Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

high cpu utilization and homepage hijacked


  • This topic is locked This topic is locked
20 replies to this topic

#1 Joe Mason

Joe Mason

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Raleigh NC
  • Local time:09:31 AM

Posted 14 February 2011 - 04:45 PM

When I first boot up I find a process (such as a.exe or fd.exe) that is using 95% of the CPU. Also my homepage is hijacked and locked so that I can't modify it (iniciorapio.info) Thanks a bunch for your help.

DDS (Ver_10-12-12.02) - NTFSx86
Run by kmason at 16:19:58.34 on Sun 02/13/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.247 [GMT -5:00]

AV: Trend Micro Titanium Internet Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\xanga.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kmason\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://iniciorapido.info
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = www.google.com
uInternet Connection Wizard,ShellNext = hxxp://studentcentral.unc.edu/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Service Noits] xanga.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.libproxy.lib.unc.edu/lib/uncch/support/plugins/ebraryRdr.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E8F2FD65-4CA1-4E1E-BE81-A2D0A7C4D9CC} - hxxps://esupport.trendmicro.com/_layouts/1033/GetVBInfo.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: psfus - c:\program files\ibm fingerprint software\psfus.dll
Notify: QConGina - QConGina.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli pwdmon
Hosts: 10.254.254.253 AFS

============= SERVICES / DRIVERS ===============

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2004-12-17 6912]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-5-20 14208]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2005-5-20 16384]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2010-12-21 196320]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-12-21 64080]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-5-20 6016]
S3 G200;G200;c:\windows\system32\drivers\G200m.sys [2005-3-10 320384]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-5-20 12288]

=============== Created Last 30 ================

2011-02-12 14:47:01 90112 ----a-w- c:\windows\z.exe
2011-02-10 22:20:45 90112 ----a-w- c:\windows\ax.exe
2011-02-09 20:20:17 90112 ----a-w- c:\windows\fd.exe
2011-02-09 00:32:59 9034 ----a-w- c:\windows\zx.exe
2011-02-07 23:34:02 118784 --sh--r- c:\windows\xanga.exe
2011-02-05 00:02:03 9037 ----a-w- c:\windows\as.exe
2011-02-05 00:01:56 114688 --sh--r- c:\windows\ranga.exe
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

==================== Find3M ====================

2011-01-21 14:44:37 439296 ------w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ------w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ------w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ------w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ------w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 22:53:06 133120 ----a-w- c:\windows\system32\GetVBInfo.ocx
2010-11-18 18:12:44 81920 ------w- c:\windows\system32\isign32.dll

============= FINISH: 16:22:00.31 ===============

Hello,

After browsing the logs, it appears that my daughter's laptop may be infected with the RANGA malware. It appears to have begun in Ecuador/Mexico in late January. She is teaching english in Quito Ecuador so it seems to fit. Thanks for any thoughts.

EDIT: Please be patient. There are over 250 unanswered topics in this forum at present and the current average wait time to receive help is 5-6 days. ~BP

Attached Files


Edited by Budapest, 15 February 2011 - 04:27 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 19 February 2011 - 11:32 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Joe Mason

Joe Mason
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Raleigh NC
  • Local time:09:31 AM

Posted 20 February 2011 - 06:53 PM

Thank you for your response.

A few actions have been taken to mitigate the disruption while awaiting your input about how best to cleanup the mess. The actions included removing a "Service Noits" registry key that started "xanga.exe" every time Windows started. The hijacked homepage has also been recovered.

Per your reply, we downloaded and ran the OTL program and the logs are pasted below.

We also tried to rerun gmer as you directed but gmer hung up.

Thank you for your help,
Kathleen Mason

OTL logfile created on: 2/19/2011 9:43:26 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\kmason\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.82 Gb Total Space | 7.46 Gb Free Space | 27.82% Space Free | Partition Type: NTFS
Drive D: | 40.30 Gb Total Space | 20.40 Gb Free Space | 50.61% Space Free | Partition Type: NTFS

Computer Name: KATIE | User Name: kmason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/19 21:42:25 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kmason\Desktop\OTL.exe
PRC - [2011/01/05 12:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe
PRC - [2010/12/21 12:53:07 | 001,006,672 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2010/12/21 12:53:07 | 000,112,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2010/12/21 12:52:47 | 000,138,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/01 18:07:32 | 000,196,320 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2009/09/24 15:03:58 | 000,475,220 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2009/05/06 13:14:28 | 000,140,584 | ---- | M] (AOL LLC.) -- c:\Program Files\AIM Toolbar\aimtbServer.exe
PRC - [2009/01/08 06:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2008/08/14 16:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 16:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 16:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/16 14:39:01 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/10/08 22:40:16 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/01/24 10:25:00 | 000,106,496 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2004/12/17 04:52:18 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004/11/24 02:10:00 | 000,212,992 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2004/11/09 02:53:00 | 000,081,920 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2004/11/09 02:53:00 | 000,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2004/11/08 11:17:56 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/04 08:47:04 | 000,040,547 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe
PRC - [2004/10/14 08:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/08/17 12:06:20 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2004/08/06 07:27:00 | 000,860,160 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2004/07/15 21:51:14 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/05/24 09:25:04 | 000,077,824 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2004/03/04 10:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2004/02/26 01:26:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2004/02/18 12:55:28 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/07/11 17:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/08/21 05:13:12 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [2002/01/10 15:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe


========== Modules (SafeList) ==========

MOD - [2011/02/19 21:42:25 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kmason\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/26 07:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [2004/11/08 11:17:50 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/01 18:07:32 | 000,196,320 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2009/09/24 15:03:58 | 000,475,220 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2009/02/19 15:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2009/02/19 15:09:53 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/08/29 10:00:30 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/12/17 04:52:18 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2004/11/09 02:53:00 | 000,073,728 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2004/11/04 08:47:04 | 000,040,547 | ---- | M] (UPEK Inc.) [Auto | Running] -- C:\Program Files\Common Files\Virtual Token\vtserver.exe -- (vtserver)
SRV - [2004/05/24 09:25:04 | 000,077,824 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2004/02/26 01:26:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2003/07/11 17:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/12/21 12:52:56 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/12/21 12:52:56 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/12/21 12:52:56 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/12/21 12:52:56 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/04/03 11:18:06 | 001,347,168 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/07/26 10:26:56 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 10:26:44 | 004,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2008/07/26 10:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 10:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 13:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/08 09:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2005/05/20 08:07:19 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/05/20 07:38:04 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/01/21 01:40:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/01/21 01:40:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2004/12/17 04:15:24 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004/12/17 03:06:18 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2004/12/17 03:05:16 | 000,006,912 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2004/12/06 17:55:20 | 000,126,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/12/02 15:14:44 | 000,014,208 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM)
DRV - [2004/12/02 14:54:12 | 000,006,016 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput)
DRV - [2004/12/01 02:33:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2004/11/30 22:12:30 | 000,873,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/10 16:47:30 | 000,200,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/11/10 16:46:24 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/10 16:45:50 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/11/09 02:53:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2004/11/09 02:53:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2004/11/09 02:53:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2004/11/08 11:12:48 | 000,177,504 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/11/04 08:52:10 | 000,024,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2004/08/25 01:37:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2004/07/27 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/07/27 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/07/27 00:05:00 | 000,086,138 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/07/27 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/07/27 00:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/07/27 00:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/07/27 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/07/27 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/07/27 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/07/19 02:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/07/14 01:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/06/09 20:19:46 | 000,016,340 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2004/05/19 13:41:26 | 000,013,757 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2004/05/14 13:08:40 | 000,059,776 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf)
DRV - [2004/05/14 11:59:00 | 000,004,608 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2004/02/26 01:26:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)
DRV - [2001/08/17 07:49:34 | 000,320,384 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G200m.sys -- (G200)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.unc.edu/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.unc.edu/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2010/12/21 13:07:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.3\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2011/01/13 20:25:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.3\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2011/01/13 20:25:03 | 000,000,000 | ---D | M]

[2010/11/29 12:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kmason\Application Data\Mozilla\Extensions
[2011/02/10 17:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kmason\Application Data\Mozilla\Firefox\Profiles\r0dut59x.default\extensions
[2011/02/10 17:54:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kmason\Application Data\Mozilla\Firefox\Profiles\r0dut59x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/29 12:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/21 13:07:15 | 000,000,000 | ---D | M] (Trend Micro NSC Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\1.5.1381\6.5.1234\FIREFOXEXTENSION

O1 HOSTS File: ([2005/10/07 19:00:05 | 000,000,754 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.254.254.253 AFS
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (IBM Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (IBM Corp.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008..\Run: [Aim] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.com.libproxy.lib.unc.edu/lib/uncch/support/plugins/ebraryRdr.cab (Infotl Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} http://asp.mathxl.com/books/_Players/AccountingPlayer.cab (Pearson Accounting Player)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F2FD65-4CA1-4E1E-BE81-A2D0A7C4D9CC} https://esupport.trendmicro.com/_layouts/1033/GetVBInfo.cab (GetInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\IBM fingerprint software\psfus.dll - C:\Program Files\IBM fingerprint software\psfus.dll (UPEK Inc.)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O20 - Winlogon\Notify\vtsts: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\kmason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kmason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f0f1d42-30bb-11e0-a94b-001125155649}\Shell\AutoRun\command - "" = F:\bavl\bgxi\syst.exe
O33 - MountPoints2\{0f0f1d42-30bb-11e0-a94b-001125155649}\Shell\open\command - "" = F:\bavl\bgxi\syst.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (30131433259401216)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/19 21:42:23 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kmason\Desktop\OTL.exe
[2011/02/19 19:45:00 | 000,000,000 | ---D | C] -- D:\My Documents\Luis_GraduateSchool
[2011/02/16 16:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/02/13 22:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmason\Desktop\gmer
[2011/02/10 17:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/02/10 17:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/10 17:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Trend Micro
[2011/02/02 15:40:06 | 000,000,000 | ---D | C] -- D:\My Documents\Luis
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/19 21:48:12 | 000,126,976 | ---- | M] () -- D:\My Documents\volunteer.xls
[2011/02/19 21:42:25 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kmason\Desktop\OTL.exe
[2011/02/19 21:39:46 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/02/19 21:31:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/19 19:11:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/19 16:31:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/19 10:45:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/02/19 10:45:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/02/19 10:02:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/19 10:01:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/16 21:17:53 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\kmason\Desktop\PROGRAMAC...xls
[2011/02/16 16:08:56 | 000,002,159 | -H-- | M] () -- C:\IPH.PH
[2011/02/16 16:08:55 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\kmason\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/02/16 16:08:55 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/02/15 15:21:58 | 000,118,784 | -H-- | M] () -- C:\WINDOWS\xanga.exe
[2011/02/14 16:41:36 | 000,070,968 | ---- | M] () -- C:\Documents and Settings\kmason\Desktop\ark.zip
[2011/02/13 22:07:25 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\kmason\Desktop\gmer.zip
[2011/02/13 16:19:04 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\kmason\Desktop\dds.scr
[2011/02/13 16:16:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\kmason\defogger_reenable
[2011/02/12 18:42:58 | 000,019,968 | ---- | M] () -- D:\My Documents\computer.doc
[2011/02/10 17:18:07 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2011/02/09 16:29:02 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/08 16:29:07 | 000,324,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/08 16:10:05 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/01/23 21:05:36 | 000,474,624 | ---- | M] () -- D:\My Documents\jumblemonday.doc
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/16 21:17:51 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\kmason\Desktop\PROGRAMAC...xls
[2011/02/14 16:41:36 | 000,070,968 | ---- | C] () -- C:\Documents and Settings\kmason\Desktop\ark.zip
[2011/02/13 22:07:18 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\kmason\Desktop\gmer.zip
[2011/02/13 16:18:52 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\kmason\Desktop\dds.scr
[2011/02/13 16:16:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\kmason\defogger_reenable
[2011/02/12 18:42:58 | 000,019,968 | ---- | C] () -- D:\My Documents\computer.doc
[2011/02/10 17:34:07 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/02/10 17:18:44 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2011/02/08 16:10:05 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/02/07 18:34:02 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\xanga.exe
[2011/01/23 21:05:36 | 000,474,624 | ---- | C] () -- D:\My Documents\jumblemonday.doc
[2011/01/21 19:26:52 | 000,126,976 | ---- | C] () -- D:\My Documents\volunteer.xls
[2011/01/03 13:16:02 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/01/03 13:16:01 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/01/03 13:16:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/09/16 18:40:42 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\kmason\Application Data\setup.log
[2010/09/16 18:40:38 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\kmason\Application Data\setup_ldm.iss
[2009/06/30 10:34:00 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/05/15 10:07:22 | 000,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/06/17 13:06:39 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\kmason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/19 16:18:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/01/07 14:32:40 | 000,001,370 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/30 17:37:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/30 17:21:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/08 22:42:20 | 000,000,703 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/06/25 14:42:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/06/25 14:23:28 | 000,007,255 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2005/06/25 14:22:52 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/05/20 07:46:00 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/20 07:45:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/20 07:45:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/20 07:45:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/20 07:45:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/20 07:45:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/20 07:45:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/20 07:41:24 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2005/05/20 07:40:03 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2005/05/20 07:37:04 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2005/05/20 07:32:29 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/03/10 17:52:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/10 15:54:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/10 10:00:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/02/24 12:40:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2005/02/22 12:12:10 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2005/01/03 10:10:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\DLXAPI32.DLL
[2004/12/17 03:42:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/12/17 03:42:14 | 000,019,853 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/07/26 20:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/06/30 13:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/12/20 09:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/06/30 13:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/06/30 13:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/13 13:33:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2010/12/08 20:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2005/12/03 18:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmason\Application Data\3M
[2006/12/30 17:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmason\Application Data\acccore
[2007/01/13 09:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmason\Application Data\Aim
[2010/12/12 21:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmason\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2005/06/10 16:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmason\Application Data\IBM
[2005/06/10 16:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmason\Application Data\InterVideo
[2009/06/30 10:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmason\Application Data\Leadertech
[2007/01/27 12:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmason\Application Data\Snapfish
[2007/08/30 12:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmason\Application Data\Stata10
[2010/09/13 13:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmason\Application Data\Uniblue
[2007/06/15 19:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmason\Application Data\Viewpoint
[2008/10/12 22:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmason\Application Data\VoipBuster
[2010/09/17 14:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmason\Application Data\Windows Search
[2010/10/07 09:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmason.KATIE\Application Data\Uniblue
[2010/09/13 18:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SystemAdmin.KATIE\Application Data\Uniblue
[2005/05/20 07:39:29 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/12/31 08:10:33 | 001,854,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/03/10 09:58:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/03/10 09:58:30 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/03/10 09:58:30 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2011/02/10 17:18:07 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2005/03/10 09:50:14 | 000,000,115 | -HS- | M] () -- C:\BOOTLOG.PRV
[2005/05/20 08:07:33 | 000,000,308 | ---- | M] () -- C:\ccrrec.ver
[2005/05/20 07:46:03 | 000,002,684 | ---- | M] () -- C:\drivez.log
[2010/08/08 22:43:17 | 000,000,076 | ---- | M] () -- C:\DVDPATH.TXT
[2011/02/01 15:27:47 | 005,843,721 | ---- | M] () -- C:\engine.log
[2006/05/05 12:44:37 | 000,000,190 | ---- | M] () -- C:\GRC.DAT
[2011/02/19 21:38:55 | 000,964,275 | ---- | M] () -- C:\hpfr3740.log
[2005/05/20 08:07:16 | 000,000,080 | ---- | M] () -- C:\ibmrnr.txt
[2005/03/10 15:59:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/16 16:08:56 | 000,002,159 | -H-- | M] () -- C:\IPH.PH
[2005/05/20 07:42:01 | 000,000,164 | ---- | M] () -- C:\LOGFILE.txt
[2010/12/20 15:27:20 | 000,002,305 | ---- | M] () -- C:\lr.log
[2005/03/10 15:59:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/20 16:53:12 | 000,000,099 | ---- | M] () -- C:\nofile.txt
[2004/08/04 02:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/13 13:04:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2004/12/17 03:12:28 | 000,007,563 | ---- | M] () -- C:\osrestore.txt
[2011/02/19 10:01:34 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2002/08/29 08:00:00 | 000,245,920 | RHS- | M] () -- C:\PELDR
[2005/05/20 08:08:51 | 000,000,374 | ---- | M] () -- C:\scrrec.ver
[2002/08/29 08:00:00 | 000,000,010 | ---- | M] () -- C:\WIN51
[2002/08/29 08:00:00 | 000,000,010 | ---- | M] () -- C:\WIN51IP
[2002/08/29 08:00:00 | 000,000,002 | ---- | M] () -- C:\WIN51IP.SP1
[2009/01/18 18:54:55 | 000,000,328 | ---- | M] () -- C:\xinstall.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< >

< >

< End of report >


OTL Extras logfile created on: 2/19/2011 9:43:26 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\kmason\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.82 Gb Total Space | 7.46 Gb Free Space | 27.82% Space Free | Partition Type: NTFS
Drive D: | 40.30 Gb Total Space | 20.40 Gb Free Space | 50.61% Space Free | Partition Type: NTFS

Computer Name: KATIE | User Name: kmason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"2967:UDP" = 2967:UDP:*:enabled:Symantec AntiVirus Managed Client (2967:UDP)
"7001:UDP" = 7001:UDP:*:enabled:AFS CacheManager Callback (7001:UDP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2967:UDP" = 2967:UDP:*:enabled:Symantec AntiVirus Managed Client (2967:UDP)
"7001:UDP" = 7001:UDP:*:enabled:AFS CacheManager Callback (7001:UDP)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector
"C:\Program Files\Common Files\AOL\1124908182\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1124908182\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector
"C:\Program Files\Common Files\AOL\1124908182\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1124908182\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" = C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AOL Instant Messenger -- (AOL Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"F:\bavl\bgxi\syst.exe" = F:\bavl\bgxi\syst.exe:*:Enabled:Service ares


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Camera Window DVC
"{001EB665-D9EC-415E-9E13-AD2125B2B992}" = RAW Image Task 2.1
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = IBM SATA Power Management Driver
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = IBM ThinkPad EasyEject Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{32A3A4F4-B792-11D6-A78A-00B0D0150060}" = J2SE Development Kit 5.0 Update 6
"{34BFBF2A-06B9-4B5E-BB33-E78B67450ED7}" = IBM fingerprint software 4.5.3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = MovieEdit Task
"{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Camera Window DS
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89EB3ED7-225A-412E-B048-623D502C000F}" = Camera Window MC
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Internet Security
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B214C3C8-FC16-42EC-B7BB-703A1BB9C790}" = Lenovo Battery Program
"{B3A31EEE-7C65-4EE6-BB0D-5549FD2D67B9}" = Ipswitch WS_FTP LE
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4C742CA-2D70-4733-AE18-CFF15037B4A7}" = vitalsource KEY 3
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EA82FF50-E258-4DFE-839B-8F26A01A34A7}" = Microsoft Tool Web Package:WntIpcfg.exe
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = IBM ThinkPad Configuration
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Editions" = Adobe Digital Editions
"DiskCleaner" = Disk Cleaner (remove only)
"Divace eLite" = Divace eLite
"GRE POWERPREP" = GRE POWERPREP
"HP Deskjet 3740 Series_Driver" = HP Deskjet 3740 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InterActual Player" = InterActual Player
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla (1.7.3)" = Mozilla (1.7.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"PSN" = Post-it® Software Notes Lite
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Uninstall
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1951725801-3744929679-3341310002-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/19/2011 7:59:56 PM | Computer Name = KATIE | Source = ESENT | ID = 490
Description = svchost (1076) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/19/2011 7:59:59 PM | Computer Name = KATIE | Source = ESENT | ID = 490
Description = svchost (1076) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/19/2011 9:01:27 PM | Computer Name = KATIE | Source = ESENT | ID = 490
Description = svchost (1076) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/19/2011 9:01:30 PM | Computer Name = KATIE | Source = ESENT | ID = 490
Description = svchost (1076) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/19/2011 9:26:54 PM | Computer Name = KATIE | Source = ESENT | ID = 490
Description = svchost (1076) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/19/2011 9:26:57 PM | Computer Name = KATIE | Source = ESENT | ID = 490
Description = svchost (1076) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/19/2011 9:47:23 PM | Computer Name = KATIE | Source = ESENT | ID = 490
Description = svchost (1076) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/19/2011 9:47:25 PM | Computer Name = KATIE | Source = ESENT | ID = 490
Description = svchost (1076) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/19/2011 10:12:51 PM | Computer Name = KATIE | Source = ESENT | ID = 490
Description = svchost (1076) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/19/2011 10:12:54 PM | Computer Name = KATIE | Source = ESENT | ID = 490
Description = svchost (1076) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 2/5/2011 12:19:00 PM | Computer Name = KATIE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001125155649 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/6/2011 3:26:21 PM | Computer Name = KATIE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001125155649 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/7/2011 4:15:33 PM | Computer Name = KATIE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 001125155649 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/9/2011 11:38:20 PM | Computer Name = KATIE | Source = DCOM | ID = 10010
Description = The server {0EF242C6-6ECD-476E-9859-076503985F8E} did not register
with DCOM within the required timeout.

Error - 2/10/2011 6:10:42 PM | Computer Name = KATIE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 2/10/2011 6:10:49 PM | Computer Name = KATIE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 2/16/2011 4:34:32 PM | Computer Name = KATIE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 001125155649 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/16/2011 4:42:58 PM | Computer Name = KATIE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001125155649 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/16/2011 5:09:03 PM | Computer Name = KATIE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 001125155649 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/17/2011 4:08:47 PM | Computer Name = KATIE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001125155649 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 21 February 2011 - 09:51 AM

Hello, Joe Mason.

Thanks for letting me know what you changed. That's also the reason for the new set of logs as well. :) Are you still having the high CPU usage?

We'll also try a different scan instead of GMER.



Viewpoint (foistware) Warning"

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/clickz/news/1714488/viewpoint-plunge-into-adware

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.


Step 1

Do you know what this file is?
F:\bavl\bgxi\syst.exe



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 3

Scan With RKUnHooker


Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



Step 4

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Joe Mason

Joe Mason
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Raleigh NC
  • Local time:09:31 AM

Posted 22 February 2011 - 03:50 PM

Hi,

I do not know what that file is, but the F drive is normally my flash drive.

The logs requested are posted below.

Also, I am no longer having the high CPU usage. I think that removing the following registry entry got rid of the high CPU issue:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Service Noits xanga.exe

Thank you for your help.



alwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5836

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/21/2011 10:52:51 PM
mbam-log-2011-02-21 (22-52-51).txt

Scan type: Quick scan
Objects scanned: 222551
Time elapsed: 45 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F919FBD3-A96B-4679-AF26-F551439BB5FD} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\REAL\WEATHERBUG\MINIBUGTRANSPORTER.DLL (Adware.Minibug) -> Value: MINIBUGTRANSPORTER.DLL -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\common files\Real\weatherbug\minibugtransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF10D000 C:\WINDOWS\System32\ati3duag.dll 2306048 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6A13000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF6C41000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 921600 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF696B000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7217000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF089000 C:\WINDOWS\System32\atikvmag.dll 540672 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xEE488000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF340000 C:\WINDOWS\System32\ativvaxx.dll 438272 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF67FD000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEE5A2000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB83C2000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF3AB000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7BE6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6BAA000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xBF04C000 C:\WINDOWS\System32\ati2cqag.dll 249856 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 237568 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xB8561000 C:\WINDOWS\system32\DRIVERS\tmcomm.sys 212992 bytes (Trend Micro Inc., TrendMicro Common Module)
0xF6B12000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 200704 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF687C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF73A1000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB85BD000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF71EA000 C:\WINDOWS\System32\drivers\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF693F000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 180224 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB6B4B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEE4F8000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEE57A000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF732D000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xEE462000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6B86000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6BEA000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6B63000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEE558000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF6B43000 C:\WINDOWS\system32\drivers\aeaudio.sys 131072 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF72F5000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF6C0E000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 126976 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xF7353000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7372000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB850A000 C:\WINDOWS\system32\DRIVERS\tmactmon.sys 118784 bytes (Trend Micro Inc., TrendMicro Activity Monitor Module)
0xF71D0000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB8781000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xB8768000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7315000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEE44A000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF72B7000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF68AC000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB86B2000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xB87C2000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF72CE000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xEE523000 C:\WINDOWS\system32\DRIVERS\tmtdi.sys 86016 bytes (Trend Micro Inc., Trend Micro TDI Driver (i386-fre))
0xB7EFD000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF692B000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6C2D000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEE5FB000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF72A4000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF72E3000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB8527000 C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys 73728 bytes (Trend Micro Inc., TrendMicro Event Management Module)
0xF7390000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xEF1CF000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7590000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF19E5000 C:\WINDOWS\system32\drivers\ibmfilter.sys 65536 bytes (IBM, IBM FFE and RRU filter driver)
0xF7570000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7740000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF75A0000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF7500000 Shockprf.sys 61440 bytes (IBM Corporation, Shockproof Disk Driver)
0xB8072000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xEF496000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75E0000 C:\WINDOWS\system32\DRIVERS\wsimd.sys 61440 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0xF74D0000 esdndj.sys 57344 bytes
0xF7530000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7560000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF6D82000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7510000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6D62000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xEF456000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7580000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF74F0000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6D72000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF14EF000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF74E0000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7600000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF6D52000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7520000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7720000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xEF476000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEF466000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB6E47000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF75C0000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xEF446000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7850000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xEF27B000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xEF25B000 C:\WINDOWS\System32\drivers\Smapint.sys 32768 bytes (Microsoft Corporation, SMAPI I/O)
0xEF26B000 C:\WINDOWS\System32\drivers\Tppwr.sys 32768 bytes (IBM Corp., IBM ThinkPad Power Management Device Driver)
0xF7848000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7868000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7878000 C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 28672 bytes (IBM Corp., IBM ThinkPad Power Management Driver)
0xF7870000 C:\WINDOWS\system32\DRIVERS\nscirda.sys 28672 bytes (National Semiconductor Corporation, NSC Fast Infrared Driver.)
0xF7750000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xEF24B000 C:\WINDOWS\System32\Drivers\tcusb.sys 28672 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0xF1873000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xEF253000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7880000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7858000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7860000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xEF83C000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xEF263000 C:\WINDOWS\System32\drivers\TDSMAPI.SYS 24576 bytes
0xEF273000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS 24576 bytes
0xF7840000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xEF834000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF185B000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xEF283000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7758000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78C0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7760000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF78B0000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF78C8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF78B8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xEF243000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF78E8000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF798C000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB8738000 C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF79BC000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB8730000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7988000 C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys 16384 bytes (National Semiconductor Corp., TPM Device Driver)
0xF7990000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF0E8B000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF78F0000 TPDiskPM.sys 16384 bytes (IBM Corporation, IBM SATA Power Management Driver)
0xEF373000 C:\WINDOWS\System32\Drivers\TPHKDRV.SYS 16384 bytes (IBM Corporation, ThinkPad Hotkey Driver)
0xF78EC000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xEE979000 C:\WINDOWS\System32\drivers\ANC.SYS 12288 bytes (IBM Corp., IBM Access Connections - ANC)
0xF78E0000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF78E4000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF7197000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEF383000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF7998000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xB84DE000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF79A4000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xEF37B000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79D6000 ANCSQ.sys 8192 bytes (IBM Corp., IBM Rescue and Recovery- ANCSQ)
0xF0528000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79D4000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF0080000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xEE963000 C:\WINDOWS\SYSTEM32\EGATHDRV.SYS 8192 bytes (IBM Corporation, IBM eGatherer Kernel Module)
0xF052A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF79D0000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A38000 C:\WINDOWS\system32\DRIVERS\loop.sys 8192 bytes (Microsoft Corporation, Loopback Network Driver)
0xF0526000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xEF34B000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF0524000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF0522000 C:\WINDOWS\System32\Drivers\ShockMgr.SYS 8192 bytes (IBM Corporation, ShockMgr Device Driver)
0xF7A34000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7A3C000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF0072000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7A2E000 C:\WINDOWS\System32\DRIVERS\TPInput.sys 8192 bytes (IBM Corporation, IBM SATA Power Management Driver)
0xF7A32000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF79D2000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7B49000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7B25000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xEEE33000 C:\WINDOWS\System32\drivers\IBMBLDID.SYS 4096 bytes
0xEF053000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A99000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7A98000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7B26000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7AAD000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 166):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF79D0000 \WINDOWS\system32\KDCOM.DLL
0xF78E0000 \WINDOWS\system32\BOOTVID.dll
0xF74D0000 esdndj.sys
0xF73A1000 ACPI.sys
0xF79D2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7390000 pci.sys
0xF74E0000 isapnp.sys
0xF78E4000 compbatt.sys
0xF78E8000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A98000 pciide.sys
0xF7750000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7372000 pcmcia.sys
0xF74F0000 MountMgr.sys
0xF7353000 ftdisk.sys
0xF79D4000 dmload.sys
0xF732D000 dmio.sys
0xF7758000 PartMgr.sys
0xF78EC000 ACPIEC.sys
0xF7A99000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7500000 Shockprf.sys
0xF78F0000 TPDiskPM.sys
0xF7510000 VolSnap.sys
0xF7315000 atapi.sys
0xF7520000 disk.sys
0xF7530000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72F5000 fltmgr.sys
0xF72E3000 sr.sys
0xF72CE000 drvmcdb.sys
0xF7760000 PxHelp20.sys
0xF72B7000 KSecDD.sys
0xF72A4000 WudfPf.sys
0xF7217000 Ntfs.sys
0xF79D6000 ANCSQ.sys
0xF71EA000 \WINDOWS\System32\drivers\NDIS.SYS
0xF71D0000 Mup.sys
0xF7720000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6C41000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6C2D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6C0E000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF7840000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6BEA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7848000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6BAA000 \SystemRoot\system32\drivers\smwdm.sys
0xF6B86000 \SystemRoot\system32\drivers\portcls.sys
0xF7740000 \SystemRoot\system32\drivers\drmk.sys
0xF6B63000 \SystemRoot\system32\drivers\ks.sys
0xF6B43000 \SystemRoot\system32\drivers\aeaudio.sys
0xF6B12000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF6A13000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF696B000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7850000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7560000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7858000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A2E000 \SystemRoot\System32\DRIVERS\TPInput.sys
0xF693F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A32000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7860000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7868000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7570000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7990000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF692B000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7870000 \SystemRoot\system32\DRIVERS\nscirda.sys
0xF7998000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF7988000 \SystemRoot\system32\DRIVERS\NscTpmDD.sys
0xF798C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7878000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xF7580000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7A34000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7590000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF75A0000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7880000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF7B49000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF78B0000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF78B8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6D82000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF79A4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF68AC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6D72000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6D62000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78C0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78C8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7A38000 \SystemRoot\system32\DRIVERS\loop.sys
0xF687C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF6D52000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A3C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF67FD000 \SystemRoot\system32\DRIVERS\update.sys
0xF79BC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF75E0000 \SystemRoot\system32\DRIVERS\wsimd.sys
0xF7600000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEF496000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xEF383000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF052A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEF053000 \SystemRoot\System32\Drivers\Null.SYS
0xF0528000 \SystemRoot\System32\Drivers\Beep.SYS
0xEF83C000 \SystemRoot\system32\drivers\ssrtln.sys
0xEF834000 \SystemRoot\System32\drivers\vga.sys
0xF0526000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF0524000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEF283000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEF27B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xEF37B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE5FB000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEF476000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xEE5A2000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE57A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE558000 \SystemRoot\System32\drivers\afd.sys
0xEF466000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEF273000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xEF26B000 \SystemRoot\System32\drivers\Tppwr.sys
0xEF373000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xEE523000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0xEF263000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xEF25B000 \SystemRoot\System32\drivers\Smapint.sys
0xF0522000 \SystemRoot\System32\Drivers\ShockMgr.SYS
0xEE4F8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEE488000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEEE33000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xEF456000 \SystemRoot\System32\Drivers\Fips.SYS
0xEE462000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEF446000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEE979000 \SystemRoot\System32\drivers\ANC.SYS
0xEF253000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xEF24B000 \SystemRoot\System32\Drivers\tcusb.sys
0xEF1CF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE44A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF0080000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7197000 \SystemRoot\System32\drivers\Dxapi.sys
0xEF243000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B25000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04C000 \SystemRoot\System32\ati2cqag.dll
0xBF089000 \SystemRoot\System32\atikvmag.dll
0xBF10D000 \SystemRoot\System32\ati3duag.dll
0xBF340000 \SystemRoot\System32\ativvaxx.dll
0xBF3AB000 \SystemRoot\System32\ATMFD.DLL
0xF14EF000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7AAD000 \SystemRoot\system32\dla\tfsndres.sys
0xB87C2000 \SystemRoot\system32\dla\tfsnifs.sys
0xF0E8B000 \SystemRoot\system32\dla\tfsnopio.sys
0xF0072000 \SystemRoot\system32\dla\tfsnpool.sys
0xF1873000 \SystemRoot\system32\dla\tfsnboio.sys
0xF75C0000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7B26000 \SystemRoot\system32\dla\tfsndrct.sys
0xB8781000 \SystemRoot\system32\dla\tfsnudf.sys
0xB8768000 \SystemRoot\system32\dla\tfsnudfa.sys
0xB86B2000 \SystemRoot\system32\DRIVERS\irda.sys
0xB8738000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xB8730000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB85BD000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEF34B000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB8561000 \SystemRoot\system32\DRIVERS\tmcomm.sys
0xB8527000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys
0xB850A000 \SystemRoot\system32\DRIVERS\tmactmon.sys
0xEE963000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0xF19E5000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0xB83C2000 \SystemRoot\system32\DRIVERS\srv.sys
0xB84DE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF185B000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xB7EFD000 \SystemRoot\system32\drivers\wdmaud.sys
0xB8072000 \SystemRoot\system32\drivers\sysaudio.sys
0xB7BE6000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
480 C:\WINDOWS\system32\smss.exe
536 csrss.exe
560 C:\WINDOWS\system32\winlogon.exe
604 C:\WINDOWS\system32\services.exe
616 C:\WINDOWS\system32\lsass.exe
788 C:\Program Files\Common Files\Virtual Token\vtserver.exe
812 C:\WINDOWS\system32\ibmpmsvc.exe
848 C:\WINDOWS\system32\ati2evxx.exe
860 C:\WINDOWS\system32\svchost.exe
920 svchost.exe
1088 C:\WINDOWS\system32\svchost.exe
1120 C:\WINDOWS\system32\svchost.exe
1288 svchost.exe
1348 svchost.exe
1548 C:\WINDOWS\system32\spoolsv.exe
1744 svchost.exe
1776 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
1800 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
1828 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
1924 C:\WINDOWS\system32\acs.exe
1956 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1988 C:\Program Files\Bonjour\mDNSResponder.exe
168 C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
292 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
384 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1048 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1300 C:\WINDOWS\system32\QCONSVC.EXE
1612 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
1672 C:\WINDOWS\system32\svchost.exe
1840 C:\WINDOWS\system32\TPHDEXLG.exe
2004 C:\WINDOWS\system32\TpKmpSvc.exe
2212 alg.exe
3220 C:\WINDOWS\system32\ati2evxx.exe
3400 C:\WINDOWS\explorer.exe
1836 C:\WINDOWS\system32\TpShocks.exe
2368 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
2496 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
2540 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2576 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2648 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2664 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
2680 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
2720 C:\Program Files\QuickTime\QTTask.exe
2736 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
2760 C:\Program Files\Logitech\QuickCam\Quickcam.exe
2848 C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
2884 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
1004 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
3104 C:\Program Files\iTunes\iTunesHelper.exe
3316 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
988 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
3488 C:\Program Files\Skype\Phone\Skype.exe
3532 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
3636 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
3680 C:\WINDOWS\system32\dla\tfswctrl.exe
184 C:\WINDOWS\system32\rundll32.exe
3876 C:\WINDOWS\system32\rundll32.exe
532 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1492 C:\Program Files\AIM7\aim.exe
2060 C:\Program Files\Digital Line Detect\DLG.exe
2552 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
3752 C:\Program Files\iPod\bin\iPodService.exe
2020 C:\Program Files\Skype\Plugin Manager\skypePM.exe
3940 C:\Program Files\Internet Explorer\iexplore.exe
2828 C:\Program Files\Internet Explorer\iexplore.exe
944 C:\Program Files\AIM Toolbar\aimtbServer.exe
3904 C:\Program Files\Internet Explorer\iexplore.exe
2996 C:\Documents and Settings\kmason\Local Settings\Temporary Internet Files\Content.IE5\VTYX7ZFX\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000006`b4810000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHT2080AH, Rev: 8471

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 9BFAFD3747ECD05A99B4390B3EDD4295E67F9AD0


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Edited by Joe Mason, 22 February 2011 - 04:46 PM.


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 22 February 2011 - 06:35 PM

Hello, Joe Mason.


Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :files
    C:\WINDOWS\xanga.exe
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=-
    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    O20 - Winlogon\Notify\vtsts: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O33 - MountPoints2\{0f0f1d42-30bb-11e0-a94b-001125155649}\Shell\AutoRun\command - "" = F:\bavl\bgxi\syst.exe
    O33 - MountPoints2\{0f0f1d42-30bb-11e0-a94b-001125155649}\Shell\open\command - "" = F:\bavl\bgxi\syst.exe
    :Commands
    [EmptyTemp]
    
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Joe Mason

Joe Mason
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Raleigh NC
  • Local time:09:31 AM

Posted 24 February 2011 - 03:47 PM

Here are the logs requested. Thanks so much for your help.

All processes killed
========== FILES ==========
File\Folder C:\WINDOWS\xanga.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\\DisableMonitoring deleted successfully.
========== OTL ==========
Service PsaSrv stopped successfully!
Service PsaSrv deleted successfully!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsts\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f0f1d42-30bb-11e0-a94b-001125155649}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f0f1d42-30bb-11e0-a94b-001125155649}\ not found.
File F:\bavl\bgxi\syst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f0f1d42-30bb-11e0-a94b-001125155649}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f0f1d42-30bb-11e0-a94b-001125155649}\ not found.
File F:\bavl\bgxi\syst.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 6149940 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User

User: kmason
->Temp folder emptied: 52512554 bytes
->Temporary Internet Files folder emptied: 185150010 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 24789728 bytes
->Flash cache emptied: 179259 bytes

User: kmason.KATIE
->Temp folder emptied: 29915504 bytes
->Temporary Internet Files folder emptied: 90391795 bytes
->Flash cache emptied: 1820 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 84687 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3566552 bytes

User: SystemAdmin

User: SystemAdmin.KATIE
->Temp folder emptied: 55332889 bytes
->Temporary Internet Files folder emptied: 89287004 bytes

User: SystemAdmin.KATIE.000
->Temp folder emptied: 241908 bytes
->Temporary Internet Files folder emptied: 4996626 bytes

User: systemadmin.KATIE.001
->Temp folder emptied: 296904 bytes
->Temporary Internet Files folder emptied: 312125 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1289329 bytes
%systemroot%\System32 .tmp files removed: 854545 bytes
%systemroot%\System32\dllcache .tmp files removed: 240640 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 316169100 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 822.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02232011_162819

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\kmason\Local Settings\Temp\~DF5A9.tmp not found!
File\Folder C:\Documents and Settings\kmason\Local Settings\Temp\~DF5D6.tmp not found!
File\Folder C:\Documents and Settings\kmason\Local Settings\Temp\~DF6CB.tmp not found!
File\Folder C:\Documents and Settings\kmason\Local Settings\Temp\~DF6F9.tmp not found!
File\Folder C:\Documents and Settings\kmason\Local Settings\Temp\~DF823.tmp not found!
File\Folder C:\Documents and Settings\kmason\Local Settings\Temp\~DF850.tmp not found!
C:\Documents and Settings\kmason\Local Settings\Temporary Internet Files\Content.IE5\P2DTZOAY\ads[6].htm moved successfully.
C:\Documents and Settings\kmason\Local Settings\Temporary Internet Files\Content.IE5\CWJJOR57\ads[5].htm moved successfully.
C:\Documents and Settings\kmason\Local Settings\Temporary Internet Files\Content.IE5\A44MCUHA\page__pid__2142200[1].htm moved successfully.
C:\Documents and Settings\kmason\Local Settings\Temporary Internet Files\Content.IE5\9J27KEVL\ads[9].htm moved successfully.
C:\Documents and Settings\kmason\Local Settings\Temporary Internet Files\Content.IE5\8SQVMYPI\ads[11].htm moved successfully.
C:\Documents and Settings\kmason\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_7a4.dat moved successfully.
C:\WINDOWS\temp\vtclrg41.tmp moved successfully.

Registry entries deleted on Reboot...

OTL logfile created on: 2/23/2011 4:53:31 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\kmason\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 300.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.82 Gb Total Space | 7.96 Gb Free Space | 29.66% Space Free | Partition Type: NTFS
Drive D: | 40.30 Gb Total Space | 20.39 Gb Free Space | 50.60% Space Free | Partition Type: NTFS

Computer Name: KATIE | User Name: kmason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/19 21:42:25 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kmason\Desktop\OTL.exe
PRC - [2011/01/05 12:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe
PRC - [2010/12/21 12:53:07 | 001,006,672 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2010/12/21 12:53:07 | 000,112,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2010/12/21 12:52:47 | 000,138,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/01 18:07:32 | 000,196,320 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2009/09/24 15:03:58 | 000,475,220 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2009/05/06 13:14:28 | 000,140,584 | ---- | M] (AOL LLC.) -- c:\Program Files\AIM Toolbar\aimtbServer.exe
PRC - [2008/08/14 16:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 16:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 16:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/16 14:39:01 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/10/08 22:40:16 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/01/24 10:25:00 | 000,106,496 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2004/12/17 04:52:18 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004/11/24 02:10:00 | 000,212,992 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2004/11/09 02:53:00 | 000,081,920 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2004/11/09 02:53:00 | 000,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2004/11/08 11:17:56 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/04 08:47:04 | 000,040,547 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe
PRC - [2004/10/14 08:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/08/17 12:06:20 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2004/08/06 07:27:00 | 000,860,160 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2004/07/15 21:51:14 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/05/24 09:25:04 | 000,077,824 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2004/03/04 10:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2004/02/26 01:26:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2004/02/18 12:55:28 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/07/11 17:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/01/10 15:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe


========== Modules (SafeList) ==========

MOD - [2011/02/19 21:42:25 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kmason\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/26 07:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [2004/11/08 11:17:50 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/01 18:07:32 | 000,196,320 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2009/09/24 15:03:58 | 000,475,220 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2009/02/19 15:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2009/02/19 15:09:53 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/08/29 10:00:30 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2004/12/17 04:52:18 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2004/11/09 02:53:00 | 000,073,728 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2004/11/04 08:47:04 | 000,040,547 | ---- | M] (UPEK Inc.) [Auto | Running] -- C:\Program Files\Common Files\Virtual Token\vtserver.exe -- (vtserver)
SRV - [2004/05/24 09:25:04 | 000,077,824 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2004/02/26 01:26:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2003/07/11 17:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2002/09/20 13:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/12/21 12:52:56 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/12/21 12:52:56 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/12/21 12:52:56 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/12/21 12:52:56 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/04/03 11:18:06 | 001,347,168 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/07/26 10:26:56 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 10:26:44 | 004,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2008/07/26 10:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 10:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 13:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/08 09:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2005/05/20 08:07:19 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/05/20 07:38:04 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/01/21 01:40:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/01/21 01:40:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2004/12/17 04:15:24 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004/12/17 03:06:18 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2004/12/17 03:05:16 | 000,006,912 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2004/12/06 17:55:20 | 000,126,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/12/02 15:14:44 | 000,014,208 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM)
DRV - [2004/12/02 14:54:12 | 000,006,016 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput)
DRV - [2004/12/01 02:33:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2004/11/30 22:12:30 | 000,873,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/10 16:47:30 | 000,200,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/11/10 16:46:24 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/10 16:45:50 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/11/09 02:53:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2004/11/09 02:53:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2004/11/09 02:53:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2004/11/08 11:12:48 | 000,177,504 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/11/04 08:52:10 | 000,024,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2004/08/25 01:37:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2004/07/27 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/07/27 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/07/27 00:05:00 | 000,086,138 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/07/27 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/07/27 00:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/07/27 00:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/07/27 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/07/27 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/07/27 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/07/19 02:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/07/14 01:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/06/09 20:19:46 | 000,016,340 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2004/05/19 13:41:26 | 000,013,757 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2004/05/14 13:08:40 | 000,059,776 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf)
DRV - [2004/05/14 11:59:00 | 000,004,608 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2004/02/26 01:26:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)
DRV - [2001/08/17 07:49:34 | 000,320,384 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G200m.sys -- (G200)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.unc.edu/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.unc.edu/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2010/12/21 13:07:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.3\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2011/01/13 20:25:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.3\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2011/02/21 21:49:06 | 000,000,000 | ---D | M]

[2010/11/29 12:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kmason\Application Data\Mozilla\Extensions
[2011/02/10 17:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kmason\Application Data\Mozilla\Firefox\Profiles\r0dut59x.default\extensions
[2011/02/10 17:54:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kmason\Application Data\Mozilla\Firefox\Profiles\r0dut59x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/29 12:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/21 13:07:15 | 000,000,000 | ---D | M] (Trend Micro NSC Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\1.5.1381\6.5.1234\FIREFOXEXTENSION

O1 HOSTS File: ([2005/10/07 19:00:05 | 000,000,754 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.254.254.253 AFS
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (IBM Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (IBM Corp.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008..\Run: [Aim] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1951725801-3744929679-3341310002-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.com.libproxy.lib.unc.edu/lib/uncch/support/plugins/ebraryRdr.cab (Infotl Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} http://asp.mathxl.com/books/_Players/AccountingPlayer.cab (Pearson Accounting Player)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F2FD65-4CA1-4E1E-BE81-A2D0A7C4D9CC} https://esupport.trendmicro.com/_layouts/1033/GetVBInfo.cab (GetInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\IBM fingerprint software\psfus.dll - C:\Program Files\IBM fingerprint software\psfus.dll (UPEK Inc.)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\kmason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kmason\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/23 16:28:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/21 22:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmason\Application Data\Malwarebytes
[2011/02/21 21:59:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/21 21:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/21 21:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/21 21:58:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/21 21:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/21 21:57:53 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\kmason\Desktop\mbam-setup.exe
[2011/02/19 22:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmason\Desktop\gmer
[2011/02/19 21:42:23 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kmason\Desktop\OTL.exe
[2011/02/19 19:45:00 | 000,000,000 | ---D | C] -- D:\My Documents\Luis_GraduateSchool
[2011/02/16 16:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/02/10 17:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/02/10 17:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/10 17:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Trend Micro
[2011/02/02 15:40:06 | 000,000,000 | ---D | C] -- D:\My Documents\Luis

========== Files - Modified Within 30 Days ==========

[2011/02/23 16:49:16 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/02/23 16:46:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/23 16:46:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/23 16:45:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/23 16:31:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/23 15:36:45 | 000,324,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/21 21:59:04 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/21 21:57:53 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\kmason\Desktop\mbam-setup.exe
[2011/02/20 18:38:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/02/20 18:38:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/02/19 22:29:10 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\kmason\Desktop\gmer.zip
[2011/02/19 21:42:25 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kmason\Desktop\OTL.exe
[2011/02/19 19:11:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/16 21:17:53 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\kmason\Desktop\PROGRAMAC...xls
[2011/02/16 16:08:56 | 000,002,159 | -H-- | M] () -- C:\IPH.PH
[2011/02/16 16:08:55 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\kmason\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/02/16 16:08:55 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/02/14 16:41:36 | 000,070,968 | ---- | M] () -- C:\Documents and Settings\kmason\Desktop\ark.zip
[2011/02/13 16:19:04 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\kmason\Desktop\dds.scr
[2011/02/13 16:16:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\kmason\defogger_reenable
[2011/02/12 18:42:58 | 000,019,968 | ---- | M] () -- D:\My Documents\computer.doc
[2011/02/10 17:18:07 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2011/02/09 16:29:02 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/08 16:10:05 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

========== Files Created - No Company Name ==========

[2011/02/21 21:59:04 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/19 22:29:08 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\kmason\Desktop\gmer.zip
[2011/02/16 21:17:51 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\kmason\Desktop\PROGRAMAC...xls
[2011/02/14 16:41:36 | 000,070,968 | ---- | C] () -- C:\Documents and Settings\kmason\Desktop\ark.zip
[2011/02/13 16:18:52 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\kmason\Desktop\dds.scr
[2011/02/13 16:16:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\kmason\defogger_reenable
[2011/02/12 18:42:58 | 000,019,968 | ---- | C] () -- D:\My Documents\computer.doc
[2011/02/10 17:34:07 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/02/10 17:18:44 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2011/02/08 16:10:05 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/01/03 13:16:02 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011/01/03 13:16:01 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/01/03 13:16:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/09/16 18:40:42 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\kmason\Application Data\setup.log
[2010/09/16 18:40:38 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\kmason\Application Data\setup_ldm.iss
[2009/06/30 10:34:00 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/05/15 10:07:22 | 000,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/06/17 13:06:39 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\kmason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/19 16:18:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/01/07 14:32:40 | 000,001,370 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/30 17:37:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/30 17:21:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/08 22:42:20 | 000,000,703 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/06/25 14:42:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/06/25 14:23:28 | 000,007,255 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2005/06/25 14:22:52 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/05/20 07:46:00 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/20 07:45:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/20 07:45:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/20 07:45:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/20 07:45:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/20 07:45:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/20 07:45:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/20 07:41:24 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2005/05/20 07:40:03 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2005/05/20 07:37:04 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2005/05/20 07:32:29 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/03/10 17:52:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/10 15:54:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/10 10:00:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/02/24 12:40:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2005/02/22 12:12:10 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2005/01/03 10:10:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\DLXAPI32.DLL
[2004/12/17 03:42:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/12/17 03:42:14 | 000,019,853 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/07/26 20:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >


C:\System Volume Information\_restore{F9FE2534-E499-484F-A311-BB0A7A470B8C}\RP1\A0000155.exe Win32/AutoRun.IRCBot.FC worm cleaned by deleting - quarantined
C:\System Volume Information\_restore{F9FE2534-E499-484F-A311-BB0A7A470B8C}\RP10\A0004660.exe Win32/Neeris.A worm cleaned by deleting - quarantined
C:\System Volume Information\_restore{F9FE2534-E499-484F-A311-BB0A7A470B8C}\RP3\A0000416.exe Win32/Neeris.A worm cleaned by deleting - quarantined
C:\System Volume Information\_restore{F9FE2534-E499-484F-A311-BB0A7A470B8C}\RP4\A0000623.exe Win32/Neeris.A worm cleaned by deleting - quarantined
C:\System Volume Information\_restore{F9FE2534-E499-484F-A311-BB0A7A470B8C}\RP4\A0000714.exe Win32/Neeris.A worm cleaned by deleting - quarantined
C:\System Volume Information\_restore{F9FE2534-E499-484F-A311-BB0A7A470B8C}\RP4\A0000823.exe a variant of Win32/Injector.EUQ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F9FE2534-E499-484F-A311-BB0A7A470B8C}\RP4\A0000824.exe Win32/AutoRun.IRCBot.FC worm cleaned by deleting - quarantined
C:\System Volume Information\_restore{F9FE2534-E499-484F-A311-BB0A7A470B8C}\RP4\A0000827.exe a variant of Win32/Injector.EUQ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F9FE2534-E499-484F-A311-BB0A7A470B8C}\RP4\A0000830.exe a variant of Win32/Injector.EUQ trojan cleaned by deleting - quarantined

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 24 February 2011 - 06:31 PM

Hello, Joe Mason.

OK, some good news. All the virus detections were in system restore points...that means they're not active.

Let's close a couple of security holes. How is your computer running at this point?




Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 24..
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 2 Runtime Environment, SE v1.4.2_05
    J2SE Development Kit 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 8
    Java™ 6 Update 5
    Java™ 6 Update 13
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-s.exe to install the newest version.




Step 2

Your Adobe Reader software is out of date and has known security holes. Please launch it, go to Help --> Check for Updates and let it update the main program if needed. Updates the languages and/or dictionaries is optional.



Step 3

Mozilla 1.7 is way out of date as well. The current version of Mozilla Firefox is 3.6.13; and there's a version of 4 in beta. 1.7 isn't actively supported to the best of my knoweldge and contains unpatched, known security holes. I do suggest you uninstall it and upgrade to the browser of your choice.




etavares

Edited by etavares, 24 February 2011 - 06:31 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 Joe Mason

Joe Mason
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Raleigh NC
  • Local time:09:31 AM

Posted 26 February 2011 - 02:15 PM

I've done the suggested updates. My computer seems to be running much better but the internet browsing is still slow and some pages time out when trying to load.

Thanks for all your help.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 26 February 2011 - 03:26 PM

Hello, Joe Mason.
Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 Joe Mason

Joe Mason
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Raleigh NC
  • Local time:09:31 AM

Posted 26 February 2011 - 05:04 PM

Here is the log from the scan. Thanks!

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 171):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF79D0000 \WINDOWS\system32\KDCOM.DLL
0xF78E0000 \WINDOWS\system32\BOOTVID.dll
0xF73A1000 ACPI.sys
0xF79D2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7390000 pci.sys
0xF74D0000 isapnp.sys
0xF78E4000 compbatt.sys
0xF78E8000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A98000 pciide.sys
0xF7750000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7372000 pcmcia.sys
0xF74E0000 MountMgr.sys
0xF7353000 ftdisk.sys
0xF79D4000 dmload.sys
0xF732D000 dmio.sys
0xF7758000 PartMgr.sys
0xF78EC000 ACPIEC.sys
0xF7A99000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF74F0000 Shockprf.sys
0xF78F0000 TPDiskPM.sys
0xF7500000 VolSnap.sys
0xF7315000 atapi.sys
0xF7510000 disk.sys
0xF7520000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72F5000 fltmgr.sys
0xF72E3000 sr.sys
0xF72CE000 drvmcdb.sys
0xF7760000 PxHelp20.sys
0xF72B7000 KSecDD.sys
0xF72A4000 WudfPf.sys
0xF7217000 Ntfs.sys
0xF79D6000 ANCSQ.sys
0xF71EA000 \WINDOWS\System32\drivers\NDIS.SYS
0xF71D0000 Mup.sys
0xF76A0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6C1B000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6C07000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6BE8000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF7818000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6BC4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7820000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6B84000 \SystemRoot\system32\drivers\smwdm.sys
0xF6B60000 \SystemRoot\system32\drivers\portcls.sys
0xF76C0000 \SystemRoot\system32\drivers\drmk.sys
0xF6B3D000 \SystemRoot\system32\drivers\ks.sys
0xF6B1D000 \SystemRoot\system32\drivers\aeaudio.sys
0xF6AEC000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF69ED000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6945000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7828000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76D0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7830000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A1E000 \SystemRoot\System32\DRIVERS\TPInput.sys
0xF6919000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A24000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7838000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7840000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF76E0000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7187000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6905000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7848000 \SystemRoot\system32\DRIVERS\nscirda.sys
0xF7183000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF717B000 \SystemRoot\system32\DRIVERS\NscTpmDD.sys
0xF7177000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7850000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xF76F0000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7A26000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7700000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7710000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7858000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF7BF9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7888000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF7890000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6D6C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6FCD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6886000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6D4C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6D3C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78C0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78D8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7A2C000 \SystemRoot\system32\DRIVERS\loop.sys
0xF6856000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF6D2C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A2E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF67F8000 \SystemRoot\system32\DRIVERS\update.sys
0xF6FB9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6D0C000 \SystemRoot\system32\DRIVERS\wsimd.sys
0xF75D0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE30F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xEEBD4000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xEF556000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEE39F000 \SystemRoot\System32\Drivers\Null.SYS
0xEF554000 \SystemRoot\System32\Drivers\Beep.SYS
0xEE880000 \SystemRoot\system32\drivers\ssrtln.sys
0xEE878000 \SystemRoot\System32\drivers\vga.sys
0xEF552000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xEF550000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEE870000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEE868000 \SystemRoot\System32\Drivers\Npfs.SYS
0xEE0FB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xED2DF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE0C1000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xED286000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xED25E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xED23C000 \SystemRoot\System32\drivers\afd.sys
0xEE0B1000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEE860000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xEE858000 \SystemRoot\System32\drivers\Tppwr.sys
0xEE0F3000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xED207000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0xEE225000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xEE21D000 \SystemRoot\System32\drivers\Smapint.sys
0xEEF9B000 \SystemRoot\System32\Drivers\ShockMgr.SYS
0xED1DC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xED16C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7AE1000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xEE0A1000 \SystemRoot\System32\Drivers\Fips.SYS
0xED146000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEE091000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xED727000 \SystemRoot\System32\drivers\ANC.SYS
0xEE215000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xEE20D000 \SystemRoot\System32\Drivers\tcusb.sys
0xEE1DD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xEE061000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE051000 \SystemRoot\system32\drivers\LVUSBSta.sys
0xECCD6000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xEE031000 \SystemRoot\system32\drivers\usbaudio.sys
0xECC3E000 \SystemRoot\system32\DRIVERS\lvrs.sys
0xECC26000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xED322000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF274C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF24CE000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B34000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04C000 \SystemRoot\System32\ati2cqag.dll
0xBF089000 \SystemRoot\System32\atikvmag.dll
0xBF10D000 \SystemRoot\System32\ati3duag.dll
0xBF340000 \SystemRoot\System32\ativvaxx.dll
0xBF3AB000 \SystemRoot\System32\ATMFD.DLL
0xF7630000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7C00000 \SystemRoot\system32\dla\tfsndres.sys
0xB879A000 \SystemRoot\system32\dla\tfsnifs.sys
0xF6E9F000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7A16000 \SystemRoot\system32\dla\tfsnpool.sys
0xF78D0000 \SystemRoot\system32\dla\tfsnboio.sys
0xF6D5C000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7B06000 \SystemRoot\system32\dla\tfsndrct.sys
0xB8781000 \SystemRoot\system32\dla\tfsnudf.sys
0xB8768000 \SystemRoot\system32\dla\tfsnudfa.sys
0xB868A000 \SystemRoot\system32\DRIVERS\irda.sys
0xB8718000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xB8710000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB85BD000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A1A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB8561000 \SystemRoot\system32\DRIVERS\tmcomm.sys
0xB8527000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys
0xB850A000 \SystemRoot\system32\DRIVERS\tmactmon.sys
0xF79F2000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0xF7670000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0xB839A000 \SystemRoot\system32\DRIVERS\srv.sys
0xB84D2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF77D0000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xB7F75000 \SystemRoot\system32\drivers\wdmaud.sys
0xB82E2000 \SystemRoot\system32\drivers\sysaudio.sys
0xB7BBE000 \SystemRoot\System32\Drivers\HTTP.sys
0xB6E23000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 73):
0 System Idle Process
4 System
460 C:\WINDOWS\system32\smss.exe
524 csrss.exe
548 C:\WINDOWS\system32\winlogon.exe
592 C:\WINDOWS\system32\services.exe
604 C:\WINDOWS\system32\lsass.exe
776 C:\Program Files\Common Files\Virtual Token\vtserver.exe
792 C:\WINDOWS\system32\ibmpmsvc.exe
832 C:\WINDOWS\system32\ati2evxx.exe
844 C:\WINDOWS\system32\svchost.exe
904 svchost.exe
1068 C:\WINDOWS\system32\svchost.exe
1116 C:\WINDOWS\system32\svchost.exe
1280 svchost.exe
1356 svchost.exe
1540 C:\WINDOWS\system32\spoolsv.exe
1696 svchost.exe
1728 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
1744 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
1760 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
1820 C:\WINDOWS\system32\acs.exe
1904 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1924 C:\Program Files\Bonjour\mDNSResponder.exe
1984 C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
272 C:\Program Files\Java\jre6\bin\jqs.exe
860 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
956 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1336 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1616 C:\WINDOWS\system32\QCONSVC.EXE
1848 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
1888 C:\WINDOWS\system32\svchost.exe
1996 C:\WINDOWS\system32\TPHDEXLG.exe
2008 C:\WINDOWS\system32\TpKmpSvc.exe
2200 alg.exe
3308 C:\WINDOWS\system32\ati2evxx.exe
3484 C:\WINDOWS\explorer.exe
852 C:\WINDOWS\system32\TpShocks.exe
3008 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
3028 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
3032 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1012 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3160 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3180 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
3192 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
3252 C:\Program Files\QuickTime\QTTask.exe
3336 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
3356 C:\Program Files\Logitech\QuickCam\Quickcam.exe
3512 C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
3548 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
3648 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
3744 C:\Program Files\iTunes\iTunesHelper.exe
3824 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
3996 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
212 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
1916 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
1396 C:\WINDOWS\system32\dla\tfswctrl.exe
528 C:\WINDOWS\system32\rundll32.exe
1372 C:\WINDOWS\system32\rundll32.exe
3440 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2720 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2732 C:\Program Files\AIM7\aim.exe
3004 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
3224 C:\Program Files\Digital Line Detect\DLG.exe
3704 C:\Program Files\iPod\bin\iPodService.exe
3636 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3244 C:\Program Files\Skype\Phone\Skype.exe
4692 C:\Program Files\Skype\Plugin Manager\skypePM.exe
5924 C:\Program Files\Internet Explorer\iexplore.exe
3844 C:\Program Files\Internet Explorer\iexplore.exe
900 C:\Program Files\AIM Toolbar\aimtbServer.exe
5012 C:\Program Files\Internet Explorer\iexplore.exe
2408 C:\Documents and Settings\kmason\Local Settings\Temporary Internet Files\Content.IE5\7JMVSJYC\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000006`b4810000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHT2080AH, Rev: 8471

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 9BFAFD3747ECD05A99B4390B3EDD4295E67F9AD0


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 26 February 2011 - 07:17 PM

Hi Joe Mason

That's not a "known" bad MBR, but it's not a known good one either. Let's take a look. It's likely harmless, but we don't know until we see.

Do you have a flash drive we can use?

-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 Joe Mason

Joe Mason
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Raleigh NC
  • Local time:09:31 AM

Posted 26 February 2011 - 08:09 PM

Hello,

Yes, I do have a flash drive we can use.

Thanks for your help.

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 27 February 2011 - 09:14 AM

Hello, Joe Mason.
Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Copy/paste the following command and press enter:

    dd if=/dev/sda of=mbr.txt bs=512 count=1
  • When done a file, mbr.txt, will be created on your USB drive. Please attach that file to your reply.

Please note - all text entries are case sensitive

etavares

Edited by etavares, 01 March 2011 - 07:16 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 Joe Mason

Joe Mason
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Raleigh NC
  • Local time:09:31 AM

Posted 28 February 2011 - 09:44 PM

Hello,

I was able to successfully put the program on the flash drive. However, when I attempt to boot from the usb drive it gives me the following error: "Could not find kernel image: linux" I'm not sure what I am doing wrong.

Thank you for helping me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users