:30:38 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Bernie\Application Data\PFP120JCM.{PB
[2004/12/17 16:27:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/17 16:19:04 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/17 15:31:08 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/01/05 03:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/05/11 08:20:50 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\hs_regex.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2008/07/05 20:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2005/10/22 22:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/06/15 20:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/06/01 19:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/02 10:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/26 14:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/04/30 13:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008/03/13 19:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Decisioneering
[2010/07/15 19:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/07/15 19:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/07/21 09:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/04/07 20:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitex
[2009/07/21 09:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2006/06/02 20:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2006/05/06 05:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanDBX
[2010/06/19 20:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/07/21 09:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/09/29 19:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2008/09/21 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/05 20:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\acccore
[2005/10/24 17:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\ACD Systems
[2005/03/24 04:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\ActiveState
[2010/01/23 17:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Azureus
[2006/11/05 16:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\CDBurnerXPP
[2006/01/21 07:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Common Files
[2008/03/13 19:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Decisioneering
[2005/02/26 17:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Ethereal
[2010/09/29 06:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Genieo
[2006/11/05 07:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Leadertech
[2008/04/29 21:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\LEGO Company
[2006/02/22 07:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\MSNInstaller
[2009/07/21 09:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Nikon
[2006/12/03 09:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Notepad++
[2009/10/31 21:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\postgresql
[2010/07/15 20:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\SPORE
[2010/08/24 10:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\TechWizard
[2010/06/19 20:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\TomTom
[2009/02/27 10:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Unity
[2004/12/25 06:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Leadertech
[2010/09/30 17:07:37 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/09/30 17:07:37 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/10/02 11:13:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/10/02 12:13:03 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/10/03 13:13:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/10/06 17:13:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/06 18:13:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/10/06 19:13:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/09/30 20:18:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/10/01 21:13:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/01 22:13:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/10/02 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/10/02 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/10/03 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/10/03 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/10/06 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/10/06 18:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/10/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/09/30 20:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/10/01 21:00:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/10/01 22:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/09/30 17:09:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/10/02 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/10/02 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/10/03 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/10/03 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/10/06 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/10/06 18:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/10/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/10/01 21:00:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/10/01 22:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/10/01 20:28:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/09/30 17:07:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 14:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/10 14:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/10 14:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/04 17:35:42 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2005/05/29 06:29:16 | 000,000,235 | ---- | M] () -- C:\BPVMFT.rtf
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/04/27 19:12:35 | 000,000,036 | ---- | M] () -- C:\database.db
[2004/12/17 15:55:08 | 000,003,943 | RH-- | M] () -- C:\DELL.SDR
[2001/09/05 23:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2006/02/18 16:41:54 | 000,159,995 | ---- | M] () -- C:\gzip124xN.exe
[2010/10/08 20:30:28 | 795,922,432 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/10 15:14:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/09/26 12:53:38 | 000,001,856 | -H-- | M] () -- C:\IPH.PH
[2009/11/09 21:37:16 | 000,000,552 | ---- | M] () -- C:\LEGO Creator Knights Kingdom Error Log_0.log
[2006/03/17 16:47:05 | 000,000,066 | ---- | M] () -- C:\macCLICKME.html
[2006/03/17 16:47:05 | 000,022,974 | ---- | M] () -- C:\matanui.ico
[2010/09/14 21:17:46 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/14 21:57:39 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/10/08 20:30:26 | 1193,779,200 | -HS- | M] () -- C:\pagefile.sys
[2006/03/17 16:47:05 | 000,000,046 | ---- | M] () -- C:\PLAY.BAT
[2009/01/19 13:30:42 | 000,000,000 | ---- | M] () -- C:\report.txt
[2006/11/02 08:36:51 | 000,558,348 | ---- | M] () -- C:\setup.log
[2006/11/02 08:36:51 | 000,572,540 | ---- | M] () -- C:\setup.log.full
[2004/12/17 16:25:40 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bernie\Desktop\storm bringer.lxf:SummaryInformation
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\SYSTEM32:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
< End of report >


OTL Extras logfile created on: 10/8/2010 8:40:29 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Bernie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.08 Gb Total Space | 13.42 Gb Free Space | 25.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 246.23 Mb Total Space | 63.53 Mb Free Space | 25.80% Space Free | Partition Type: FAT
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BERNIEV
Current User Name: Bernie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.reg [@ = regfile] --

[HKEY_USERS\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] --
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:FiOS Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Perl\bin\perl.exe" = C:\Perl\bin\perl.exe:*:Enabled:Perl Command Line Interpreter -- File not found
"C:\Program Files\LEGO Media\Constructive\LEGO LOCO\Exe\Loco.exe" = C:\Program Files\LEGO Media\Constructive\LEGO LOCO\Exe\Loco.exe:*:Enabled:LOCO Executable -- File not found
"C:\Program Files\LEGO Media\Games\LEGO Chess\Lego Chess.exe" = C:\Program Files\LEGO Media\Games\LEGO Chess\Lego Chess.exe:*:Enabled:Lego Chess -- File not found
"C:\Program Files\SmartWhois\sw.exe" = C:\Program Files\SmartWhois\sw.exe:*:Enabled:SmartWhois -- (TamoSoft)
"C:\WINDOWS\SYSTEM32\javaw.exe" = C:\WINDOWS\SYSTEM32\javaw.exe:*:Enabled:javaw -- (Sun Microsystems, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Java\jdk1.6.0_03\jre\bin\java.exe" = C:\Program Files\Java\jdk1.6.0_03\jre\bin\java.exe:*:Disabled:Java™ Platform SE binary -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0B75A75A-3D2C-479B-ACA0-A17A0B4B7628}" = WIDCOMM BTW Development Kit
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1A911347-4A26-491E-9FD6-795F2C2AA46D}" = WinPET XP 2.5.5
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{2266312B-3502-41EE-82CD-8DC62276D87B}" = Vz In Home Agent
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{300EBE97-0E16-4bf4-B2DD-CEDA6CB46C9C}" = 2400_2500Help
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{38804C45-F95C-44B0-9C0F-2B3C235218D2}" = Web Historian
"{3A66977F-2B6D-4488-8DAA-F6ACC346F70C}" = LicenseManager
"{3B4FF449-09F0-4dcc-8822-3D7BB7F5FED1}" = 2400
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{4004E7A9-C6AF-4A1C-A4D9-FE63F163964C}" = Questionmark Secure Browser
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA Player 4.1
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5C2EBBF9-B81F-47b7-9136-EE70E6740C2A}" = 2400_2500trb
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6447F78D-7C3A-4801-94E3-392DDB8A7FEA}" = AccessData Dongle Driver
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8D9D8304-5241-41EB-BC97-D78E094323B7}_is1" = CDBurnerXP
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9112E78D-4A03-48df-9B68-786E6479CF41}" = 23_24_2500Tour
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A637F36B-2B36-11D4-A322-0001020A6A3D}" = LEGO Creator Knights' Kingdom
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5C8DE40-1AB7-11D4-854E-00A0C99F6AF9}" = LEGO Alpha Team
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CD5DC4AA-7D62-48D9-B756-5925471001FE}" = Microsoft OLE DB Provider for Visual FoxPro
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D111D725-97AB-4654-B866-21700C703E86}" = HHD Software Hex Editor
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D8320DD6-FE47-41DE-B116-4158B7AE3F37}" = ACDSee for Pentax 2.0
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F41105F3-9216-490B-B77F-2594E0CC93F2}" = AccessData KFF Database
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"8461-7759-5462-8226" = Vuze
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM Search" = AIM Search
"AIM_7" = AIM 7
"Ask Toolbar_is1" = Vuze Toolbar
"AVG9Uninstall" = AVG Free 9.0
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"EA Download Manager" = EA Download Manager
"Ethereal" = Ethereal 0.10.14
"Green Eggs and Ham" = Green Eggs and Ham
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 3.5
"ie8" = Windows Internet Explorer 8
"iMesh" = iMesh
"InstallShield_{4004E7A9-C6AF-4A1C-A4D9-FE63F163964C}" = Questionmark Secure Browser
"IsoBuster_is1" = IsoBuster 1.9
"Lawicel canusb driver" = Lawicel canusb driver
"Macallan Outlook Express Extraction" = Macallan Outlook Express Extraction
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"MyWaySearchAssistantDE" = My Way Search Assistant
"Norton CleanSweep" = Norton CleanSweep
"Norton Speed Disk" = Norton Speed Disk 7.0 for Windows NT
"Norton Utilities" = Norton Utilities 2003 for Windows
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OE-Mail Recovery_is1" = OE-Mail Recovery 1.7.7
"OutlookEX Recovery" = OutlookEX Recovery
"Passware Kit 7.1 Enterprise Edition" = Passware Kit 7.1 Enterprise Edition
"PicoZip Recovery Tool 1.02" = PicoZip Recovery Tool 1.02
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"QVP" = Quick View Plus
"RealPlayer 6.0" = RealPlayer
"Sam Spade version 1.14_is1" = Sam Spade version 1.14
"SensitivityToolkit" = NSIS SensitivityToolkit
"SmartWhois" = SmartWhois
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sonic 3D" = Sonic 3D
"Speedy Eggbert" = Speedy Eggbert
"Speedy Eggbert Game" = Speedy Eggbert Game
"ST6UNST #1" = DataLifter v2.0
"Stop_the_Morbuzakh" = Stop the Morbuzakh (remove only)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The Best of Creative Lettering" = The Best of Creative Lettering
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TTB000001.TTB000001Toolbar" = CouponBar
"UnityWebPlayer" = Unity Web Player
"Verizon Help and Support" = Verizon Help and Support Tool
"Verizon Online Help and Support" = Verizon Online Help and Support
"VLC media player" = VLC media player 0.9.2
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHex" = WinHex
"WinPcapInst" = WinPcap 3.1
"WMFDist11" = Windows Media Format 11 runtime
"WS_FTP Password Recoverer 2.5" = WS_FTP Password Recoverer 2.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"LEGO Digital Designer" = LEGO Digital Designer 2.0
"myHomey" = Homey
"New LEGO Digital Designer" = LEGO Digital Designer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/7/2010 8:24:16 PM | Computer Name = BERNIEV | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/7/2010 8:44:09 PM | Computer Name = BERNIEV | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/8/2010 4:00:16 PM | Computer Name = BERNIEV | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/8/2010 4:01:15 PM | Computer Name = BERNIEV | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/8/2010 4:01:15 PM | Computer Name = BERNIEV | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/8/2010 4:01:16 PM | Computer Name = BERNIEV | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/8/2010 4:01:16 PM | Computer Name = BERNIEV | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/8/2010 4:01:16 PM | Computer Name = BERNIEV | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/8/2010 5:10:00 PM | Computer Name = BERNIEV | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/8/2010 5:30:29 PM | Computer Name = BERNIEV | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 10/8/2010 5:21:33 PM | Computer Name = BERNIEV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 10/8/2010 5:24:54 PM | Computer Name = BERNIEV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 10/8/2010 5:30:29 PM | Computer Name = BERNIEV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/8/2010 5:31:12 PM | Computer Name = BERNIEV | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/8/2010 8:31:58 PM | Computer Name = BERNIEV | Source = Service Control Manager | ID = 7000
Description = The Keil ULINK SERVICE (keilul.sys) service failed to start due to
the following error: %%1058

Error - 10/8/2010 8:31:58 PM | Computer Name = BERNIEV | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows User Mode Driver
Framework service to connect.

Error - 10/8/2010 8:31:58 PM | Computer Name = BERNIEV | Source = Service Control Manager | ID = 7000
Description = The Windows User Mode Driver Framework service failed to start due
to the following error: %%1053

Error - 10/8/2010 8:32:48 PM | Computer Name = BERNIEV | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 10/8/2010 8:41:03 PM | Computer Name = BERNIEV | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 10/8/2010 8:41:03 PM | Computer Name = BERNIEV | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-08 21:03:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Bernie\LOCALS~1\Temp\pgtdqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text lzdexyl.sys F74D60CD 67 Bytes [2E, 1B, 00, 00, 66, 21, 45, ...]
.text lzdexyl.sys F74D6111 692 Bytes [44, 24, 04, B9, EF, 78, 56, ...]
.text lzdexyl.sys F74D63D3 92 Bytes [75, 00, 66, 39, C5, E9, C2, ...]
.text lzdexyl.sys F74D6432 134 Bytes [60, 9C, 8F, 44, 24, 40, 66, ...]
.text lzdexyl.sys F74D64BA 8 Bytes [83, ED, 04, 68, 23, 94, 8C, ...] {SUB EBP, 0x4; PUSH 0xa8c9423}
.text ...
? C:\WINDOWS\system32\drivers\lzdexyl.sys A device attached to the system is not functioning.
PAGE Ntfs.sys F738DE55 4 Bytes CALL 83B80469
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF53FE360, 0x3E57A5, 0xE8000020]
init C:\WINDOWS\SYSTEM32\drivers\samfilt.sys entry point in "init" section [0xF7266D00]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF5334F80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB000A
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CC000A
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CA000C
.text C:\WINDOWS\System32\svchost.exe[1208] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00D7000A
.text C:\WINDOWS\System32\svchost.exe[1208] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EA000A
.text C:\WINDOWS\Explorer.EXE[1664] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F7000A
.text C:\WINDOWS\Explorer.EXE[1664] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F8000A
.text C:\WINDOWS\Explorer.EXE[1664] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F6000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83AE7CC0
Device \Driver\Tcpip \Device\Ip 83774190

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Tcp 83774190

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Udp 83774190

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp 83774190

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\IPMULTICAST 83774190

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] lzdexyl <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\lzdexyl@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\lzdexyl@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\lzdexyl@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\lzdexyl@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\lzdexyl@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\lzdexyl@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\lzdexyl@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\lzdexyl@Group Boot Bus Extender


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 10 October 2010 - 07:54 AM

Hello, bpv_newhacker.
You are definitely infected with a rootkit. We need a little more info before we run our tools.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.
P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case Vuze). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.







Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/...sk-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.






Step 1

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 2

Scan With RKUnHooker
  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

QUOTE
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 bpv_newhacker

bpv_newhacker
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern new jersey
  • Local time:03:49 AM

Posted 10 October 2010 - 11:50 AM


Hi,
I am worried about what you said about a backdoor trojan. the computer is used for paypal on ebay stuff, some online banking, and for amazon where I buy stuff with my amazon visa. when I first noticed the virus a week ago I may have only spent the first day connected to the NET but I had enough sense to keep it disconnected from the net, but I did reconnect only when I brought the PC up in 'safe mode with networking' to get my email, but for the last 5 days, any time I brought it up in normal mode, it was disconnected. Are the chances are I may be ok? If you think I should I will change my passwords on these accounts. how about VISA and paypal, should I go ahead with discontinuing these? thanks for your help. here are the logs:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 178):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0x83B6C000 \WINDOWS\system32\KDCOM.DLL
0xF7A1D000 \WINDOWS\system32\BOOTVID.dll
0xF75BA000 ACPI.sys
0xF7B09000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75A9000 pci.sys
0xF7609000 isapnp.sys
0xF74D5000 lzdexyl.sys
0xF7BD1000 pciide.sys
0xF7889000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B0B000 aliide.sys
0xF7B0D000 cmdide.sys
0xF7B0F000 toside.sys
0xF7B11000 viaide.sys
0xF7B13000 intelide.sys
0xF7619000 MountMgr.sys
0xF74B6000 ftdisk.sys
0xF7891000 PartMgr.sys
0xF7629000 VolSnap.sys
0xF7A21000 cpqarray.sys
0xF749E000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7486000 atapi.sys
0xF7A25000 aha154x.sys
0xF7899000 sparrow.sys
0xF7A29000 symc810.sys
0xF7639000 aic78xx.sys
0xF7A2D000 dac960nt.sys
0xF7649000 ql10wnt.sys
0xF7A31000 amsint.sys
0xF78A1000 asc.sys
0xF7A35000 asc3550.sys
0xF78A9000 mraid35x.sys
0xF78B1000 i2omp.sys
0xF7A39000 ini910u.sys
0xF7659000 ql1240.sys
0xF7669000 aic78u2.sys
0xF78B9000 symc8xx.sys
0xF78C1000 sym_hi.sys
0xF78C9000 sym_u3.sys
0xF78D1000 ABP480N5.SYS
0xF78D9000 asc3350p.sys
0xF7B15000 cd20xrnt.sys
0xF7679000 ultra.sys
0xF746D000 adpu160m.sys
0xF78E1000 dpti2o.sys
0xF7689000 ql1080.sys
0xF7699000 ql1280.sys
0xF76A9000 ql12160.sys
0xF78E9000 perc2.sys
0xF7B17000 perc2hib.sys
0xF78F1000 hpn.sys
0xF7A3D000 cbidf2k.sys
0xF7441000 dac2w2k.sys
0xF76B9000 disk.sys
0xF76C9000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7421000 fltmgr.sys
0xF740C000 drvmcdb.sys
0xF78F9000 PxHelp20.sys
0xF73F5000 KSecDD.sys
0xF7368000 Ntfs.sys
0xF733B000 NDIS.sys
0xF76D9000 sisagp.sys
0xF76E9000 viaagp.sys
0xF7321000 Mup.sys
0xF76F9000 agp440.sys
0xF7709000 alim1541.sys
0xF7719000 amdagp.sys
0xF7729000 agpCPQ.sys
0xF6AA1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5A07000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF59F3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7999000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF59CF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79A1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5281000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF525B000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF79B1000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6A91000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF6A81000 \SystemRoot\SYSTEM32\drivers\samfilt.sys
0xF79B9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6A71000 \SystemRoot\system32\DRIVERS\serial.sys
0xF68BA000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF5247000 \SystemRoot\system32\DRIVERS\parport.sys
0xF6A61000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF68B6000 \SystemRoot\system32\drivers\pfc.sys
0xF7250000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF7B5B000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7240000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7230000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5224000 \SystemRoot\system32\DRIVERS\ks.sys
0xF51E4000 \SystemRoot\system32\drivers\smwdm.sys
0xF51C0000 \SystemRoot\system32\drivers\portcls.sys
0xF7220000 \SystemRoot\system32\drivers\drmk.sys
0xF5162000 \SystemRoot\system32\drivers\senfilt.sys
0xF7D50000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7759000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF68AA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF514B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7769000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7779000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79C9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF513A000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7789000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79D1000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79D9000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77B9000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79E1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B67000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF50DC000 \SystemRoot\system32\DRIVERS\update.sys
0xF16B1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF2A70000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF2A60000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF100E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7941000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xED94B000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF1000000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF0AB8000 \SystemRoot\System32\Drivers\Null.SYS
0xF0B55000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7949000 \SystemRoot\system32\drivers\ssrtln.sys
0xF7951000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7959000 \SystemRoot\System32\drivers\vga.sys
0xF0B53000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF0B51000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7961000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7969000 \SystemRoot\System32\Drivers\Npfs.SYS
0xED93F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAE6AD000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAE654000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAE61A000 \SystemRoot\System32\Drivers\avgtdix.sys
0xAE5F4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF245F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAE5CC000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAE5AA000 \SystemRoot\System32\drivers\afd.sys
0xF244F000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7971000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xAE57F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAE50F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF243F000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7979000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xAE4DB000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF42C6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF0B0F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF5B45000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF0B0B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAE4B7000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF7869000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAE49F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B89000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7AE9000 \SystemRoot\System32\drivers\Dxapi.sys
0xF07F9000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xF0928000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7829000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7CB1000 \SystemRoot\system32\dla\tfsndres.sys
0xAE289000 \SystemRoot\system32\dla\tfsnifs.sys
0xED3B6000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7BB7000 \SystemRoot\system32\dla\tfsnpool.sys
0xF09BD000 \SystemRoot\system32\dla\tfsnboio.sys
0xF7260000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7D3B000 \SystemRoot\system32\dla\tfsndrct.sys
0xAE248000 \SystemRoot\system32\dla\tfsnudf.sys
0xAE22F000 \SystemRoot\system32\dla\tfsnudfa.sys
0xF7AD5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xADFFA000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xADFBD000 \SystemRoot\system32\drivers\wdmaud.sys
0xAE033000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xF77C9000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7B19000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xADDB4000 \SystemRoot\system32\DRIVERS\srv.sys
0xAD86E000 \SystemRoot\System32\Drivers\HTTP.sys
0xAD717000 \??\C:\DOCUME~1\Bernie\LOCALS~1\Temp\pgtdqpog.sys
0xF07E9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xACD6C000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
656 C:\WINDOWS\SYSTEM32\smss.exe
728 csrss.exe
756 C:\WINDOWS\SYSTEM32\winlogon.exe
804 C:\WINDOWS\SYSTEM32\services.exe
816 C:\WINDOWS\SYSTEM32\lsass.exe
1004 C:\WINDOWS\SYSTEM32\nvsvc32.exe
1032 C:\WINDOWS\SYSTEM32\svchost.exe
1140 svchost.exe
1200 C:\WINDOWS\SYSTEM32\svchost.exe
1300 C:\Program Files\AVG\AVG9\avgchsvx.exe
1308 C:\Program Files\AVG\AVG9\avgrsx.exe
1312 svchost.exe
1416 svchost.exe
1596 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1600 C:\WINDOWS\explorer.exe
1720 C:\WINDOWS\SYSTEM32\spoolsv.exe
2016 svchost.exe
188 C:\Program Files\AVG\AVG9\avgwdsvc.exe
360 C:\Program Files\Common Files\Motive\McciCMService.exe
532 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
584 C:\Program Files\CDBurnerXP\NMSAccess.exe
780 C:\WINDOWS\SYSTEM32\ctfmon.exe
1336 C:\WINDOWS\SYSTEM32\svchost.exe
932 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2180 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
2220 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
2252 C:\Program Files\AVG\AVG9\avgnsx.exe
1148 alg.exe
3436 C:\Program Files\Microsoft Office\Office\WINWORD.EXE
3444 C:\WINDOWS\MSAGENT\agentsvr.exe
2912 C:\Documents and Settings\Bernie\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: IC35L060AVV207-0, Rev: V22OA66A

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 773EE7C70C4978953E0A54E5EF8EAE5EC642416B


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF5281000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 7659520 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 191.07 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 5902336 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 191.07 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF5A07000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF74D5000 lzdexyl.sys 868352 bytes
0xF7368000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAE50F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5162000 C:\WINDOWS\system32\drivers\senfilt.sys 385024 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xF50DC000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAE654000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xADDB4000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAD86E000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF51E4000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xAE61A000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xAE4DB000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF75BA000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xADFFA000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF733B000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF7441000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xACD6C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAE57F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAE5CC000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF525B000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xAE5F4000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAE4B7000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF51C0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF59CF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5224000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAE5AA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7421000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74B6000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7321000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF746D000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xAE248000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xAE22F000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7486000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAE49F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF749E000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF73F5000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF514B000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAD717000 C:\DOCUME~1\Bernie\LOCALS~1\Temp\pgtdqpog.sys 94208 bytes
0xAE289000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF740C000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xADFBD000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5247000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF59F3000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAE6AD000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF75A9000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF513A000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7869000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7240000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF6A71000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7220000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7230000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF77C9000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF2A60000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7669000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF7639000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF76C9000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF6A91000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7759000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7629000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76A9000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7699000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7779000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76F9000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7729000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF7709000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF7719000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF243F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF6A61000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7619000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7769000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF76E9000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF7829000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF7609000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF2A70000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7689000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7659000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF76D9000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF77B9000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7250000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
0xF76B9000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF5B45000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF6AA1000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7789000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF244F000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF420B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7649000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF6A81000 C:\WINDOWS\SYSTEM32\drivers\samfilt.sys 36864 bytes (Dolphin, Inc., Samfilt.sys)
0xF7260000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7679000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF245F000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7969000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7971000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 32768 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xF78B9000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF78C9000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF42C6000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF79A1000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF78A1000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF79B1000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7951000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78F1000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF7889000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78E9000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF78C1000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF09BD000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF07E9000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF78D1000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF78D9000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF7979000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF79B9000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF79E1000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7949000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF7999000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7959000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF78E1000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF7941000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF78B1000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF78A9000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF7961000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7891000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF79D1000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78F9000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF79D9000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7899000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF79C9000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF07F9000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A25000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF7A35000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xAE033000 C:\WINDOWS\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xF7A3D000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF7A21000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF7A2D000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF7A39000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF16B1000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF7AD5000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF68BA000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7A29000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xED3B6000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7A31000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF7A1D000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7AE9000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF0B0F000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xED94B000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF0B0B000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF68AA000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF68B6000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xED93F000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B0B000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF0B55000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B15000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7B0D000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF7B19000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xF7B89000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF1000000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B13000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF0B53000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B17000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF0B51000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B5B000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7B67000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7BB7000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7B0F000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF100E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B11000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7B09000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x83B6C000 C:\WINDOWS\system32\KDCOM.DLL 7040 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D50000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF0928000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF0AB8000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BD1000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7D3B000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7CB1000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0x83B26138 unknown_irp_handler 3784 bytes
0x837B33C0 unknown_irp_handler 3136 bytes
!!!!!!!!!!!Hidden driver: 0x83B4DA9F ?_empty_? 1377 bytes
==============================================
>Stealth
==============================================
0xF7486000 WARNING: suspicious driver modification [atapi.sys::0x83B4DA9F]
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\lzdexyl.sys]




#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 11 October 2010 - 05:37 PM

Hello, bpv_newhacker.

Well, the latest scans show the Tidserv/TDL/TDSS rootkit, plus the Whistler MBR rootkit. So, you definitely have backdoor rootkits.

Hard to say. I don't know if I would discontinue those accounts, but I would let folks know to keep an eye on your accounts. I would also monitor them yourself for a bit and definitely change the password. Closing or getting a new number is up to you and your credit card company. These rootkits would still be running in Safe Mode.





Step 1


First, you have a confirmed infected Master Boot Record (MBR). This means you likely do not have access to a recovery partition if you had/have one on your computer. If you have recovery CDs you should be OK. If not, this is why you should make CDs if you computer only comes with a recovery partition. If you haven't made the CDs, you may want to order them from the vendor of your laptop for the future.

Now, we need to get the MBR back. If you have NOT backed up yet, I strongly suggest you back up important documents as you have a fairly infected machine. Don't back up anything in C:\windows, system files (DLL or SYS) or program files (EXE, COM, BAT, PIF, SCR, etc.). DO back up documents, photos, videos, music and saved games and email inbox.
  1. First, run MBR_check as before.
  2. When it says you have a non-standard or infected MBR, type "Y" and press "Enter" for more options.
  3. Type 2 and press Enter at the next menu to restore the MBR of a physical disk with a standard boot code.
  4. Type the number 0 and press Enter to fix physical disk number zero.
  5. Type 1 and press Enter to select the Windows XP MBR code to match your operating system version.
  6. Type YES and press Enter to confirm.
  7. Press Enter to exit.
  8. Please post the resulting logfile that appears on your desktop in your reply.




Step 2

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 bpv_newhacker

bpv_newhacker
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern new jersey
  • Local time:03:49 AM

Posted 12 October 2010 - 08:50 PM

Hi,
I performed the 2 tasks you listed, MBRcheck and combofix. I ran MBRcheck and it fixed the master boot record, and then I ran combofix. A couple of things happened. first, it said that I had norton anti-virus running, but I removed that from my computer years ago. I looked at the registry and saw alot of entries mentioning norton, so I deleted some of them but I decided to continue on because I knew there was no norton anti-virus running. when I continued running combofix, it still complained and I just ignored it and continued letting it do its thing. secondly, it still said the MBR was infected with another named rootkit, but I didn't write it down. it's probably in the log.
after it was finished, I played around on the computer a little bit, and I didn't notice anything. but when I opened internet explorer, it redirected me to an advertizing page, that I had to cancel a couple of dialogs to continue and then it went to my home page. when I ran firefox nothing like this happened and it seemed fine. here are the logs:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 176):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0x83B6C000 \WINDOWS\system32\KDCOM.DLL
0xF7A1D000 \WINDOWS\system32\BOOTVID.dll
0xF75BA000 ACPI.sys
0xF7B09000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75A9000 pci.sys
0xF7609000 isapnp.sys
0xF74D5000 lzdexyl.sys
0xF7BD1000 pciide.sys
0xF7889000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B0B000 aliide.sys
0xF7B0D000 cmdide.sys
0xF7B0F000 toside.sys
0xF7B11000 viaide.sys
0xF7B13000 intelide.sys
0xF7619000 MountMgr.sys
0xF74B6000 ftdisk.sys
0xF7891000 PartMgr.sys
0xF7629000 VolSnap.sys
0xF7A21000 cpqarray.sys
0xF749E000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7486000 atapi.sys
0xF7A25000 aha154x.sys
0xF7899000 sparrow.sys
0xF7A29000 symc810.sys
0xF7639000 aic78xx.sys
0xF7A2D000 dac960nt.sys
0xF7649000 ql10wnt.sys
0xF7A31000 amsint.sys
0xF78A1000 asc.sys
0xF7A35000 asc3550.sys
0xF78A9000 mraid35x.sys
0xF78B1000 i2omp.sys
0xF7A39000 ini910u.sys
0xF7659000 ql1240.sys
0xF7669000 aic78u2.sys
0xF78B9000 symc8xx.sys
0xF78C1000 sym_hi.sys
0xF78C9000 sym_u3.sys
0xF78D1000 ABP480N5.SYS
0xF78D9000 asc3350p.sys
0xF7B15000 cd20xrnt.sys
0xF7679000 ultra.sys
0xF746D000 adpu160m.sys
0xF78E1000 dpti2o.sys
0xF7689000 ql1080.sys
0xF7699000 ql1280.sys
0xF76A9000 ql12160.sys
0xF78E9000 perc2.sys
0xF7B17000 perc2hib.sys
0xF78F1000 hpn.sys
0xF7A3D000 cbidf2k.sys
0xF7441000 dac2w2k.sys
0xF76B9000 disk.sys
0xF76C9000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7421000 fltmgr.sys
0xF740C000 drvmcdb.sys
0xF78F9000 PxHelp20.sys
0xF73F5000 KSecDD.sys
0xF7368000 Ntfs.sys
0xF733B000 NDIS.sys
0xF76D9000 sisagp.sys
0xF76E9000 viaagp.sys
0xF7321000 Mup.sys
0xF76F9000 agp440.sys
0xF7709000 alim1541.sys
0xF7719000 amdagp.sys
0xF7729000 agpCPQ.sys
0xF6A4F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF59F5000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF59E1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF79A9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF59BD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79B1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF526F000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF5249000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF79B9000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7250000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7240000 \SystemRoot\SYSTEM32\drivers\samfilt.sys
0xF79C1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7230000 \SystemRoot\system32\DRIVERS\serial.sys
0xF68A8000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF5235000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7220000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF68A4000 \SystemRoot\system32\drivers\pfc.sys
0xF7210000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF7B59000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7200000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7749000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5212000 \SystemRoot\system32\DRIVERS\ks.sys
0xF51D2000 \SystemRoot\system32\drivers\smwdm.sys
0xF51AE000 \SystemRoot\system32\drivers\portcls.sys
0xF7759000 \SystemRoot\system32\drivers\drmk.sys
0xF5150000 \SystemRoot\system32\drivers\senfilt.sys
0xF7D55000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7789000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6890000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5139000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7799000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77A9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79C9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5128000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77B9000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79D1000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79D9000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77C9000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79E1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B63000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF50CA000 \SystemRoot\system32\DRIVERS\update.sys
0xF7ACD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF5B93000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAEC43000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B53000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAEC07000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xAA34F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xAF0D2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C28000 \SystemRoot\System32\Drivers\Null.SYS
0xAF0D0000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7979000 \SystemRoot\system32\drivers\ssrtln.sys
0xF7981000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7989000 \SystemRoot\System32\drivers\vga.sys
0xAF0CE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xAF0CC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7991000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7999000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAA343000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA954B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA94F2000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA94B8000 \SystemRoot\System32\Drivers\avgtdix.sys
0xA9492000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF5B73000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF79A1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA9A00000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB06EA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA99FC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA946A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA9448000 \SystemRoot\System32\drivers\afd.sys
0xB06CA000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF4308000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xA941D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA93AD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB06BA000 \SystemRoot\System32\Drivers\Fips.SYS
0xAE9A2000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9361000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B77000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAEA3A000 \SystemRoot\System32\drivers\Dxapi.sys
0xB05E8000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C5D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAEB37000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7CFF000 \SystemRoot\system32\dla\tfsndres.sys
0xA914B000 \SystemRoot\system32\dla\tfsnifs.sys
0xAED7C000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7B87000 \SystemRoot\system32\dla\tfsnpool.sys
0xF7A01000 \SystemRoot\system32\dla\tfsnboio.sys
0xAE9D2000 \SystemRoot\system32\dla\tfsncofs.sys
0xA9819000 \SystemRoot\system32\dla\tfsndrct.sys
0xA9132000 \SystemRoot\system32\dla\tfsnudf.sys
0xA9119000 \SystemRoot\system32\dla\tfsnudfa.sys
0xA90F5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8E94000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA8E7F000 \SystemRoot\system32\drivers\wdmaud.sys
0xF6ADF000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8F05000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xA8D2C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF7B57000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA8C41000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8750000 \SystemRoot\System32\Drivers\HTTP.sys
0xB05D8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7BB7000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xA860D000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 30):
0 System Idle Process
4 System
656 C:\WINDOWS\SYSTEM32\smss.exe
728 csrss.exe
756 C:\WINDOWS\SYSTEM32\winlogon.exe
804 C:\WINDOWS\SYSTEM32\services.exe
816 C:\WINDOWS\SYSTEM32\lsass.exe
1000 C:\WINDOWS\SYSTEM32\nvsvc32.exe
1024 C:\WINDOWS\SYSTEM32\svchost.exe
1120 svchost.exe
1196 C:\WINDOWS\SYSTEM32\svchost.exe
1304 svchost.exe
1400 svchost.exe
1656 C:\WINDOWS\explorer.exe
1716 C:\WINDOWS\SYSTEM32\spoolsv.exe
172 svchost.exe
456 C:\Program Files\Common Files\Motive\McciCMService.exe
672 C:\Program Files\CDBurnerXP\NMSAccess.exe
1236 C:\WINDOWS\SYSTEM32\svchost.exe
1300 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
1368 C:\WINDOWS\SYSTEM32\rundll32.exe
1468 C:\WINDOWS\SYSTEM32\ctfmon.exe
2060 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
2076 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2144 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
2816 alg.exe
3264 C:\WINDOWS\SYSTEM32\igfxsrvc.exe
3120 C:\Program Files\Microsoft Office\Office\WINWORD.EXE
3156 C:\WINDOWS\MSAGENT\agentsvr.exe
2900 C:\Documents and Settings\Bernie\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: IC35L060AVV207-0, Rev: V22OA66A

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 773EE7C70C4978953E0A54E5EF8EAE5EC642416B


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!




ComboFix 10-10-11.01 - Bernie 10/12/2010 20:47:11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.537 [GMT -4:00]
Running from: c:\documents and settings\Bernie\Desktop\etavaresCF.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bernie\Application Data\jsdfgs.bat
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat

.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))
.

2010-10-13 00:24 . 2010-10-13 00:24 -------- d-sh--w- c:\documents and settings\LocalService\UserData
2010-10-08 20:21 . 2010-10-08 20:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-10-02 17:08 . 2010-10-02 17:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-10-01 00:51 . 2010-10-01 00:54 -------- d-----w- c:\documents and settings\Administrator.BERNIEV
2010-09-29 10:44 . 2010-09-30 20:57 0 ----a-w- c:\windows\Nxakevifohahuroz.bin
2010-09-29 10:44 . 2010-09-29 10:44 -------- d-----w- c:\documents and settings\Bernie\Local Settings\Application Data\{D67575B2-85E2-4A33-9FF3-1745417C467B}
2010-09-29 10:43 . 2010-09-29 10:43 -------- d-----w- c:\documents and settings\Bernie\Application Data\Genieo
2010-09-29 10:42 . 2010-10-13 01:10 843776 ----a-w- c:\windows\system32\drivers\lzdexyl.sys
2010-09-29 10:41 . 2010-09-29 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-09-26 16:53 . 2010-09-26 16:53 -------- d-----w- c:\program files\Common Files\Software Update Utility

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
CODE
<pre>
c:\program files\Analog Devices\SoundMAX\SMax4PNP .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Sonic\Update Manager\sgtray .exe
c:\program files\Dell\Media Experience\PCMService .exe
c:\program files\DellSupport\DSAgnt .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\HP\hpcoretech\hpcmpmgr .exe
c:\program files\Java\jre1.6.0_03\bin\jusched .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\TomTom HOME 2\TomTomHOMERunner .exe
c:\program files\Verizon\McciTrayApp .exe
c:\windows\SYSTEM32\rundll32 .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [N/A]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [N/A]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [N/A]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-10-12 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "qvphook.dll" [2003-11-21 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartWhois\\sw.exe"=
"c:\\WINDOWS\\SYSTEM32\\javaw.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]
S0 vbxdi;vbxdi;c:\windows\system32\drivers\hgrcoatp.sys --> c:\windows\system32\drivers\hgrcoatp.sys [?]
S2 KEILUL;Keil ULINK SERVICE (keilul.sys);c:\windows\SYSTEM32\DRIVERS\keilul.sys [1/13/2007 1:11 PM 35306]
S2 Parclass;Parclass;c:\windows\SYSTEM32\DRIVERS\parclass.sys [4/29/2006 5:05 AM 19824]
S3 dsiarhwprog;dsiarhwprog;c:\windows\SYSTEM32\DRIVERS\dsiarhwprog.sys [1/18/2010 9:58 AM 29184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [8/2/2005 5:10 PM 32512]
S3 PIOdriver;PIOdriver;c:\windows\SYSTEM32\DRIVERS\PIOdriver.sys [2/21/2006 5:39 PM 3712]
S4 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\PostgreSQL\8.2\bin\pg_ctl.exe [10/31/2008 4:42 AM 94376]

--- Other Services/Drivers In Memory ---

*Deregistered* - lzdexyl
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bernie\Application Data\Mozilla\Firefox\Profiles\oeatlefi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101059100&s=
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {D67575B2-85E2-4A33-9FF3-1745417C467B} - c:\documents and settings\Bernie\Local Settings\Application Data\{D67575B2-85E2-4A33-9FF3-1745417C467B}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101059100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-Sonic 3D - c:\sega\Sonic3D\directx\setup
AddRemove-Verizon Online Help and Support - c:\progra~1\Verizon\UNWISE.EXE



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x83B12C56]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76def28
\Driver\ACPI -> ACPI.sys @ 0xf75d1cb8
\Driver\atapi -> atapi.sys @ 0xf749d852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf734fbb0
PacketIndicateHandler -> NDIS.sys @ 0xf733ea0d
SendHandler -> NDIS.sys @ 0xf7352b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lzdexyl]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,0e,f7,c8,cf,48,33,4e,bb,97,3d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,0e,f7,c8,cf,48,33,4e,bb,97,3d,\

[HKEY_USERS\S-1-5-21-147951563-3186293499-1005825786-1006\Software\SecuROM\License information*]
"datasecu"=hex:a8,74,8d,f3,3d,12,33,f1,d6,40,fe,70,b0,42,8b,ae,34,ca,e8,18,59,
2f,3d,be,69,e7,0c,fa,bd,f0,cf,bc,6e,a3,1c,8a,74,1c,ad,2d,c6,d4,0c,31,93,be,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1140)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\CDBurnerXP\NMSAccess.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-10-12 21:19:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-13 01:19

Pre-Run: 16,014,372,864 bytes free
Post-Run: 18,334,695,424 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 57AE11877240931DE4FCAD1506B93489


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 13 October 2010 - 05:25 PM

Hello, bpv_newhacker.


Step 1
  1. Download TDSSKiller.exe and save it to your desktop.
  2. Double-click TDSSKiller.exe to run it.
  3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  4. Click Start scan and allow it to scan for Malicious objects.
  5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  8. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  9. If no reboot is required, click on Report. A log file should appear.
  10. Please post the contents of the logfile in your next reply



Step 2

Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/topic351160.html

Collect::
c:\windows\system32\drivers\hgrcoatp.sys
c:\windows\SYSTEM32\DRIVERS\dsiarhwprog.sys
Folder::
c:\documents and settings\Bernie\Local Settings\Application Data\{D67575B2-85E2-4A33-9FF3-1745417C467B}
Rootkit::
c:\windows\system32\drivers\lzdexyl.sys
RenV::
c:\program files\Analog Devices\SoundMAX\SMax4PNP .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Sonic\Update Manager\sgtray .exe
c:\program files\Dell\Media Experience\PCMService .exe
c:\program files\DellSupport\DSAgnt .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\HP\hpcoretech\hpcmpmgr .exe
c:\program files\Java\jre1.6.0_03\bin\jusched .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\TomTom HOME 2\TomTomHOMERunner .exe
c:\program files\Verizon\McciTrayApp .exe
c:\windows\SYSTEM32\rundll32 .exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lzdexyl]
Driver::
vbxdi
dsiarhwprog
lzdexyl
File::
c:\windows\Nxakevifohahuroz.bin
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

etavares

EDIT: paste as codebox not quotebox

Edited by etavares, 13 October 2010 - 05:25 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 bpv_newhacker

bpv_newhacker
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern new jersey
  • Local time:03:49 AM

Posted 13 October 2010 - 08:54 PM

Hi,

I carried out you instructions. tdsskiller executed and created it's log. combofix with the script
had some wierd error message about swreg.cfxxe not found or something. I saw it 3 or 4 times pop during the whole process but it finished and created its log. It mentioned a name of a file I seen over the past week and a half that I knew looked suspicious and this pass of combofix mentioned it in the report. it was called lzdexyl.sys . for grinnies I tried to copy it from \windows\system32\drivers but it said the file was corrupted. when combofix was finished, it was still in the directory and it allowed me to copy it over now. I just wanted to examine it to see what it is doing.
I don't know why this file wasn't cleaned and if it means anything why it wasn't. here are the 2 logs:




2010/10/13 20:26:43.0828 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/13 20:26:43.0828 ================================================================================
2010/10/13 20:26:43.0828 SystemInfo:
2010/10/13 20:26:43.0828
2010/10/13 20:26:43.0828 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/13 20:26:43.0828 Product type: Workstation
2010/10/13 20:26:43.0828 ComputerName: BERNIEV
2010/10/13 20:26:43.0828 UserName: Bernie
2010/10/13 20:26:43.0828 Windows directory: C:\WINDOWS
2010/10/13 20:26:43.0828 System windows directory: C:\WINDOWS
2010/10/13 20:26:43.0828 Processor architecture: Intel x86
2010/10/13 20:26:43.0828 Number of processors: 1
2010/10/13 20:26:43.0828 Page size: 0x1000
2010/10/13 20:26:43.0828 Boot type: Normal boot
2010/10/13 20:26:43.0828 ================================================================================
2010/10/13 20:26:44.0015 Initialize success
2010/10/13 20:27:30.0515 ================================================================================
2010/10/13 20:27:30.0515 Scan started
2010/10/13 20:27:30.0515 Mode: Manual;
2010/10/13 20:27:30.0515 ================================================================================
2010/10/13 20:27:30.0890 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/13 20:27:30.0984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/13 20:27:31.0062 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/13 20:27:31.0140 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/13 20:27:31.0265 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/13 20:27:31.0375 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/13 20:27:31.0468 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2010/10/13 20:27:31.0546 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/13 20:27:31.0640 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/13 20:27:31.0750 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/13 20:27:31.0859 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/13 20:27:31.0953 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/13 20:27:32.0062 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/13 20:27:32.0156 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/13 20:27:32.0296 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/13 20:27:32.0515 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/13 20:27:32.0750 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
2010/10/13 20:27:32.0859 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/13 20:27:32.0937 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/13 20:27:33.0046 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/13 20:27:33.0171 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/10/13 20:27:33.0296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/13 20:27:33.0390 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/13 20:27:33.0515 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/13 20:27:33.0625 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/13 20:27:33.0765 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/13 20:27:34.0140 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/13 20:27:34.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/13 20:27:34.0359 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/13 20:27:34.0453 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/13 20:27:34.0562 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/13 20:27:34.0656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/13 20:27:34.0859 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/13 20:27:34.0984 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/13 20:27:35.0093 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/13 20:27:35.0187 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/13 20:27:35.0328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/13 20:27:35.0421 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/13 20:27:35.0531 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/13 20:27:35.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/13 20:27:35.0718 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/13 20:27:35.0812 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/13 20:27:35.0921 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/13 20:27:36.0000 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/10/13 20:27:36.0109 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/10/13 20:27:36.0218 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\WINDOWS\system32\Drivers\dsiarhwprog.sys
2010/10/13 20:27:36.0328 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/10/13 20:27:36.0437 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/10/13 20:27:36.0531 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/13 20:27:36.0656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/13 20:27:36.0734 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/13 20:27:36.0828 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/13 20:27:36.0906 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/13 20:27:36.0984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/13 20:27:37.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/13 20:27:37.0140 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\WINDOWS\system32\drivers\ftdibus.sys
2010/10/13 20:27:37.0250 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/13 20:27:37.0375 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\WINDOWS\system32\drivers\ftser2k.sys
2010/10/13 20:27:37.0453 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/13 20:27:37.0609 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/13 20:27:37.0718 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/13 20:27:38.0078 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/10/13 20:27:38.0218 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/10/13 20:27:38.0312 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/10/13 20:27:38.0406 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/13 20:27:38.0500 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/13 20:27:38.0593 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/13 20:27:38.0687 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/13 20:27:38.0796 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/10/13 20:27:38.0921 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/13 20:27:39.0031 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/13 20:27:39.0125 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/13 20:27:39.0218 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/13 20:27:39.0328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/13 20:27:39.0421 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/13 20:27:39.0531 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/13 20:27:39.0640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/13 20:27:39.0718 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/13 20:27:39.0828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/13 20:27:39.0937 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/13 20:27:40.0000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/13 20:27:40.0078 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/13 20:27:40.0171 KEILUL (147ebbe6d4b2e95ac0b527c2b7d3fe84) C:\WINDOWS\system32\DRIVERS\keilul.sys
2010/10/13 20:27:40.0265 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/13 20:27:40.0375 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/13 20:27:40.0609 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2010/10/13 20:27:40.0640 Suspicious service (NoAccess): lzdexyl
2010/10/13 20:27:40.0781 lzdexyl (261d6003bf399de471bbc3ea93e52417) C:\WINDOWS\system32\drivers\lzdexyl.sys
2010/10/13 20:27:40.0781 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\lzdexyl.sys. md5: 261d6003bf399de471bbc3ea93e52417
2010/10/13 20:27:40.0796 lzdexyl - detected Locked service (1)
2010/10/13 20:27:40.0906 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/13 20:27:40.0984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/13 20:27:41.0078 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/13 20:27:41.0171 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/13 20:27:41.0281 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/13 20:27:41.0375 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/13 20:27:41.0484 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/10/13 20:27:41.0578 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/10/13 20:27:41.0671 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/13 20:27:41.0781 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/13 20:27:41.0890 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/13 20:27:41.0968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/13 20:27:42.0062 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/13 20:27:42.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/13 20:27:42.0250 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/13 20:27:42.0343 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/13 20:27:42.0437 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/13 20:27:42.0546 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/13 20:27:42.0625 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/13 20:27:42.0703 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/13 20:27:42.0781 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/13 20:27:42.0859 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/13 20:27:42.0953 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/13 20:27:43.0093 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/10/13 20:27:43.0265 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
2010/10/13 20:27:43.0484 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/13 20:27:43.0593 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/13 20:27:43.0718 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/13 20:27:44.0015 nv (4c3696c1ed1a36629ebb348bf745a328) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/13 20:27:44.0296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/13 20:27:44.0390 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/13 20:27:44.0500 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2010/10/13 20:27:44.0656 Parclass (4512940ecd930438670cdca7fff1a878) C:\WINDOWS\System32\Drivers\Parclass.sys
2010/10/13 20:27:44.0750 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/13 20:27:44.0828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/13 20:27:44.0906 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/13 20:27:45.0000 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/13 20:27:45.0125 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/13 20:27:45.0265 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/13 20:27:45.0546 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/13 20:27:45.0625 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/13 20:27:45.0734 pfc (5903fa75200807ad739286bbf40c4904) C:\WINDOWS\system32\drivers\pfc.sys
2010/10/13 20:27:45.0859 PIOdriver (69809aedd2c4a6ec3ef4e9f8dd00e045) C:\WINDOWS\system32\drivers\PIOdriver.sys
2010/10/13 20:27:45.0984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/13 20:27:46.0062 ProcObsrv (8b6c4d8b1eb45bf462a32afb303c319a) C:\Program Files\Questionmark\QS\ProcObsrv.sys
2010/10/13 20:27:46.0171 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/13 20:27:46.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/13 20:27:46.0312 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/13 20:27:46.0421 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/13 20:27:46.0515 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/13 20:27:46.0687 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/13 20:27:46.0781 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/13 20:27:46.0875 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/13 20:27:46.0968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/13 20:27:47.0046 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/13 20:27:47.0140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/13 20:27:47.0218 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/13 20:27:47.0296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/13 20:27:47.0421 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/13 20:27:47.0609 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/13 20:27:47.0765 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/13 20:27:47.0875 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/13 20:27:48.0015 SAMFILT (2e4164df4c460edf11232d893f3ce007) C:\WINDOWS\system32\drivers\samfilt.sys
2010/10/13 20:27:48.0109 SCDEmu (ee7a1b6e155258288d99be61190e1112) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/10/13 20:27:48.0218 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/13 20:27:48.0343 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
2010/10/13 20:27:48.0453 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/13 20:27:48.0812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/13 20:27:48.0937 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/13 20:27:49.0062 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/13 20:27:49.0171 smwdm (479533bacc58b1edf916855bcd139556) C:\WINDOWS\system32\drivers\smwdm.sys
2010/10/13 20:27:49.0250 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/13 20:27:49.0359 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/13 20:27:49.0437 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/13 20:27:49.0531 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/13 20:27:49.0703 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/10/13 20:27:49.0781 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/10/13 20:27:49.0875 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/13 20:27:49.0953 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/13 20:27:50.0046 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/13 20:27:50.0140 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/13 20:27:50.0250 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/13 20:27:50.0359 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/13 20:27:50.0421 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/13 20:27:50.0515 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/13 20:27:50.0625 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/13 20:27:50.0734 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/13 20:27:50.0828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/13 20:27:50.0906 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/10/13 20:27:50.0984 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/10/13 20:27:51.0062 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/10/13 20:27:51.0140 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
2010/10/13 20:27:51.0218 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/10/13 20:27:51.0281 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/10/13 20:27:51.0390 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/10/13 20:27:51.0468 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/10/13 20:27:51.0562 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/10/13 20:27:51.0687 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/13 20:27:51.0859 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/13 20:27:51.0968 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/13 20:27:52.0062 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/13 20:27:52.0171 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/13 20:27:52.0281 USBDongle (09bd8a07ebbb785e7dd62529303583ed) C:\WINDOWS\system32\DRIVERS\USBKey.sys
2010/10/13 20:27:52.0406 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/13 20:27:52.0500 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/13 20:27:52.0625 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/13 20:27:52.0843 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/13 20:27:52.0953 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/13 20:27:53.0015 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/13 20:27:53.0140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/13 20:27:53.0250 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/13 20:27:53.0312 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/13 20:27:53.0406 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/13 20:27:53.0515 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/13 20:27:53.0656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/13 20:27:53.0875 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/13 20:27:53.0890 ================================================================================
2010/10/13 20:27:53.0890 Scan finished
2010/10/13 20:27:53.0890 ================================================================================
2010/10/13 20:27:53.0953 Detected object count: 2
2010/10/13 20:30:58.0093 Locked service(lzdexyl) - User select action: Skip
2010/10/13 20:30:58.0109 \HardDisk0\MBR - will be cured after reboot
2010/10/13 20:30:58.0109 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/13 20:32:17.0140 Deinitialize success



CODE
ComboFix 10-10-11.01 - Bernie 10/13/2010  20:57:52.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.759.542 [GMT -4:00]
Running from: c:\documents and settings\Bernie\Desktop\etavaresCF.exe
Command switches used :: c:\documents and settings\Bernie\Desktop\CFScript.txt
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}

FILE ::
"c:\windows\Nxakevifohahuroz.bin"

file zipped: c:\windows\SYSTEM32\DRIVERS\dsiarhwprog.sys
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bernie\Local Settings\Application Data\{D67575B2-85E2-4A33-9FF3-1745417C467B}
c:\documents and settings\Bernie\Local Settings\Application Data\{D67575B2-85E2-4A33-9FF3-1745417C467B}\chrome.manifest
c:\documents and settings\Bernie\Local Settings\Application Data\{D67575B2-85E2-4A33-9FF3-1745417C467B}\chrome\content\_cfg.js
c:\documents and settings\Bernie\Local Settings\Application Data\{D67575B2-85E2-4A33-9FF3-1745417C467B}\chrome\content\overlay.xul
c:\documents and settings\Bernie\Local Settings\Application Data\{D67575B2-85E2-4A33-9FF3-1745417C467B}\install.rdf
c:\windows\Nxakevifohahuroz.bin
c:\windows\SYSTEM32\DRIVERS\dsiarhwprog.sys

.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LZDEXYL
-------\Service_dsiarhwprog
-------\Service_lzdexyl
-------\Service_vbxdi


(((((((((((((((((((((((((   Files Created from 2010-09-14 to 2010-10-14  )))))))))))))))))))))))))))))))
.

2010-10-13 00:24 . 2010-10-13 00:24    --------    d-sh--w-    c:\documents and settings\LocalService\UserData
2010-09-26 16:53 . 2010-09-26 16:53    --------    d-----w-    c:\program files\Common Files\Software Update Utility

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-10-12 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= "qvphook.dll" [2003-11-21 45056]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartWhois\\sw.exe"=
"c:\\WINDOWS\\SYSTEM32\\javaw.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]
S2 KEILUL;Keil ULINK SERVICE (keilul.sys);c:\windows\SYSTEM32\DRIVERS\keilul.sys [1/13/2007 1:11 PM 35306]
S2 Parclass;Parclass;c:\windows\SYSTEM32\DRIVERS\parclass.sys [4/29/2006 5:05 AM 19824]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [8/2/2005 5:10 PM 32512]
S3 PIOdriver;PIOdriver;c:\windows\SYSTEM32\DRIVERS\PIOdriver.sys [2/21/2006 5:39 PM 3712]
S4 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\PostgreSQL\8.2\bin\pg_ctl.exe [10/31/2008 4:42 AM 94376]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bernie\Application Data\Mozilla\Firefox\Profiles\oeatlefi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101059100&s=
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101059100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-147951563-3186293499-1005825786-1006\Software\SecuROM\License information*]
"datasecu"=hex:a8,74,8d,f3,3d,12,33,f1,d6,40,fe,70,b0,42,8b,ae,34,ca,e8,18,59,
   2f,3d,be,69,e7,0c,fa,bd,f0,cf,bc,6e,a3,1c,8a,74,1c,ad,2d,c6,d4,0c,31,93,be,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2228)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\CDBurnerXP\NMSAccess.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\program files\HP\HP Software Update\HPWUCli.exe
c:\program files\Verizon\McciBrowser.exe
c:\program files\Verizon\McciBrowser.exe
.
**************************************************************************
.
Completion time: 2010-10-13  21:16:17 - machine was rebooted
ComboFix-quarantined-files.txt  2010-10-14 01:16
ComboFix2.txt  2010-10-13 01:19

Pre-Run: 18,336,280,576 bytes free
Post-Run: 18,329,165,824 bytes free

- - End Of File - - 2F923F8B059F24A5CC602B6B4DEA46E3
Upload was successful



#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 14 October 2010 - 05:31 PM

OK, please run and post a new MBRCheck log and please run and post an OTL Quick Scan log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 bpv_newhacker

bpv_newhacker
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern new jersey
  • Local time:03:49 AM

Posted 14 October 2010 - 06:06 PM


Hi,

here are the MBRcheck and the OTL quick scan logs:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000002d

Kernel Drivers (total 172):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7B09000 \WINDOWS\system32\KDCOM.DLL
0xF7A19000 \WINDOWS\system32\BOOTVID.dll
0xF75BA000 ACPI.sys
0xF7B0B000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75A9000 pci.sys
0xF7609000 isapnp.sys
0xF7BD1000 pciide.sys
0xF7889000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B0D000 aliide.sys
0xF7B0F000 cmdide.sys
0xF7B11000 toside.sys
0xF7B13000 viaide.sys
0xF7B15000 intelide.sys
0xF7619000 MountMgr.sys
0xF758A000 ftdisk.sys
0xF7891000 PartMgr.sys
0xF7629000 VolSnap.sys
0xF7A1D000 cpqarray.sys
0xF7572000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF755A000 atapi.sys
0xF7A21000 aha154x.sys
0xF7899000 sparrow.sys
0xF7A25000 symc810.sys
0xF7639000 aic78xx.sys
0xF7A29000 dac960nt.sys
0xF7649000 ql10wnt.sys
0xF7A2D000 amsint.sys
0xF78A1000 asc.sys
0xF7A31000 asc3550.sys
0xF78A9000 mraid35x.sys
0xF78B1000 i2omp.sys
0xF7A35000 ini910u.sys
0xF7659000 ql1240.sys
0xF7669000 aic78u2.sys
0xF78B9000 symc8xx.sys
0xF78C1000 sym_hi.sys
0xF78C9000 sym_u3.sys
0xF78D1000 ABP480N5.SYS
0xF78D9000 asc3350p.sys
0xF7B17000 cd20xrnt.sys
0xF7679000 ultra.sys
0xF7541000 adpu160m.sys
0xF78E1000 dpti2o.sys
0xF7689000 ql1080.sys
0xF7699000 ql1280.sys
0xF76A9000 ql12160.sys
0xF78E9000 perc2.sys
0xF7B19000 perc2hib.sys
0xF78F1000 hpn.sys
0xF7A39000 cbidf2k.sys
0xF7515000 dac2w2k.sys
0xF76B9000 disk.sys
0xF76C9000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74F5000 fltmgr.sys
0xF74E3000 sr.sys
0xF74CE000 drvmcdb.sys
0xF78F9000 PxHelp20.sys
0xF74B7000 KSecDD.sys
0xF742A000 Ntfs.sys
0xF73FD000 NDIS.sys
0xF76D9000 sisagp.sys
0xF76E9000 viaagp.sys
0xF73E3000 Mup.sys
0xF76F9000 agp440.sys
0xF7709000 alim1541.sys
0xF7719000 amdagp.sys
0xF7729000 agpCPQ.sys
0xF6B95000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF68DE000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF68CA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7979000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF68A6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7981000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6158000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6132000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7989000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6B85000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF6B75000 \SystemRoot\SYSTEM32\drivers\samfilt.sys
0xF7991000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6B65000 \SystemRoot\system32\DRIVERS\serial.sys
0xF6A3C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF611E000 \SystemRoot\system32\DRIVERS\parport.sys
0xF6B55000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF6A38000 \SystemRoot\system32\drivers\pfc.sys
0xF6B45000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF7B4B000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF6B35000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6B25000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF60FB000 \SystemRoot\system32\DRIVERS\ks.sys
0xF60BB000 \SystemRoot\system32\drivers\smwdm.sys
0xF6097000 \SystemRoot\system32\drivers\portcls.sys
0xF6B15000 \SystemRoot\system32\drivers\drmk.sys
0xF6039000 \SystemRoot\system32\drivers\senfilt.sys
0xF7C60000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6B05000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6A2C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6022000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7749000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7759000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7999000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6011000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7769000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79A1000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79A9000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7779000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79B1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B4D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5FB3000 \SystemRoot\system32\DRIVERS\update.sys
0xF6A1C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7799000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF77C9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B55000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79F1000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7AF1000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B67000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D23000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B69000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A01000 \SystemRoot\system32\drivers\ssrtln.sys
0xF7A09000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A11000 \SystemRoot\System32\drivers\vga.sys
0xF7B6B000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B6D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7911000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7919000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AFD000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEBD90000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEBD37000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEBD0F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEBCED000 \SystemRoot\System32\drivers\afd.sys
0xF77F9000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7921000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xEBC9A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEBC02000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7809000 \SystemRoot\System32\Drivers\Fips.SYS
0xEBBDC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7819000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7839000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7929000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7AB1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7849000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7ABD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xEBB24000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B7B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEBCE1000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7939000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CB7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEBB8C000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7BF1000 \SystemRoot\system32\dla\tfsndres.sys
0xB86D2000 \SystemRoot\system32\dla\tfsnifs.sys
0xB8758000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7BAD000 \SystemRoot\system32\dla\tfsnpool.sys
0xF7949000 \SystemRoot\system32\dla\tfsnboio.sys
0xF7869000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7C6A000 \SystemRoot\system32\dla\tfsndrct.sys
0xB8691000 \SystemRoot\system32\dla\tfsnudf.sys
0xB8678000 \SystemRoot\system32\dla\tfsnudfa.sys
0xB86CE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB836B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB8400000 \SystemRoot\system32\drivers\sysaudio.sys
0xB7FE9000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB7E9F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8087000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xF7B39000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xB7E48000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7B0F000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
620 C:\WINDOWS\SYSTEM32\smss.exe
700 csrss.exe
732 C:\WINDOWS\SYSTEM32\winlogon.exe
776 C:\WINDOWS\SYSTEM32\services.exe
788 C:\WINDOWS\SYSTEM32\lsass.exe
968 C:\WINDOWS\SYSTEM32\nvsvc32.exe
1012 C:\WINDOWS\SYSTEM32\svchost.exe
1076 svchost.exe
1168 C:\WINDOWS\SYSTEM32\svchost.exe
1224 svchost.exe
1300 svchost.exe
1652 C:\WINDOWS\explorer.exe
1684 C:\WINDOWS\SYSTEM32\spoolsv.exe
1892 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
1904 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
1944 C:\Program Files\Verizon\McciTrayApp.exe
2040 C:\WINDOWS\SYSTEM32\rundll32.exe
216 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
1968 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
276 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
492 svchost.exe
912 C:\Program Files\Common Files\Motive\McciCMService.exe
1288 C:\Program Files\CDBurnerXP\NMSAccess.exe
544 C:\WINDOWS\SYSTEM32\svchost.exe
572 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
1164 C:\WINDOWS\SYSTEM32\wuauclt.exe
2060 alg.exe
2300 C:\WINDOWS\SYSTEM32\wscntfy.exe
2788 C:\WINDOWS\SYSTEM32\svchost.exe
2640 C:\WINDOWS\SYSTEM32\wuauclt.exe
2392 C:\Documents and Settings\Bernie\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: IC35L060AVV207-0, Rev: V22OA66A

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



OTL logfile created on: 10/14/2010 6:56:00 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Bernie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 481.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.08 Gb Total Space | 17.00 Gb Free Space | 32.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BERNIEV
Current User Name: Bernie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/08 17:10:42 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/18 20:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2003/05/14 12:10:46 | 000,045,056 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccess.exe


========== Modules (SafeList) ==========

MOD - [2010/10/08 17:10:42 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
MOD - [2010/03/17 16:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/10/31 04:42:16 | 000,094,376 | ---- | M] (PostgreSQL Global Development Group) [Disabled | Stopped] -- C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe -- (pgsql-8.2)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/01/05 03:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/05/14 12:10:46 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccess.exe -- (NMSAccess)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Bernie\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/27 19:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/03/13 13:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 13:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftser2k.sys -- (FTSER2K)
DRV - [2007/04/09 08:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/06/02 21:10:08 | 000,003,712 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PIOdriver.sys -- (PIOdriver)
DRV - [2006/05/01 04:17:32 | 000,022,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBkey.sys -- (USBDongle)
DRV - [2006/02/10 17:55:36 | 000,034,688 | ---- | M] (Dolphin, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\samfilt.sys -- (SAMFILT)
DRV - [2005/10/22 22:42:09 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2005/06/10 13:20:44 | 000,035,306 | ---- | M] (KEIL) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\keilul.sys -- (KEILUL) Keil ULINK SERVICE (keilul.sys)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/13 04:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 03:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 03:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 03:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 05:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 23:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/04/26 11:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/04/13 18:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/08/29 03:00:00 | 000,006,515 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Questionmark\QS\ProcObsrv.sys -- (ProcObsrv)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/04/04 13:27:38 | 000,019,824 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\Parclass.sys -- (Parclass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {D67575B2-85E2-4A33-9FF3-1745417C467B}:1.9.1
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101059100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101059100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{D67575B2-85E2-4A33-9FF3-1745417C467B}: C:\Documents and Settings\Bernie\Local Settings\Application Data\{D67575B2-85E2-4A33-9FF3-1745417C467B}
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/22 06:29:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 18:59:01 | 000,000,000 | ---D | M]

[2010/06/19 20:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Extensions
[2010/06/19 20:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/10/07 19:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\oeatlefi.default\extensions
[2009/12/11 20:53:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\oeatlefi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/11 20:08:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/13 21:10:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bernie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bernie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Stellent, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/14 18:52:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/10/14 18:49:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/13 21:20:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/13 20:22:17 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bernie\Desktop\tdsskiller.exe
[2010/10/12 20:25:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/12 20:17:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/12 20:17:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/12 20:17:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/12 20:17:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/12 20:17:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/12 19:50:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/08 20:32:59 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
[2010/10/08 16:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/10/08 16:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/02 14:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Desktop\WER9755.dir00
[2010/10/02 13:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/10/02 13:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/10/02 11:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Desktop\gmer
[2010/09/30 20:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\My Documents\malware bytes logs
[2010/09/29 06:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Application Data\Genieo
[2010/09/29 06:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/09/28 20:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/09/28 20:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/28 19:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/28 19:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/26 12:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/09/03 20:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Local Settings\Application Data\ufvkyqtmi
[2010/08/24 10:36:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Bernie\My Documents\*.tmp files -> C:\Documents and Settings\Bernie\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/14 18:49:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/10/14 18:48:37 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/10/14 18:48:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/14 18:48:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/10/14 18:48:28 | 795,922,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/13 21:31:24 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Bernie\NTUSER.DAT
[2010/10/13 21:10:30 | 000,000,290 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/13 21:10:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/10/13 21:09:10 | 000,843,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\lzdexyl.sys
[2010/10/13 15:51:08 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bernie\Desktop\tdsskiller.exe
[2010/10/12 21:30:32 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinPET.lnk
[2010/10/12 20:26:15 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2010/10/10 08:55:18 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\MBRCheck.exe
[2010/10/08 20:56:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bernie\defogger_reenable
[2010/10/08 17:31:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bernie\NTUSER.INI
[2010/10/08 17:19:52 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\Defogger.exe
[2010/10/08 17:10:42 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
[2010/10/04 17:35:42 | 000,000,938 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/10/04 17:35:42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/03 15:23:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\prvlcl.dat
[2010/10/02 11:33:26 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\gmer.zip
[2010/10/02 11:16:40 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\dds.scr
[2010/10/01 20:28:33 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\13m7JEC.dat
[2010/09/30 16:57:23 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Aqiqagovagifobaw.dat
[2010/09/29 19:52:40 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\rkill.com
[2010/09/26 12:53:38 | 000,001,856 | -H-- | M] () -- C:\IPH.PH
[2010/09/26 12:53:32 | 000,001,647 | ---- | M] () -- C:\Documents and Settings\Bernie\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/09/26 12:53:32 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/09/19 15:27:24 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Bernie\My Documents\articles.doc
[2010/09/18 15:53:32 | 001,242,608 | ---- | M] () -- C:\Documents and Settings\Bernie\My Documents\UndernetUprisingClient.zip
[2010/09/16 19:03:43 | 000,000,008 | ---- | M] () -- C:\WINDOWS\naviprog_colour.INI
[2010/09/16 19:03:07 | 000,000,012 | ---- | M] () -- C:\WINDOWS\naviselect.INI
[2010/09/15 03:07:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/12 14:23:02 | 000,000,008 | ---- | M] () -- C:\WINDOWS\navi.skin
[2010/09/11 12:16:54 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 10:34:28 | 000,001,955 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\FiOS Information.lnk
[2010/08/18 16:07:34 | 000,002,081 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2010/08/15 19:14:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bernie\Michea;
[2010/08/13 03:54:29 | 000,232,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 03:20:32 | 000,507,640 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 03:20:32 | 000,445,738 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/08/13 03:20:32 | 000,072,944 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/08/02 16:38:21 | 000,000,024 | ---- | M] () -- C:\WINDOWS\sc11.navis
[2010/08/02 16:38:21 | 000,000,023 | ---- | M] () -- C:\WINDOWS\sc11n.navis
[2010/08/02 16:38:21 | 000,000,020 | ---- | M] () -- C:\WINDOWS\sc10.navis
[2010/08/02 16:38:21 | 000,000,012 | ---- | M] () -- C:\WINDOWS\sc10n.navis
[2010/08/02 16:37:46 | 000,000,032 | ---- | M] () -- C:\WINDOWS\sc8n.navis
[2010/08/02 16:37:46 | 000,000,026 | ---- | M] () -- C:\WINDOWS\sc7.navis
[2010/08/02 16:37:46 | 000,000,022 | ---- | M] () -- C:\WINDOWS\sc9.navis
[2010/08/02 16:37:46 | 000,000,022 | ---- | M] () -- C:\WINDOWS\sc8.navis
[2010/08/02 16:37:46 | 000,000,018 | ---- | M] () -- C:\WINDOWS\sc7n.navis
[2010/08/02 16:37:46 | 000,000,014 | ---- | M] () -- C:\WINDOWS\sc9n.navis
[2010/08/02 16:37:44 | 000,000,023 | ---- | M] () -- C:\WINDOWS\sc5.navis
[2010/08/02 16:37:44 | 000,000,021 | ---- | M] () -- C:\WINDOWS\sc4.navis
[2010/08/02 16:37:44 | 000,000,019 | ---- | M] () -- C:\WINDOWS\sc6.navis
[2010/08/02 16:37:44 | 000,000,015 | ---- | M] () -- C:\WINDOWS\sc5n.navis
[2010/08/02 16:37:44 | 000,000,013 | ---- | M] () -- C:\WINDOWS\sc4n.navis
[2010/08/02 16:37:44 | 000,000,011 | ---- | M] () -- C:\WINDOWS\sc6n.navis
[2010/08/02 16:37:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\sc2.navis
[2010/08/02 16:37:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\sc1.navis
[2010/08/02 16:37:42 | 000,000,024 | ---- | M] () -- C:\WINDOWS\sc1n.navis
[2010/08/02 16:37:42 | 000,000,019 | ---- | M] () -- C:\WINDOWS\sc3.navis
[2010/08/02 16:37:42 | 000,000,019 | ---- | M] () -- C:\WINDOWS\sc2n.navis
[2010/08/02 16:37:42 | 000,000,011 | ---- | M] () -- C:\WINDOWS\sc3n.navis
[2010/07/24 08:35:32 | 000,000,007 | ---- | M] () -- C:\WINDOWS\homdrv.navis
[2010/07/24 08:35:29 | 000,000,009 | ---- | M] () -- C:\WINDOWS\firstrun.navis
[2010/07/17 15:20:22 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\dds.pif
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Bernie\My Documents\*.tmp files -> C:\Documents and Settings\Bernie\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/12 20:26:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/12 20:26:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/12 20:17:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/12 20:17:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/12 20:17:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/12 20:17:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/12 20:17:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/10 12:07:22 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\MBRCheck.exe
[2010/10/08 20:56:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bernie\defogger_reenable
[2010/10/08 20:32:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\Defogger.exe
[2010/10/08 20:30:28 | 795,922,432 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/02 11:37:33 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\gmer.zip
[2010/10/02 11:18:31 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\dds.scr
[2010/10/02 11:11:55 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\dds.pif
[2010/10/01 20:28:33 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\13m7JEC.dat
[2010/09/30 17:00:48 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\rkill.com
[2010/09/29 06:44:32 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Aqiqagovagifobaw.dat
[2010/09/29 06:42:03 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\lzdexyl.sys
[2010/09/19 15:27:24 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Bernie\My Documents\articles.doc
[2010/09/18 15:53:31 | 001,242,608 | ---- | C] () -- C:\Documents and Settings\Bernie\My Documents\UndernetUprisingClient.zip
[2010/08/25 07:27:47 | 000,043,392 | ---- | C] () -- C:\Documents and Settings\Bernie\MMLog.log
[2010/08/24 10:34:28 | 000,001,955 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\FiOS Information.lnk
[2010/08/15 19:14:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bernie\Michea;
[2010/07/24 08:35:32 | 000,000,007 | ---- | C] () -- C:\WINDOWS\homdrv.navis
[2010/07/19 13:16:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\prvlcl.dat
[2010/07/11 18:05:12 | 000,000,019 | ---- | C] () -- C:\WINDOWS\navitxt.INI
[2010/07/11 17:54:40 | 000,000,008 | ---- | C] () -- C:\WINDOWS\naviprog_colour.INI
[2010/07/11 16:55:40 | 000,000,012 | ---- | C] () -- C:\WINDOWS\naviselect.INI
[2009/07/21 09:52:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Guitars
[2009/07/21 09:52:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Bernie\Application Data\Grapher
[2009/07/21 09:52:41 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Home
[2008/09/14 20:01:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\canusbdrv.dll
[2007/05/20 16:49:55 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/13 13:11:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\FTCJTAG.dll
[2007/01/13 13:11:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\FTCJTAG.dll
[2006/10/18 20:45:42 | 000,000,113 | ---- | C] () -- C:\WINDOWS\immortal.ini
[2006/10/11 19:34:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/09/28 16:42:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bernie\Application Data\4EC308F4-A9FC-4be8-BA18-75066D6256D5_CONFIRM.cache
[2006/05/09 21:41:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2006/04/29 05:05:33 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/04/29 05:05:33 | 000,007,440 | ---- | C] () -- C:\WINDOWS\System32\ppmon.dll
[2006/04/26 06:10:32 | 000,000,045 | ---- | C] () -- C:\WINDOWS\LicenseManager.ini
[2006/03/19 11:55:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/02/20 21:54:17 | 000,000,106 | ---- | C] () -- C:\WINDOWS\ftk.INI
[2006/01/28 12:07:23 | 000,058,904 | ---- | C] () -- C:\WINDOWS\System32\is4tray.dll
[2005/11/26 09:06:35 | 000,000,078 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2005/11/22 21:55:46 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/16 18:52:59 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/03/27 13:56:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/03/12 11:41:52 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\fusioncache.dat
[2005/03/08 18:50:35 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/03/01 16:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/02/15 20:03:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/04 13:39:01 | 000,001,563 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/19 20:43:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/15 16:30:38 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Bernie\Application Data\PFP120JPR.{PB
[2005/01/15 16:30:38 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Bernie\Application Data\PFP120JCM.{PB
[2004/12/17 16:27:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/17 16:19:04 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/17 15:31:08 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/01/05 03:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/05/11 08:20:50 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\hs_regex.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2008/07/05 20:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2005/10/22 22:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/06/15 20:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/11/26 14:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/04/30 13:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008/03/13 19:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Decisioneering
[2010/07/15 19:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/07/15 19:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/07/21 09:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/04/07 20:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitex
[2009/07/21 09:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2006/06/02 20:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2006/05/06 05:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanDBX
[2010/06/19 20:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/07/21 09:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/09/29 19:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2008/09/21 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/05 20:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\acccore
[2005/10/24 17:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\ACD Systems
[2005/03/24 04:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\ActiveState
[2010/01/23 17:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Azureus
[2006/11/05 16:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\CDBurnerXPP
[2006/01/21 07:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Common Files
[2008/03/13 19:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Decisioneering
[2005/02/26 17:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Ethereal
[2010/09/29 06:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Genieo
[2006/11/05 07:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Leadertech
[2008/04/29 21:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\LEGO Company
[2006/02/22 07:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\MSNInstaller
[2009/07/21 09:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Nikon
[2006/12/03 09:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Notepad++
[2009/10/31 21:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\postgresql
[2010/07/15 20:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\SPORE
[2010/08/24 10:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\TechWizard
[2010/06/19 20:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\TomTom
[2009/02/27 10:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Unity

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bernie\Desktop\storm bringer.lxf:SummaryInformation
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\SYSTEM32:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
< End of report >





#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 15 October 2010 - 06:36 PM

Hello, bpv_newhacker.

How is it running now?



Step 1

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Bernie\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bernie\Desktop\storm bringer.lxf:SummaryInformation
    @Alternate Data Stream - 12 bytes -> C:\WINDOWS\SYSTEM32:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
    :files
    C:\WINDOWS\System32\drivers\umdf
    C:\WINDOWS\System32\drivers\lzdexyl.sys
    C:\Documents and Settings\All Users\Application Data\13m7JEC.dat
    C:\WINDOWS\Aqiqagovagifobaw.dat
    C:\Documents and Settings\Bernie\Local Settings\Application Data\ufvkyqtmi
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 bpv_newhacker

bpv_newhacker
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern new jersey
  • Local time:03:49 AM

Posted 15 October 2010 - 07:22 PM

Hi,

The computer seems like it is running pretty good. It appears to run alot faster now too. I don't know if this is possible. I am still a little scared of having the PC running so I haven't done that much on it. I've used my other computer to do what I have to do. Also, it says in one of the steps in your post that the computer reboots after the first scan. is that suppose to happen by OTL automatically? because it didn't, I had to do it. I then ran OTL again to get the second log. here are the logs:


========== OTL ==========
Error: No service named wanatw) WAN Miniport (ATW was found to stop!
Service\Driver key wanatw) WAN Miniport (ATW not found.
File C:\WINDOWS\System32\DRIVERS\wanatw4.sys not found.
Service MRENDIS5 stopped successfully!
Service MRENDIS5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS not found.
Service MREMPR5 stopped successfully!
Service MREMPR5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Bernie\LOCALS~1\Temp\catchme.sys not found.
Service BTWUSB stopped successfully!
Service BTWUSB deleted successfully!
File C:\WINDOWS\System32\Drivers\btwusb.sys not found.
Service btwhid stopped successfully!
Service btwhid deleted successfully!
File C:\WINDOWS\System32\DRIVERS\btwhid.sys not found.
Service BTWDNDIS stopped successfully!
Service BTWDNDIS deleted successfully!
File C:\WINDOWS\System32\DRIVERS\btwdndis.sys not found.
Service BTDriver stopped successfully!
Service BTDriver deleted successfully!
File C:\WINDOWS\System32\DRIVERS\btport.sys not found.
Service btaudio stopped successfully!
Service btaudio deleted successfully!
File C:\WINDOWS\System32\drivers\btaudio.sys not found.
Service BDRsDrv stopped successfully!
Service BDRsDrv deleted successfully!
File C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
ADS C:\Documents and Settings\Bernie\Desktop\storm bringer.lxf:SummaryInformation deleted successfully.
ADS C:\WINDOWS\SYSTEM32:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38} deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\drivers\umdf folder moved successfully.
File\Folder C:\WINDOWS\System32\drivers\lzdexyl.sys not found.
C:\Documents and Settings\All Users\Application Data\13m7JEC.dat moved successfully.
C:\WINDOWS\Aqiqagovagifobaw.dat moved successfully.
C:\Documents and Settings\Bernie\Local Settings\Application Data\ufvkyqtmi folder moved successfully.

OTL by OldTimer - Version 3.2.15.2 log created on 10152010_200034


OTL logfile created on: 10/15/2010 8:10:01 PM - Run 3
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Bernie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 439.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.08 Gb Total Space | 16.56 Gb Free Space | 31.20% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: BERNIEV | User Name: Bernie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/15 19:58:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
PRC - [2010/09/16 18:58:55 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/18 20:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2004/01/07 03:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/05/14 12:10:46 | 000,045,056 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccess.exe


========== Modules (SafeList) ==========

MOD - [2010/10/15 19:58:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/17 16:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/10/31 04:42:16 | 000,094,376 | ---- | M] (PostgreSQL Global Development Group) [Disabled | Stopped] -- C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe -- (pgsql-8.2)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/01/05 03:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/05/14 12:10:46 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccess.exe -- (NMSAccess)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/27 19:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/03/13 13:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 13:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftser2k.sys -- (FTSER2K)
DRV - [2007/04/09 08:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/06/02 21:10:08 | 000,003,712 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PIOdriver.sys -- (PIOdriver)
DRV - [2006/05/01 04:17:32 | 000,022,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBkey.sys -- (USBDongle)
DRV - [2006/02/10 17:55:36 | 000,034,688 | ---- | M] (Dolphin, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\samfilt.sys -- (SAMFILT)
DRV - [2005/10/22 22:42:09 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2005/06/10 13:20:44 | 000,035,306 | ---- | M] (KEIL) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\keilul.sys -- (KEILUL) Keil ULINK SERVICE (keilul.sys)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/13 04:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 03:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 03:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 03:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 05:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 23:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/04/26 11:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/04/13 18:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/08/29 03:00:00 | 000,006,515 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Questionmark\QS\ProcObsrv.sys -- (ProcObsrv)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/04/04 13:27:38 | 000,019,824 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\Parclass.sys -- (Parclass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101059100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101059100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{D67575B2-85E2-4A33-9FF3-1745417C467B}: C:\Documents and Settings\Bernie\Local Settings\Application Data\{D67575B2-85E2-4A33-9FF3-1745417C467B}
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/22 06:29:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 18:59:01 | 000,000,000 | ---D | M]

[2010/06/19 20:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Extensions
[2010/06/19 20:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/10/07 19:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\oeatlefi.default\extensions
[2009/12/11 20:53:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\oeatlefi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/11 20:08:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/13 21:10:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKU\.DEFAULT..\RunOnce: [SWHelper] C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [SWHelper] C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bernie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bernie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Stellent, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/15 20:00:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/15 19:58:48 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
[2010/10/15 03:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/10/14 18:57:43 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/14 18:57:42 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 18:57:41 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 18:57:14 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/14 18:49:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/13 21:20:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/13 20:22:17 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bernie\Desktop\tdsskiller.exe
[2010/10/12 20:25:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/12 20:17:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/12 20:17:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/12 20:17:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/12 20:17:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/12 20:17:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/12 19:50:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/08 16:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/10/08 16:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/02 14:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Desktop\WER9755.dir00
[2010/10/02 13:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/10/02 13:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/10/02 11:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Desktop\gmer
[2010/09/30 20:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\My Documents\malware bytes logs
[2010/09/29 06:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Application Data\Genieo
[2010/09/29 06:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/09/28 20:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/09/28 20:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/28 19:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/28 19:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/26 12:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Bernie\My Documents\*.tmp files -> C:\Documents and Settings\Bernie\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/15 20:06:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/10/15 20:06:34 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/10/15 20:06:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/10/15 20:06:23 | 795,922,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/15 19:58:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
[2010/10/15 03:31:43 | 000,232,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 03:15:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/15 03:11:09 | 000,445,792 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/10/15 03:11:09 | 000,072,998 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/10/15 03:07:51 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/13 21:10:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/10/13 15:51:08 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bernie\Desktop\tdsskiller.exe
[2010/10/12 21:30:32 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinPET.lnk
[2010/10/12 20:26:15 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2010/10/10 08:55:18 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\MBRCheck.exe
[2010/10/08 20:56:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bernie\defogger_reenable
[2010/10/08 17:19:52 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\Defogger.exe
[2010/10/04 17:35:42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/03 15:23:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\prvlcl.dat
[2010/10/02 11:33:26 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\gmer.zip
[2010/10/02 11:16:40 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\dds.scr
[2010/09/29 19:52:40 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\rkill.com
[2010/09/26 12:53:38 | 000,001,856 | -H-- | M] () -- C:\IPH.PH
[2010/09/26 12:53:32 | 000,001,647 | ---- | M] () -- C:\Documents and Settings\Bernie\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/09/26 12:53:32 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/09/19 15:27:24 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Bernie\My Documents\articles.doc
[2010/09/18 15:53:32 | 001,242,608 | ---- | M] () -- C:\Documents and Settings\Bernie\My Documents\UndernetUprisingClient.zip
[2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll
[2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll
[2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll
[2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/09/16 19:03:43 | 000,000,008 | ---- | M] () -- C:\WINDOWS\naviprog_colour.INI
[2010/09/16 19:03:07 | 000,000,012 | ---- | M] () -- C:\WINDOWS\naviselect.INI
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Bernie\My Documents\*.tmp files -> C:\Documents and Settings\Bernie\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/15 03:07:51 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/12 20:26:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/12 20:26:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/12 20:17:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/12 20:17:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/12 20:17:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/12 20:17:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/12 20:17:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/10 12:07:22 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\MBRCheck.exe
[2010/10/08 20:56:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bernie\defogger_reenable
[2010/10/08 20:32:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\Defogger.exe
[2010/10/08 20:30:28 | 795,922,432 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/02 11:37:33 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\gmer.zip
[2010/10/02 11:18:31 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\dds.scr
[2010/10/02 11:11:55 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\dds.pif
[2010/09/30 17:00:48 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\rkill.com
[2010/09/19 15:27:24 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Bernie\My Documents\articles.doc
[2010/09/18 15:53:31 | 001,242,608 | ---- | C] () -- C:\Documents and Settings\Bernie\My Documents\UndernetUprisingClient.zip
[2010/07/19 13:16:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\prvlcl.dat
[2010/07/11 18:05:12 | 000,000,019 | ---- | C] () -- C:\WINDOWS\navitxt.INI
[2010/07/11 17:54:40 | 000,000,008 | ---- | C] () -- C:\WINDOWS\naviprog_colour.INI
[2010/07/11 16:55:40 | 000,000,012 | ---- | C] () -- C:\WINDOWS\naviselect.INI
[2009/07/21 09:52:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Guitars
[2009/07/21 09:52:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Bernie\Application Data\Grapher
[2009/07/21 09:52:41 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Home
[2008/09/14 20:01:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\canusbdrv.dll
[2007/05/20 16:49:55 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/13 13:11:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\FTCJTAG.dll
[2007/01/13 13:11:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\FTCJTAG.dll
[2006/10/18 20:45:42 | 000,000,113 | ---- | C] () -- C:\WINDOWS\immortal.ini
[2006/10/11 19:34:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/09/28 16:42:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bernie\Application Data\4EC308F4-A9FC-4be8-BA18-75066D6256D5_CONFIRM.cache
[2006/05/09 21:41:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2006/04/29 05:05:33 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/04/29 05:05:33 | 000,007,440 | ---- | C] () -- C:\WINDOWS\System32\ppmon.dll
[2006/04/26 06:10:32 | 000,000,045 | ---- | C] () -- C:\WINDOWS\LicenseManager.ini
[2006/03/19 11:55:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/02/20 21:54:17 | 000,000,106 | ---- | C] () -- C:\WINDOWS\ftk.INI
[2006/01/28 12:07:23 | 000,058,904 | ---- | C] () -- C:\WINDOWS\System32\is4tray.dll
[2005/11/26 09:06:35 | 000,000,078 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2005/11/22 21:55:46 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/16 18:52:59 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/03/27 13:56:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/03/12 11:41:52 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\fusioncache.dat
[2005/03/08 18:50:35 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/03/01 16:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/02/15 20:03:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/04 13:39:01 | 000,001,563 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/19 20:43:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/15 16:30:38 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Bernie\Application Data\PFP120JPR.{PB
[2005/01/15 16:30:38 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Bernie\Application Data\PFP120JCM.{PB
[2004/12/17 16:27:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/17 16:19:04 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/17 15:31:08 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 15:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/01/05 03:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/05/11 08:20:50 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\hs_regex.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

< End of report >





Hi,

The computer seems like it is running pretty good. It appears to run alot faster now too. I don't know if this is possible. I am still a little scared of having the PC running so I haven't done that much on it. I've used my other computer to do what I have to do. Also, it says in one of the steps in your post that the computer reboots after the first scan. is that suppose to happen by OTL automatically? because it didn't, I had to do it. I then ran OTL again to get the second log. here are the logs:


========== OTL ==========
Error: No service named wanatw) WAN Miniport (ATW was found to stop!
Service\Driver key wanatw) WAN Miniport (ATW not found.
File C:\WINDOWS\System32\DRIVERS\wanatw4.sys not found.
Service MRENDIS5 stopped successfully!
Service MRENDIS5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS not found.
Service MREMPR5 stopped successfully!
Service MREMPR5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Bernie\LOCALS~1\Temp\catchme.sys not found.
Service BTWUSB stopped successfully!
Service BTWUSB deleted successfully!
File C:\WINDOWS\System32\Drivers\btwusb.sys not found.
Service btwhid stopped successfully!
Service btwhid deleted successfully!
File C:\WINDOWS\System32\DRIVERS\btwhid.sys not found.
Service BTWDNDIS stopped successfully!
Service BTWDNDIS deleted successfully!
File C:\WINDOWS\System32\DRIVERS\btwdndis.sys not found.
Service BTDriver stopped successfully!
Service BTDriver deleted successfully!
File C:\WINDOWS\System32\DRIVERS\btport.sys not found.
Service btaudio stopped successfully!
Service btaudio deleted successfully!
File C:\WINDOWS\System32\drivers\btaudio.sys not found.
Service BDRsDrv stopped successfully!
Service BDRsDrv deleted successfully!
File C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
ADS C:\Documents and Settings\Bernie\Desktop\storm bringer.lxf:SummaryInformation deleted successfully.
ADS C:\WINDOWS\SYSTEM32:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38} deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\drivers\umdf folder moved successfully.
File\Folder C:\WINDOWS\System32\drivers\lzdexyl.sys not found.
C:\Documents and Settings\All Users\Application Data\13m7JEC.dat moved successfully.
C:\WINDOWS\Aqiqagovagifobaw.dat moved successfully.
C:\Documents and Settings\Bernie\Local Settings\Application Data\ufvkyqtmi folder moved successfully.

OTL by OldTimer - Version 3.2.15.2 log created on 10152010_200034


OTL logfile created on: 10/15/2010 8:10:01 PM - Run 3
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Bernie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.00 Mb Total Physical Memory | 439.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.08 Gb Total Space | 16.56 Gb Free Space | 31.20% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: BERNIEV | User Name: Bernie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/15 19:58:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
PRC - [2010/09/16 18:58:55 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/18 20:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2004/01/07 03:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/05/14 12:10:46 | 000,045,056 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccess.exe


========== Modules (SafeList) ==========

MOD - [2010/10/15 19:58:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/17 16:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/10/31 04:42:16 | 000,094,376 | ---- | M] (PostgreSQL Global Development Group) [Disabled | Stopped] -- C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe -- (pgsql-8.2)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/01/05 03:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/05/14 12:10:46 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccess.exe -- (NMSAccess)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/27 19:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/03/13 13:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 13:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftser2k.sys -- (FTSER2K)
DRV - [2007/04/09 08:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/06/02 21:10:08 | 000,003,712 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PIOdriver.sys -- (PIOdriver)
DRV - [2006/05/01 04:17:32 | 000,022,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBkey.sys -- (USBDongle)
DRV - [2006/02/10 17:55:36 | 000,034,688 | ---- | M] (Dolphin, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\samfilt.sys -- (SAMFILT)
DRV - [2005/10/22 22:42:09 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2005/06/10 13:20:44 | 000,035,306 | ---- | M] (KEIL) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\keilul.sys -- (KEILUL) Keil ULINK SERVICE (keilul.sys)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/13 04:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 03:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 03:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 03:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 05:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/03 23:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/04/26 11:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/04/13 18:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/08/29 03:00:00 | 000,006,515 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Questionmark\QS\ProcObsrv.sys -- (ProcObsrv)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/04/04 13:27:38 | 000,019,824 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\Parclass.sys -- (Parclass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101059100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101059100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{D67575B2-85E2-4A33-9FF3-1745417C467B}: C:\Documents and Settings\Bernie\Local Settings\Application Data\{D67575B2-85E2-4A33-9FF3-1745417C467B}
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/22 06:29:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 18:59:01 | 000,000,000 | ---D | M]

[2010/06/19 20:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Extensions
[2010/06/19 20:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/10/07 19:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\oeatlefi.default\extensions
[2009/12/11 20:53:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bernie\Application Data\Mozilla\Firefox\Profiles\oeatlefi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/11 20:08:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/13 21:10:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKU\.DEFAULT..\RunOnce: [SWHelper] C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [SWHelper] C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-147951563-3186293499-1005825786-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bernie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bernie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Stellent, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/15 20:00:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/15 19:58:48 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
[2010/10/15 03:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/10/14 18:57:43 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/14 18:57:42 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 18:57:41 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 18:57:14 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/14 18:49:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/13 21:20:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/13 20:22:17 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bernie\Desktop\tdsskiller.exe
[2010/10/12 20:25:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/12 20:17:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/12 20:17:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/12 20:17:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/12 20:17:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/12 20:17:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/12 19:50:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/08 16:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/10/08 16:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/02 14:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Desktop\WER9755.dir00
[2010/10/02 13:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/10/02 13:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/10/02 11:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Desktop\gmer
[2010/09/30 20:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\My Documents\malware bytes logs
[2010/09/29 06:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernie\Application Data\Genieo
[2010/09/29 06:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/09/28 20:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/09/28 20:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/28 19:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/28 19:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/26 12:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Bernie\My Documents\*.tmp files -> C:\Documents and Settings\Bernie\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/15 20:06:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/10/15 20:06:34 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/10/15 20:06:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/10/15 20:06:23 | 795,922,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/15 19:58:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernie\Desktop\OTL.exe
[2010/10/15 03:31:43 | 000,232,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 03:15:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/15 03:11:09 | 000,445,792 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/10/15 03:11:09 | 000,072,998 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/10/15 03:07:51 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/13 21:10:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/10/13 15:51:08 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bernie\Desktop\tdsskiller.exe
[2010/10/12 21:30:32 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinPET.lnk
[2010/10/12 20:26:15 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2010/10/10 08:55:18 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\MBRCheck.exe
[2010/10/08 20:56:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bernie\defogger_reenable
[2010/10/08 17:19:52 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\Defogger.exe
[2010/10/04 17:35:42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/03 15:23:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\prvlcl.dat
[2010/10/02 11:33:26 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\gmer.zip
[2010/10/02 11:16:40 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\dds.scr
[2010/09/29 19:52:40 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Bernie\Desktop\rkill.com
[2010/09/26 12:53:38 | 000,001,856 | -H-- | M] () -- C:\IPH.PH
[2010/09/26 12:53:32 | 000,001,647 | ---- | M] () -- C:\Documents and Settings\Bernie\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/09/26 12:53:32 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/09/19 15:27:24 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Bernie\My Documents\articles.doc
[2010/09/18 15:53:32 | 001,242,608 | ---- | M] () -- C:\Documents and Settings\Bernie\My Documents\UndernetUprisingClient.zip
[2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll
[2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll
[2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll
[2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/09/16 19:03:43 | 000,000,008 | ---- | M] () -- C:\WINDOWS\naviprog_colour.INI
[2010/09/16 19:03:07 | 000,000,012 | ---- | M] () -- C:\WINDOWS\naviselect.INI
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Bernie\My Documents\*.tmp files -> C:\Documents and Settings\Bernie\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/15 03:07:51 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/12 20:26:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/12 20:26:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/12 20:17:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/12 20:17:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/12 20:17:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/12 20:17:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/12 20:17:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/10 12:07:22 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\MBRCheck.exe
[2010/10/08 20:56:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bernie\defogger_reenable
[2010/10/08 20:32:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\Defogger.exe
[2010/10/08 20:30:28 | 795,922,432 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/02 11:37:33 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\gmer.zip
[2010/10/02 11:18:31 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\dds.scr
[2010/10/02 11:11:55 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\dds.pif
[2010/09/30 17:00:48 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Bernie\Desktop\rkill.com
[2010/09/19 15:27:24 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Bernie\My Documents\articles.doc
[2010/09/18 15:53:31 | 001,242,608 | ---- | C] () -- C:\Documents and Settings\Bernie\My Documents\UndernetUprisingClient.zip
[2010/07/19 13:16:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\prvlcl.dat
[2010/07/11 18:05:12 | 000,000,019 | ---- | C] () -- C:\WINDOWS\navitxt.INI
[2010/07/11 17:54:40 | 000,000,008 | ---- | C] () -- C:\WINDOWS\naviprog_colour.INI
[2010/07/11 16:55:40 | 000,000,012 | ---- | C] () -- C:\WINDOWS\naviselect.INI
[2009/07/21 09:52:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Guitars
[2009/07/21 09:52:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Bernie\Application Data\Grapher
[2009/07/21 09:52:41 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Home
[2008/09/14 20:01:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\canusbdrv.dll
[2007/05/20 16:49:55 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/13 13:11:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\FTCJTAG.dll
[2007/01/13 13:11:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\FTCJTAG.dll
[2006/10/18 20:45:42 | 000,000,113 | ---- | C] () -- C:\WINDOWS\immortal.ini
[2006/10/11 19:34:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/09/28 16:42:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bernie\Application Data\4EC308F4-A9FC-4be8-BA18-75066D6256D5_CONFIRM.cache
[2006/05/09 21:41:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2006/04/29 05:05:33 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/04/29 05:05:33 | 000,007,440 | ---- | C] () -- C:\WINDOWS\System32\ppmon.dll
[2006/04/26 06:10:32 | 000,000,045 | ---- | C] () -- C:\WINDOWS\LicenseManager.ini
[2006/03/19 11:55:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/02/20 21:54:17 | 000,000,106 | ---- | C] () -- C:\WINDOWS\ftk.INI
[2006/01/28 12:07:23 | 000,058,904 | ---- | C] () -- C:\WINDOWS\System32\is4tray.dll
[2005/11/26 09:06:35 | 000,000,078 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2005/11/22 21:55:46 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/16 18:52:59 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/03/27 13:56:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/03/12 11:41:52 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Bernie\Local Settings\Application Data\fusioncache.dat
[2005/03/08 18:50:35 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/03/01 16:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/02/15 20:03:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/04 13:39:01 | 000,001,563 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/19 20:43:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/15 16:30:38 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Bernie\Application Data\PFP120JPR.{PB
[2005/01/15 16:30:38 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Bernie\Application Data\PFP120JCM.{PB
[2004/12/17 16:27:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/17 16:19:04 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/17 15:31:08 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 15:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/01/05 03:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/05/11 08:20:50 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\hs_regex.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

< End of report >

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 16 October 2010 - 06:47 AM


OK, it's looking better from my end too. Still some work left to do. First, do you know this site?

hxxp://search.search-go.net/ as "Google" on Firefox is going there. I can't find any information about that site on Web of Trust or SiteAdvisor. Don't go there yourself!!!!! If you don't know what it is, we'll fix it. Since it's not found on those two lists, it really doesn't appear legitimate to me but I wanted to ask first.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 bpv_newhacker

bpv_newhacker
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern new jersey
  • Local time:03:49 AM

Posted 16 October 2010 - 07:30 AM


Hi,
I have never entered that site in the my browser or have heard of it. did you write in hxxp:// <web address> because you didn't want it come up as a link? just curious.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users