Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible rootkit damage/google redirect/high CPU usage


  • This topic is locked This topic is locked
36 replies to this topic

#1 d.s.

d.s.

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 22 May 2011 - 11:51 PM

Hi,

For the past few weeks I've been experiencing the following symptoms with my Windows XP PC:
- google redirects
- high CPU usage (100% randomly, svchost.exe taking up a lot of memory)
- "blue screen" errors
- system running extremely slow
- internet browser windows not opening, internet connectivity problematic
- several windows errors and crashes
- anti-malware programs and tdskiller not opening or functioning properly

Thanks for your help.
(Included below is the DDS log, and the GMER log in the attachments).

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by Derrick Stuart at 22:29:43 on 2011-05-22
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.78 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Derrick Stuart\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\derrick stuart\application data\mozilla\firefox\profiles\yclq893r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\derrick stuart\application data\mozilla\firefox\profiles\yclq893r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\derrick stuart\application data\mozilla\firefox\profiles\yclq893r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-4-26 99248]
R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [2010-10-30 45072]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-7 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-3-8 33792]
R3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [2009-1-13 79649]
S2 MemChecker;Memory Checker;c:\windows\mc00167.exe [2011-4-15 339968]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-4 822424]
S4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2010-10-30 3872776]
S4 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2010-10-1 3066528]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-04-15 17:51:04 339968 ----a-w- c:\windows\mc00167.exe
2011-03-29 04:06:12 3616 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.8.16 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81AD94E7]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x81adf7d0]; MOV EAX, [0x81adf84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x81B1D030]
3 CLASSPNP[0xF931705B] -> nt!IofCallDriver[0x804E37C5] -> [0x81A61D50]
\Driver\atapi[0x81B08548] -> IRP_MJ_CREATE -> 0x81AD94E7
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x81AD9332
user & kernel MBR OK
copy of MBR has been found in sector 156232125
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:33:31.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 24 May 2011 - 05:49 AM

:welcome: to BC!

- anti-malware programs and tdskiller not opening or functioning properly

What happened when you ran TDSSKiller?

Step 1.
Unistall programs:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

BitTorrent
BitTorrent 6.0

J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 2
SoulSeek 157 NS 13c
Viewpoint Manager (Remove Only)
WildTangent Web Driver



Optional removals
BitTorrent, SoulSeek and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.


Step 2.
RKU:

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Step 3.
aswMBR:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply


Step 4.
Things I would like to see in your reply:

  • Answer to the question in vthe beginning of this post
  • Which programs were uninstalled in step 1.
  • The content of the log from RKU in step 2.
  • The content of the log from aswMBR in step 3.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#3 d.s.

d.s.
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 24 May 2011 - 04:24 PM

Hi there! Thanks for your assistance!

1.) Trying to open TDSSKiller initially it will get up to about 88%, stall for several minutes and a windows error message will say the program has encountered a serious error and must close.
2.) Every program listed.
3.) RKU LOG:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2186112 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2186112 bytes
0x804D7000 RAW 2186112 bytes
0x804D7000 WMIxWDM 2186112 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF84C8000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF070000 C:\WINDOWS\System32\ialmdd5.DLL 901120 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF8655000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 831488 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF82D0000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF8421000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF90B1000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB2DA4000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF821A000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xB2ED8000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB2A9C000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xB24CF000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF83A7000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF85EA000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF9235000 SSIDRV.SYS 200704 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Interdiction Driver)
0xBF040000 C:\WINDOWS\System32\ialmdev5.DLL 196608 bytes (Intel Corporation, Component GHAL Driver)
0xF9277000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF9208000 C:\WINDOWS\SYSTEM32\Drivers\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB1D11000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB2E13000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB2EB0000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF83FB000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xF8383000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB22CC000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF85C7000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB2718000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xF861E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB2E8E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB2D6D000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806ED000 ACPI_HAL 131712 bytes
0x806ED000 C:\WINDOWS\system32\hal.dll 131712 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF91B1000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 131072 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF91E9000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF9155000 TPkd.sys 122880 bytes (PACE Anti-Piracy, Inc., InterLok system file)
0xF828B000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xF9096000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF91D1000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB2CFF000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB2D2D000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8273000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF913E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF82B9000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB2D17000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB2CE9000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF9189000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xB2D8E000 C:\Program Files\UltraISO\drivers\ISODrive.sys 90112 bytes (EZB Systems, Inc., ISO DVD/CD-ROM Device Driver)
0xF9173000 SymSnap.sys 90112 bytes (StorageCraft, StorageCraft Volume Snap-Shot)
0xB2C5C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF83E7000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF8641000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB2F30000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF919F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF9266000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF82A8000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8760000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8A49000 C:\WINDOWS\system32\Drivers\rdwm1009.sys 65536 bytes (Roland Corporation, )
0xF9486000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF94C6000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF94B6000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF8B39000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8AA9000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF9526000 C:\WINDOWS\system32\DRIVERS\cledx.sys 57344 bytes (Team H2O, Team H2O CLEDX DevWhore)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xB3A69000 C:\WINDOWS\SYSTEM32\Drivers\SSFMONM.SYS 57344 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper FileSystem Filter Driver)
0xF94A6000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF9316000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF9476000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF94D6000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF92F6000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF94F6000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF9496000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF92E6000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF94E6000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB3A59000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF87A0000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF92D6000 SSHRMD.SYS 40960 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Mini Driver)
0xF9516000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB4437000 C:\WINDOWS\System32\Drivers\V2IMount.SYS 40960 bytes (Symantec Corporation, V2iMount.sys - Image Mounting Device Driver)
0xF9306000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8790000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB849E000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF9466000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF92C6000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF9506000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB4447000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF9366000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB4427000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF9626000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB42C9000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB2FD8000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF964E000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB88F8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF954E000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF961E000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB3832000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB88E8000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF9636000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF962E000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF9656000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB2FC0000 C:\WINDOWS\system32\drivers\symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xF785D000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xB42D9000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8900000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB42D1000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF9556000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF963E000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF955E000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF9646000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF9546000 C:\WINDOWS\SYSTEM32\Drivers\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF9616000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB382A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7205000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF97C2000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF87F9000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB50DB000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF9045000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF96DA000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB2D59000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB8ECD000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x81A65000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB2A88000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xB32EE000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF903D000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB497F000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF988A000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xF97E8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF9810000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF97EE000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xB3541000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xF9886000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF97E6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF97E4000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
0xF97C8000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF9834000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF9836000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF9812000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF97E2000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF97C6000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF994D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF9A06000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF9894000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB7FA3000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF988E000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xFF9A7108 unknown_irp_handler 3832 bytes
0xFF97C120 unknown_irp_handler 3808 bytes
0xFF96D160 unknown_irp_handler 3744 bytes
0xFF9BF1C0 unknown_irp_handler 3648 bytes
0x81A1B1C0 unknown_irp_handler 3648 bytes
0xFF8801C0 unknown_irp_handler 3648 bytes
0xFF8A71C0 unknown_irp_handler 3648 bytes
0xFF8741C0 unknown_irp_handler 3648 bytes
0xFFA5E1C0 unknown_irp_handler 3648 bytes
0xFF8101C0 unknown_irp_handler 3648 bytes
0xFF7AB1C0 unknown_irp_handler 3648 bytes
0xFF9891E0 unknown_irp_handler 3616 bytes
0xFF7A8250 unknown_irp_handler 3504 bytes
0xFF7EE270 unknown_irp_handler 3472 bytes
0xFFA4D2B8 unknown_irp_handler 3400 bytes
!!!!!!!!!!!Hidden driver: 0x81AD9332 ?_empty_? 3278 bytes
0xFF98A340 unknown_irp_handler 3264 bytes
0xFF94A410 unknown_irp_handler 3056 bytes
0xFF80D4B8 unknown_irp_handler 2888 bytes
0xFFA2D580 unknown_irp_handler 2688 bytes
0xFF8AE650 unknown_irp_handler 2480 bytes
0xFF9806C8 unknown_irp_handler 2360 bytes
0xFF9877C0 unknown_irp_handler 2112 bytes
0xFF91F9A0 unknown_irp_handler 1632 bytes
0x81A11A50 unknown_irp_handler 1456 bytes
0xFF99BD18 unknown_irp_handler 744 bytes
0xFFA5DE78 unknown_irp_handler 392 bytes
0x81A01ED0 unknown_irp_handler 304 bytes
==============================================
>Stealth
==============================================
0xF91D1000 WARNING: suspicious driver modification [atapi.sys::0x81AD9332]
0x03F90000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0xFF828990 ] PID: 920, 28672 bytes
0x038E0000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0xFF828990 ] PID: 920, 45056 bytes
0x03210000 Hidden Image-->sprtmessage.dll [ EPROCESS 0xFF828990 ] PID: 920, 77824 bytes


4.) answMBR LOG:
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-24 17:18:10
-----------------------------
17:18:10.390 OS Version: Windows 5.1.2600 Service Pack 2
17:18:10.390 Number of processors: 1 586 0x409
17:18:10.390 ComputerName: DERRICK UserName:
17:18:12.062 Initialize success
17:18:45.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:18:45.062 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
17:18:45.062 Device \Driver\atapi -> DriverStartIo 81ad9332
17:18:45.078 Disk 0 MBR read successfully
17:18:45.078 Disk 0 MBR scan
17:18:45.078 Disk 0 TDL4@MBR code has been found
17:18:45.093 Disk 0 MBR hidden
17:18:45.093 Disk 0 MBR [TDL4] **ROOTKIT**
17:18:45.093 Disk 0 trace - called modules:
17:18:45.093 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81ad94e7]<<
17:18:45.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81b1d030]
17:18:45.093 3 CLASSPNP.SYS[f931705b] -> nt!IofCallDriver -> [0x81a69d80]
17:18:45.093 \Driver\atapi[0x81b08548] -> IRP_MJ_CREATE -> 0x81ad94e7
17:18:45.093 Scan finished successfully
17:19:25.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Derrick Stuart\Desktop\MBR.dat"
17:19:25.718 The log file has been saved successfully to "C:\Documents and Settings\Derrick Stuart\Desktop\aswMBR.txt"

#4 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 24 May 2011 - 04:48 PM

Step 1.
MBRcheck:

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.


Step 2.
MBR backup:

Open notepad and copy/paste the text in the codebox below into it:

MBRCheck -s 0 -d MBRbckp.dat
del 0%

Save this as bmbr.bat
Choose to "Save type as - All Files"
Save it on your desktop.
It should look like this: Posted Image
Double click on bmbr.bat & allow it to run

A file MBRbckp.dat will be created on your desktop.
Zip MBRbckp.dat and attach that zipped file in a reply.


Step 3.
Filescans:

Please go to: VirusTotal

  • On the page you'll find a Browse - button.
  • Click on the Browse button.
  • In the Choose File to Upload window which opens, copy and paste this into the File Name box.

    C:\Documents and Settings\Derrick Stuart\Desktop\mbr.dat
  • Next, click the Open button.
  • Then click the Send File - button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.


Please repeat for the following file:

C:\Documents and Settings\Derrick Stuart\Desktop\MBRbckp.dat




Step 4.
OTL-scan:


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath the option Extra Registry change it to Use SafeList.
  • Underneath the option File Scans set the File Age to 30 Days
  • Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files, Use No-Company Name WhiteList, LOP Check, Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    SymSnap.sys
    volsnap.sys
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Step 5.
Things I would like to see in your reply:

  • The content of the report from MBRCheck in sttep 1.
  • The zipped MBRbckp.dat from step 2 attached
  • The links to the results from the filescans in step 3.
  • The content of OLT.txt and Extras.txt in step 4.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#5 d.s.

d.s.
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 24 May 2011 - 05:16 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 146):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806ED000 \WINDOWS\system32\hal.dll
0x81A65000 \WINDOWS\system32\KDCOM.DLL
0xF96DA000 \WINDOWS\system32\BOOTVID.dll
0xF9277000 ACPI.sys
0xF97C6000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF9266000 pci.sys
0xF92C6000 isapnp.sys
0xF92D6000 SSHRMD.SYS
0xF9235000 SSIDRV.SYS
0xF9208000 \WINDOWS\SYSTEM32\Drivers\NDIS.SYS
0xF9546000 \WINDOWS\SYSTEM32\Drivers\TDI.SYS
0xF988E000 pciide.sys
0xF954E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF97C8000 intelide.sys
0xF92E6000 MountMgr.sys
0xF91E9000 ftdisk.sys
0xF9556000 PartMgr.sys
0xF92F6000 VolSnap.sys
0xF91D1000 atapi.sys
0xF9306000 disk.sys
0xF9316000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF91B1000 fltMgr.sys
0xF919F000 sr.sys
0xF9189000 DRVMCDB.SYS
0xF955E000 PxHelp20.sys
0xF9173000 SymSnap.sys
0xF9155000 TPkd.sys
0xF913E000 KSecDD.sys
0xF90B1000 Ntfs.sys
0xF9096000 Mup.sys
0xF9466000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8655000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF8641000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF9616000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF861E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF961E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF85EA000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF85C7000 \SystemRoot\system32\DRIVERS\ks.sys
0xF84C8000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF8421000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF9626000 \SystemRoot\System32\Drivers\Modem.SYS
0xF83FB000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF964E000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF9476000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF962E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF9486000 \SystemRoot\system32\DRIVERS\serial.sys
0xF9045000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF83E7000 \SystemRoot\system32\DRIVERS\parport.sys
0xF9496000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF9810000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF94A6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF94B6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF9636000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF83A7000 \SystemRoot\system32\drivers\smwdm.sys
0xF8383000 \SystemRoot\system32\drivers\portcls.sys
0xF94C6000 \SystemRoot\system32\drivers\drmk.sys
0xF82D0000 \SystemRoot\system32\drivers\senfilt.sys
0xF994D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF94D6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF903D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF82B9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF94E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF94F6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF82A8000 \SystemRoot\system32\DRIVERS\psched.sys
0xF9506000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF963E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF9646000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF9516000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF9656000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF828B000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xF8273000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xF9812000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF821A000 \SystemRoot\system32\DRIVERS\update.sys
0xF87F9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF9526000 \SystemRoot\system32\DRIVERS\cledx.sys
0xF87A0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8AA9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF97E2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF97C2000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xB8900000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF97E4000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB8A49000 \SystemRoot\system32\Drivers\rdwm1009.sys
0xB8ECD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB849E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB88F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF97E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB7FA3000 \SystemRoot\System32\Drivers\Null.SYS
0xF97E8000 \SystemRoot\System32\Drivers\Beep.SYS
0xB88E8000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xB42D9000 \SystemRoot\System32\drivers\vga.sys
0xF9834000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF9836000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB42D1000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB42C9000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB497F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB2F30000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB2ED8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB2EB0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB2E8E000 \SystemRoot\System32\drivers\afd.sys
0xB4447000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB4437000 \SystemRoot\System32\Drivers\V2IMount.SYS
0xB2E13000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB2DA4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB2D8E000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0xB2D6D000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB4427000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB32EE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF8790000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8760000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB2D2D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF9886000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB2D59000 \SystemRoot\System32\drivers\Dxapi.sys
0xB382A000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF9894000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF040000 \SystemRoot\System32\ialmdev5.DLL
0xBF070000 \SystemRoot\System32\ialmdd5.DLL
0xB3A69000 \SystemRoot\SYSTEM32\Drivers\SSFMONM.SYS
0xB3A59000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF9A06000 \SystemRoot\System32\DLA\DLADResN.SYS
0xB2D17000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF7205000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF97EE000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xB2FD8000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB2CFF000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB2CE9000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB50DB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB2C5C000 \SystemRoot\system32\drivers\wdmaud.sys
0xF8B39000 \SystemRoot\system32\drivers\sysaudio.sys
0xF988A000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xB3541000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xB2A9C000 \SystemRoot\system32\DRIVERS\srv.sys
0xB2A88000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB2FC0000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
0xF785D000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB2718000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB24CF000 \SystemRoot\System32\Drivers\HTTP.sys
0xB22CC000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB2520000 \??\C:\DOCUME~1\DERRIC~1\LOCALS~1\Temp\aswMBR.sys
0xB8416000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB1C46000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
1608 C:\WINDOWS\system32\smss.exe
144 csrss.exe
220 C:\WINDOWS\system32\winlogon.exe
320 C:\WINDOWS\system32\services.exe
332 C:\WINDOWS\system32\lsass.exe
712 C:\WINDOWS\system32\svchost.exe
816 svchost.exe
932 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1380 svchost.exe
1592 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1700 C:\WINDOWS\system32\spoolsv.exe
1952 C:\WINDOWS\explorer.exe
736 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
880 C:\Program Files\Bonjour\mDNSResponder.exe
896 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
920 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
1120 C:\WINDOWS\system32\gearsec.exe
1300 C:\WINDOWS\system32\ctfmon.exe
1360 C:\Program Files\Java\jre6\bin\jqs.exe
1432 C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
1804 C:\WINDOWS\system32\lxddcoms.exe
9360 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
9568 C:\WINDOWS\system32\svchost.exe
8940 wdfmgr.exe
2448 C:\Program Files\Viewpoint\Common\ViewpointService.exe
4464 C:\WINDOWS\system32\wscntfy.exe
4620 alg.exe
8320 C:\WINDOWS\system32\svchost.exe
5616 C:\WINDOWS\system32\svchost.exe
5732 C:\Program Files\Java\jre6\bin\jusched.exe
7684 C:\Program Files\Java\jre6\bin\jucheck.exe
4944 C:\Documents and Settings\Derrick Stuart\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`2ff6cc00 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST380011A, Rev: 8.16
PhysicalDrive1 Model Number: HitachiHTS543232L9A300, Rev: FB4O

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E
298 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#6 d.s.

d.s.
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 24 May 2011 - 05:19 PM

Here is the zipped .dat file.

Attached Files



#7 d.s.

d.s.
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 24 May 2011 - 05:21 PM

first:
http://www.virustotal.com/file-scan/report.html?id=a6253b19b8d55de8e876143211cb53d5101a0b02051f5c07ab7a1a566982c740-1306274220

backup:
http://www.virustotal.com/file-scan/report.html?id=6d66001695582d8e64a4effa75a62b6f8b99d8f694a9c9c26f21cae605e180fa-1306274394

#8 d.s.

d.s.
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 24 May 2011 - 06:13 PM

OTL logfile created on: 5/24/2011 6:24:12 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Derrick Stuart\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.98 Mb Total Physical Memory | 130.55 Mb Available Physical Memory | 51.40% Memory free
1.07 Gb Paging File | 0.85 Gb Available in Paging File | 79.63% Paging File free
Paging file location(s): C:\pagefile.sys 850 1568 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 9.44 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 9.94 Gb Free Space | 53.46% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 235.32 Gb Free Space | 78.94% Space Free | Partition Type: NTFS

Computer Name: DERRICK | User Name: Derrick Stuart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/24 17:54:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derrick Stuart\Desktop\OTL.exe
PRC - [2009/10/10 06:10:51 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/26 01:21:42 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddserv.exe
PRC - [2007/04/26 01:21:22 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2004/12/13 16:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/12/13 16:30:00 | 000,058,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe


========== Modules (SafeList) ==========

MOD - [2011/05/24 17:54:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derrick Stuart\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/24 16:54:24 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2011/05/24 16:54:08 | 000,215,552 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\itlpfw32.dll -- (itlperf)
SRV - [2011/04/15 13:51:04 | 000,339,968 | ---- | M] (MediaChance) [Auto | Stopped] -- C:\WINDOWS\mc00167.exe -- (MemChecker)
SRV - [2010/10/01 11:01:45 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) [Disabled | Stopped] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/09/22 13:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Disabled | Stopped] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2009/05/17 22:32:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/04/26 01:21:42 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/04/26 01:21:22 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/05/04 03:45:11 | 000,822,424 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/12/07 17:05:34 | 002,066,072 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2004/12/13 16:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2010/06/17 14:49:10 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2010/06/17 14:49:10 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ssfmonm.sys -- (SSFMONM)
DRV - [2010/06/17 14:49:10 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2009/12/02 14:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2008/07/28 17:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/24 22:09:10 | 000,073,728 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007/03/05 07:08:36 | 000,079,649 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rdwm1009.sys -- (RDID1009)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/05/04 03:45:11 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/05/04 03:40:19 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/12/07 17:05:26 | 000,144,880 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/12/07 17:05:24 | 000,056,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2004/09/17 15:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/13 13:01:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/24 17:02:01 | 000,000,000 | ---D | M]

[2009/03/31 13:36:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Extensions
[2011/05/24 18:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Firefox\Profiles\yclq893r.default\extensions
[2011/01/25 23:33:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Firefox\Profiles\yclq893r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/02 18:12:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla\Firefox\Profiles\yclq893r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/24 18:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/30 00:35:42 | 000,000,000 | ---D | M] (HideMyIP) -- C:\Program Files\Mozilla Firefox\extensions\proxy@hide-my-ip.com
[2009/10/10 06:10:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2006/11/24 21:11:08 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/10/16 03:24:36 | 000,002,236 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml

Hosts file not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/10/20 22:08:33 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/10/20 22:08:33 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/10/20 22:08:33 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/10/20 22:08:33 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - C:\WINDOWS\system32\6to4v32.dll ()
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "avg8wd"
MsConfig - Services: "avg8emc"
MsConfig - Services: "winmgmt"
MsConfig - Services: "wuauserv"
MsConfig - Services: "WRConsumerService"
MsConfig - Services: "WebrootSpySweeperService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpFolder: C:^Documents and Settings^Derrick Stuart^Start Menu^Programs^Startup^Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe - (Last.fm)
MsConfig - StartUpFolder: C:^Documents and Settings^Derrick Stuart^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: DLA - hkey= - key= - File not found
MsConfig - StartUpReg: DMXLauncher - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: FaxCenterServer - hkey= - key= - C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
MsConfig - StartUpReg: H2O - hkey= - key= - C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Jborilexexex - hkey= - key= - File not found
MsConfig - StartUpReg: lxddamon - hkey= - key= - C:\Program Files\Lexmark 2500 Series\lxddamon.exe (Lexmark)
MsConfig - StartUpReg: lxddmon.exe - hkey= - key= - C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Mrotad - hkey= - key= - File not found
MsConfig - StartUpReg: MSKDetectorExe - hkey= - key= - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
MsConfig - StartUpReg: Norton Ghost 10.0 - hkey= - key= - C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: UserFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: WebrootTrayApp - hkey= - key= - C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WebrootSpySweeperService - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WebrootSpySweeperService - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
SafeBootNet: WRConsumerService - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/24 17:18:05 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Derrick Stuart\Desktop\aswMBR.exe
[2011/05/22 22:29:37 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\Derrick Stuart\Desktop\dds.scr
[2011/05/22 22:28:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/01 00:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/05/01 00:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/01 00:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/01 00:41:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/30 22:49:56 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Derrick Stuart\Desktop\TDSSKiller.exe
[2008/02/02 23:39:19 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2008/02/02 23:39:03 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2007/04/26 01:21:26 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2007/04/26 01:21:22 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2007/03/02 10:13:41 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2007/03/02 10:12:21 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2007/03/02 10:05:53 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/03/02 10:04:14 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2007/03/02 10:02:55 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2007/03/02 10:00:23 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2007/03/02 09:59:32 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2007/03/02 09:58:58 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2007/03/02 09:51:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2007/03/02 09:51:09 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2007/03/02 09:47:01 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp files -> C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/24 18:19:22 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\MBRbckp.zip
[2011/05/24 18:03:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\MBRbckp.dat
[2011/05/24 18:03:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\bmbr.bat
[2011/05/24 17:54:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derrick Stuart\Desktop\OTL.exe
[2011/05/24 17:53:19 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\MBRCheck.exe
[2011/05/24 17:19:25 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\MBR.dat
[2011/05/24 16:54:24 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\6to4v32.dll
[2011/05/24 16:54:08 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/05/24 16:42:44 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Derrick Stuart\Desktop\aswMBR.exe
[2011/05/24 16:41:40 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\RKUnhookerLE.EXE
[2011/05/24 16:38:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/24 16:38:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/24 16:38:12 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/22 22:28:32 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/22 22:21:26 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\gmer.zip
[2011/05/22 22:20:04 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\Derrick Stuart\Desktop\dds.scr
[2011/05/13 02:12:46 | 000,023,436 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\VA_Love_Train_The_Sound_Of_Philadelphia_4CD_2008_C4_torrent_www_twisty_mistys_com_.torrent
[2011/05/04 13:54:12 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\gmer.exe
[2011/05/01 01:17:19 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/01 00:03:03 | 004,334,132 | R--- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\ComboFix2.exe
[2011/04/30 23:55:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/30 23:41:16 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Desktop\tdsskiller.zip
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp files -> C:\Documents and Settings\Derrick Stuart\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/24 18:19:22 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Desktop\MBRbckp.zip
[2011/05/24 18:03:35 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Desktop\MBRbckp.dat
[2011/05/24 18:03:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Desktop\bmbr.bat
[2011/05/24 17:57:44 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Desktop\MBRCheck.exe
[2011/05/24 17:19:25 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Desktop\MBR.dat
[2011/05/24 17:08:51 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Desktop\RKUnhookerLE.EXE
[2011/05/24 16:54:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2011/05/24 16:54:08 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/05/22 22:35:57 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Desktop\gmer.exe
[2011/05/22 22:34:52 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Desktop\gmer.zip
[2011/05/13 02:12:55 | 000,023,436 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Desktop\VA_Love_Train_The_Sound_Of_Philadelphia_4CD_2008_C4_torrent_www_twisty_mistys_com_.torrent
[2011/05/01 00:45:31 | 266,391,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/01 00:03:08 | 004,334,132 | R--- | C] () -- C:\Documents and Settings\Derrick Stuart\Desktop\ComboFix2.exe
[2011/02/20 18:41:24 | 006,814,952 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/02/20 18:41:24 | 000,017,741 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/11/02 00:50:56 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/30 23:27:35 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/01/07 00:44:16 | 000,032,776 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/10 11:47:23 | 000,000,311 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2009/10/10 04:08:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/10 04:08:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/10 04:08:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/10 04:08:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/06/29 18:08:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\prvlcl.dat
[2009/01/13 15:56:15 | 000,010,886 | ---- | C] () -- C:\WINDOWS\System32\RdCi1009.dll
[2009/01/13 15:56:15 | 000,004,088 | ---- | C] () -- C:\WINDOWS\System32\Rd3t1009.DAT
[2009/01/03 18:58:35 | 000,001,935 | ---- | C] () -- C:\WINDOWS\tabled32.ini
[2008/12/17 21:12:05 | 000,000,032 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2008/10/24 01:29:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/10/22 23:57:47 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/10/20 17:20:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Musician.INI
[2008/08/13 20:20:20 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2008/03/27 17:10:37 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2008/02/02 23:47:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2008/02/02 23:47:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2008/02/02 23:47:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2008/02/02 23:47:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2008/02/02 23:42:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2008/02/02 23:39:20 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2008/02/02 23:36:05 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2007/04/25 22:17:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2007/01/23 14:40:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2007/01/09 12:13:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2006/10/06 13:08:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2006/08/29 23:22:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/08/03 00:11:08 | 000,003,767 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/04 01:18:21 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Application Data\PFP120JPR.{PB
[2006/07/04 01:18:21 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Application Data\PFP120JCM.{PB
[2006/06/23 00:47:10 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\fusioncache.dat
[2006/06/12 02:21:51 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\Derrick Stuart\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/24 23:48:50 | 000,006,686 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/17 22:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2006/05/13 18:53:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/05/04 03:58:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/04 03:54:11 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/04 03:48:10 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/05/04 03:45:23 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/05/04 03:39:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/04 03:15:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/04 03:15:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/05/04 03:15:22 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,168,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,049,156 | ---- | C] () -- C:\WINDOWS\System32\certstore.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

========== LOP Check ==========

[2010/10/20 23:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/10/10 09:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2008/12/31 20:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IK Multimedia
[2008/03/17 21:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2009/12/27 20:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/10/20 20:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2006/12/30 04:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/05/16 20:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/11/01 23:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/02/10 20:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/10/10 11:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/05/24 16:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/10 11:38:59 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/01/07 00:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/30 23:20:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA}
[2006/05/13 19:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\acccore
[2009/12/27 19:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Antares
[2010/11/14 17:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\AVGTOOLBAR
[2011/05/24 17:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\BitTorrent
[2008/01/20 00:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\ICQ
[2008/02/03 00:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Lexmark Productivity Studio
[2006/12/30 05:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\NetMedia Providers
[2009/12/27 20:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\PACE Anti-Piracy
[2008/10/20 22:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Propellerhead Software
[2007/01/05 17:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Publish Providers
[2009/11/12 01:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\REAPER
[2008/10/20 22:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Sony
[2009/03/08 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Steinberg
[2009/10/10 11:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\TuneUp Software
[2007/02/15 12:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %ALLUSERSPROFILE%\Application Data\*. >
[2006/05/04 03:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/10/20 23:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/10/20 23:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2006/05/13 18:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/10/15 21:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2010/01/06 23:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/01/02 00:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/11/14 17:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2010/10/05 00:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/02/02 23:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FaxCtr
[2009/11/02 18:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/10/10 09:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2008/04/09 12:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/05/04 03:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2008/12/31 20:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IK Multimedia
[2006/05/04 03:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2007/12/14 20:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2008/03/17 21:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2009/10/10 04:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2006/05/04 03:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2008/10/20 20:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2008/09/17 01:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2009/12/27 20:00:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/12/27 20:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/10/20 20:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2006/07/08 04:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2004/08/10 14:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/05/04 03:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2006/12/30 04:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/05/16 20:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/11/01 23:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/02/10 20:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/11/27 21:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/08/09 18:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/10/10 11:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/05/24 16:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/30 23:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2007/01/15 23:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2007/01/16 18:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/10/10 11:38:59 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/01/07 00:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/30 23:20:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 15:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
[2010/10/01 11:09:02 | 003,219,504 | ---- | M] (Webroot Software, Inc. ) -- C:\Documents and Settings\All Users\Application Data\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA}\WRInstall.exe
[2010/10/01 11:05:55 | 001,286,960 | ---- | M] (Webroot Software, Inc. ) -- C:\Documents and Settings\All Users\Application Data\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA}\OFFLINE\B2785152\DE0A17F3\WRTray.exe
[2010/10/01 11:01:45 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) -- C:\Documents and Settings\All Users\Application Data\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA}\OFFLINE\E3131F5C\DE0A17F3\WRConsumerService.exe
[2010/10/01 11:06:38 | 000,433,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA}\OFFLINE\FA6F4296\DE0A17F3\WRSvcAssist.exe
[2006/05/13 18:56:08 | 000,806,912 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\AIMinst.exe
[2006/05/13 18:55:27 | 000,456,240 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\AIMLang.exe
[2006/05/13 18:53:54 | 000,081,200 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\alsetup.exe
[2006/05/13 18:55:43 | 000,601,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\ampx.exe
[2006/05/13 18:54:28 | 000,100,456 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\aod.exe
[2006/05/13 18:55:49 | 000,044,448 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\instopts.exe
[2006/05/13 18:53:40 | 000,163,136 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\iphinst.exe
[2006/05/13 18:54:06 | 000,651,952 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\muinst.exe
[2006/05/13 18:57:54 | 004,982,584 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\ocpinst.exe
[2006/05/13 18:56:54 | 002,929,248 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\plxoinst.exe
[2006/05/13 18:55:54 | 000,033,896 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\postproc.exe
[2006/05/13 18:54:17 | 000,308,840 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\prodpckr.exe
[2006/05/13 18:53:49 | 000,010,344 | ---- | M] (America Online Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\rmb1.exe
[2006/05/13 18:55:51 | 000,187,496 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\setup.exe
[2006/05/13 18:54:33 | 000,568,304 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\SLinst.exe
[2006/05/13 18:55:48 | 000,185,960 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\SLinstLP.exe
[2006/05/13 18:58:04 | 000,310,288 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\tbsetup.exe
[2006/05/13 18:56:23 | 001,073,120 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\toolbar.exe
[2006/05/13 18:54:26 | 000,410,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\vwpt.exe
[2008/10/31 15:15:58 | 001,708,432 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\AIMinst.exe
[2008/10/31 15:15:58 | 000,566,248 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\AIMLang.exe
[2008/10/31 15:32:10 | 000,142,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\alsetup.exe
[2008/10/31 15:32:02 | 000,068,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\amos.exe
[2008/10/31 15:32:04 | 000,120,368 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\aoldlmgr.exe
[2007/08/17 09:34:16 | 000,107,872 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\aolsetup.exe
[2008/10/31 15:32:10 | 000,096,560 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\bsetutil.exe
[2008/10/31 15:32:00 | 000,228,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\migrator.exe
[2008/10/31 15:32:02 | 005,005,648 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\ocpinst.exe
[2008/10/31 15:15:54 | 000,036,912 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\postproc.exe
[2008/10/31 15:15:52 | 000,170,848 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\setup.exe
[2008/10/31 15:32:04 | 000,383,128 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\tbsetup.exe
[2008/10/31 15:32:10 | 001,484,064 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\toolbar.exe
[2008/10/31 15:32:02 | 000,376,568 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\unagi3.exe
[2008/10/31 15:32:08 | 000,030,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\Uninstaller.exe
[2008/10/31 15:32:10 | 002,884,832 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4391.1.4\vwpt.exe
[2007/09/17 10:34:06 | 000,136,528 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4397.2.4\radioupd.exe
[2009/11/12 18:07:12 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
[2008/08/26 18:58:08 | 018,598,696 | ---- | M] (PC-Doctor, Inc.) -- C:\Documents and Settings\All Users\Application Data\Dell\DellSupportCenter\installer\Setup.exe
[2010/09/14 11:21:28 | 000,378,856 | ---- | M] (SoftThinks) -- C:\Documents and Settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
[2010/07/09 10:26:26 | 000,475,136 | ---- | M] (SoftThinks SAS) -- C:\Documents and Settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe
[2007/12/14 18:22:17 | 030,633,999 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\DSC20UpgradeTA.exe
[2007/11/13 17:46:00 | 000,135,168 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[2009/10/11 03:55:33 | 000,683,801 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe
[2009/10/11 03:55:44 | 000,683,801 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe
[2007/10/08 15:07:46 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
[2008/01/09 19:00:18 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\ds3r.exe
[2008/02/13 05:16:55 | 002,431,303 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_1_08044.exe
[2008/03/11 19:45:37 | 000,594,179 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_1_08060_20.exe
[2008/09/03 18:06:58 | 005,305,574 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08100_2.0.exe
[2008/10/27 23:09:29 | 000,155,658 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08267_2.0.exe
[2008/10/27 22:52:43 | 000,474,625 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08298_2.0.exe
[2009/01/21 19:23:38 | 000,148,579 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08335_2.0.exe
[2009/05/26 11:10:13 | 003,485,990 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_09085_2.0.exe
[2008/06/25 12:50:12 | 000,529,291 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\PCD_Patch_1.exe

< %APPDATA%\*. >
[2006/05/13 19:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\acccore
[2011/02/20 18:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\AccurateRip
[2009/03/28 19:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Adobe
[2008/11/06 18:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\AdobeUM
[2009/12/27 19:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Antares
[2008/10/26 23:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\AOL
[2011/02/20 17:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Apple Computer
[2010/11/14 17:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\AVGTOOLBAR
[2011/05/24 17:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\BitTorrent
[2009/05/05 18:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Corel
[2006/05/24 23:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Corel Photo Album
[2008/05/06 00:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\FaxCtr
[2007/05/19 18:35:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Gtek
[2007/02/06 19:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Help
[2008/01/20 00:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\ICQ
[2004/08/10 14:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Identities
[2009/02/14 21:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\InstallShield
[2006/09/01 22:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Lavasoft
[2008/02/03 00:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Lexmark Productivity Studio
[2007/03/27 01:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Macromedia
[2009/10/10 05:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Malwarebytes
[2006/08/27 00:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\McAfee.com Personal Firewall
[2010/11/07 23:29:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Microsoft
[2009/03/31 13:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Mozilla
[2006/12/30 05:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\NetMedia Providers
[2009/12/27 20:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\PACE Anti-Piracy
[2008/10/20 22:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Propellerhead Software
[2007/01/05 17:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Publish Providers
[2007/02/07 22:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Real
[2009/11/12 01:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\REAPER
[2008/10/20 22:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Sony
[2009/03/08 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Steinberg
[2006/05/04 03:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Sun
[2006/05/04 03:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Symantec
[2009/10/10 11:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\TuneUp Software
[2007/02/15 12:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Viewpoint
[2007/11/27 22:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\vlc
[2009/11/03 01:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\Webroot
[2008/02/24 00:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\WinRAR
[2010/10/13 01:36:29 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Derrick Stuart\Application Data\yahoo!

< %APPDATA%\*.exe /s >
[2008/01/23 19:31:38 | 000,327,437 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\CIP\TransferAgentSetup.exe
[2007/06/18 22:50:52 | 000,123,138 | ---- | M] () -- C:\Documents and Settings\Derrick Stuart\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\MakeDesktopShortcut.EXE
[2007/06/18 22:50:53 | 000,068,608 | ---- | M] (Dell Inc) -- C:\Documents and Settings\Derrick Stuart\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\fix\DellSupportLauncher.exe
[2007/06/18 22:50:55 | 000,064,512 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\Derrick Stuart\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\item_templ\coach\RunGdp.exe
[2007/06/18 22:53:32 | 000,064,512 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\Derrick Stuart\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\HTML\item_templ\coach\RunGdp.exe
[2007/11/14 14:43:30 | 000,064,512 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\Derrick Stuart\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\HTML\item_templ\coach\RunGdp.exe

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< MD5 for: SYMSNAP.SYS >
[2005/12/07 17:05:26 | 000,144,880 | ---- | M] (StorageCraft) MD5=3CE7BF283C3E43D6BE0191423482069D -- C:\i386\SymSnap.sys
[2005/12/07 17:05:26 | 000,144,880 | ---- | M] (StorageCraft) MD5=3CE7BF283C3E43D6BE0191423482069D -- C:\WINDOWS\system32\drivers\SymSnap.sys

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\system32\drivers\volsnap.sys

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

< End of report >

#9 d.s.

d.s.
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 24 May 2011 - 06:18 PM

OTL Extras logfile created on: 5/24/2011 6:24:12 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Derrick Stuart\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.98 Mb Total Physical Memory | 130.55 Mb Available Physical Memory | 51.40% Memory free
1.07 Gb Paging File | 0.85 Gb Available in Paging File | 79.63% Paging File free
Paging file location(s): C:\pagefile.sys 850 1568 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 9.44 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 9.94 Gb Free Space | 53.46% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 235.32 Gb Free Space | 78.94% Space Free | Partition Type: NTFS

Computer Name: DERRICK | User Name: Derrick Stuart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor -- (Lexmark)
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\WINDOWS\mc00167.exe" = C:\WINDOWS\mc00167.exe:*:Enabled:@xpsp2res.dll,-22019 -- (MediaChance)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DD10F763-CDF6-46CD-9254-C8CE5E91B53E}" = Sony Media Manager 2.1
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"Antares Auto-Tune 3.03 DirectX" = Antares Auto-Tune 3.03 DirectX
"ARP2600 V_is1" = ARP2600 V 1.2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Collab" = Collab
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"HijackThis" = HijackThis 1.99.1
"Hijackthis_is1" = Hijackthis 1.99.1
"ie8" = Windows Internet Explorer 8
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"LastFM_is1" = Last.fm 1.5.4.24567
"Lexmark 2500 Series" = Lexmark 2500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"LUXONIX_LFX-1310" = LUXONIX LFX-1310
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"minimoog V_is1" = minimoog V 1.6
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"REAPER" = REAPER
"Reason_is1" = Reason 3.0
"Reason4_is1" = Reason 4.0
"ShockwaveFlash" = Adobe Flash Player 9
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"UltraISO_is1" = UltraISO Premium V9.32
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Webroot Software" = Webroot Software
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"XILS 3 DEMO_is1" = XILS 3 DEMO
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo%2

#10 d.s.

d.s.
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 24 May 2011 - 06:24 PM

OTL Extras logfile created on: 5/24/2011 6:24:12 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Derrick Stuart\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.98 Mb Total Physical Memory | 130.55 Mb Available Physical Memory | 51.40% Memory free
1.07 Gb Paging File | 0.85 Gb Available in Paging File | 79.63% Paging File free
Paging file location(s): C:\pagefile.sys 850 1568 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 9.44 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 9.94 Gb Free Space | 53.46% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 235.32 Gb Free Space | 78.94% Space Free | Partition Type: NTFS

Computer Name: DERRICK | User Name: Derrick Stuart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor -- (Lexmark)
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\WINDOWS\mc00167.exe" = C:\WINDOWS\mc00167.exe:*:Enabled:@xpsp2res.dll,-22019 -- (MediaChance)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DD10F763-CDF6-46CD-9254-C8CE5E91B53E}" = Sony Media Manager 2.1
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"Antares Auto-Tune 3.03 DirectX" = Antares Auto-Tune 3.03 DirectX
"ARP2600 V_is1" = ARP2600 V 1.2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Collab" = Collab
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"HijackThis" = HijackThis 1.99.1
"Hijackthis_is1" = Hijackthis 1.99.1
"ie8" = Windows Internet Explorer 8
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"LastFM_is1" = Last.fm 1.5.4.24567
"Lexmark 2500 Series" = Lexmark 2500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"LUXONIX_LFX-1310" = LUXONIX LFX-1310
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"minimoog V_is1" = minimoog V 1.6
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"REAPER" = REAPER
"Reason_is1" = Reason 3.0
"Reason4_is1" = Reason 4.0
"ShockwaveFlash" = Adobe Flash Player 9
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"UltraISO_is1" = UltraISO Premium V9.32
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Webroot Software" = Webroot Software
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"XILS 3 DEMO_is1" = XILS 3 DEMO
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/12/2011 11:21:47 PM | Computer Name = DERRICK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/17/2011 6:31:00 AM | Computer Name = DERRICK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/17/2011 6:31:00 AM | Computer Name = DERRICK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/22/2011 10:27:55 PM | Computer Name = DERRICK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/22/2011 10:28:07 PM | Computer Name = DERRICK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/22/2011 11:47:06 PM | Computer Name = DERRICK | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15627, faulting module
gmer.exe, version 1.0.15.15627, fault address 0x0000c676.

Error - 5/23/2011 12:29:47 AM | Computer Name = DERRICK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/23/2011 12:30:02 AM | Computer Name = DERRICK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/24/2011 4:41:22 PM | Computer Name = DERRICK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/24/2011 4:41:22 PM | Computer Name = DERRICK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 5/24/2011 4:59:29 PM | Computer Name = DERRICK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/24/2011 4:59:29 PM | Computer Name = DERRICK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/24/2011 4:59:29 PM | Computer Name = DERRICK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/24/2011 4:59:29 PM | Computer Name = DERRICK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/24/2011 4:59:29 PM | Computer Name = DERRICK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/24/2011 4:59:29 PM | Computer Name = DERRICK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/24/2011 4:59:29 PM | Computer Name = DERRICK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/24/2011 4:59:30 PM | Computer Name = DERRICK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/24/2011 4:59:30 PM | Computer Name = DERRICK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/24/2011 4:59:30 PM | Computer Name = DERRICK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

#11 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 25 May 2011 - 03:30 AM

Let's start fixing this then.

Step 1.
aswMBR-fix:

Close all applications

Run aswMBR and Click Scan

On completion of the scan, click the Fix - button

Posted Image

Posted Image

When prompted to restart click Yes

In case the machine doesn't restart properly you might need to restart it manually.


Rerun aswMBR and save the log as before and post in your next reply

Step 2.
DDS:

Run DDS and post the logs from it in your reply.

Step 3.
Things I would like to see in your reply:

  • The content of the log from aswMBR in step 1.
  • The content of the logs from DDS in step 2.
  • Information on how your computer is running after those steps. Any redirects now?

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#12 d.s.

d.s.
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 25 May 2011 - 01:16 PM

1.)

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-25 14:03:23
-----------------------------
14:03:23.093 OS Version: Windows 5.1.2600 Service Pack 2
14:03:23.093 Number of processors: 1 586 0x409
14:03:23.093 ComputerName: DERRICK UserName:
14:03:26.375 Initialize success
14:03:32.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:03:32.109 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
14:03:32.140 Disk 0 MBR read successfully
14:03:32.140 Disk 0 MBR scan
14:03:32.140 Disk 0 unknown MBR code
14:03:32.156 Disk 0 scanning sectors +156232125
14:03:32.187 Disk 0 malicious Win32:MBRoot code @ sector 156232128 !
14:03:32.203 Disk 0 PE file @ sector 156232150 !
14:03:32.203 Disk 0 scanning C:\WINDOWS\system32\drivers
14:03:41.296 Service scanning
14:03:46.812 Disk 0 trace - called modules:
14:03:46.828 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
14:03:46.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81b23030]
14:03:46.828 3 CLASSPNP.SYS[f931705b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81af0390]
14:03:46.828 Scan finished successfully
14:04:28.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Derrick Stuart\Desktop\MBR.dat"
14:04:28.453 The log file has been saved successfully to "C:\Documents and Settings\Derrick Stuart\Desktop\aswMBR.txt"

#13 d.s.

d.s.
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 25 May 2011 - 01:17 PM

2.)

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by Derrick Stuart at 14:04:52 on 2011-05-25
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.124 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe -k itlsvc
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Derrick Stuart\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_15.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: itlnfw32 - itlnfw32.dll
Notify: itlntfy - itlnfw32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\derrick stuart\application data\mozilla\firefox\profiles\yclq893r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\derrick stuart\application data\mozilla\firefox\profiles\yclq893r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\derrick stuart\application data\mozilla\firefox\profiles\yclq893r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488]
R2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2004-8-10 14336]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-4-26 99248]
R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [2010-10-30 45072]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-7 24652]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-3-8 33792]
R3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [2009-1-13 79649]
S2 MemChecker;Memory Checker;c:\windows\mc00167.exe [2011-4-15 339968]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-4 822424]
S4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2010-10-30 3872776]
S4 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2010-10-1 3066528]
.
=============== Created Last 30 ================
.
2011-05-24 20:54:24 53248 ----a-w- c:\windows\system32\6to4v32.dll
2011-05-24 20:54:08 34816 ----a-w- c:\windows\system32\itlnfw32.dll
2011-05-24 20:54:08 215552 ----a-w- c:\windows\system32\itlpfw32.dll
.
==================== Find3M ====================
.
2011-04-15 17:51:04 339968 ----a-w- c:\windows\mc00167.exe
2011-03-29 04:06:12 3616 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
============= FINISH: 14:06:38.98 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/12/2006 8:19:35 PM
System Uptime: 5/25/2011 1:41:50 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel® Celeron® CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 53 GiB total, 9.429 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 9.943 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP92: 2/25/2011 5:10:11 PM - System Checkpoint
RP93: 2/26/2011 8:31:09 PM - System Checkpoint
RP94: 2/28/2011 4:31:40 PM - System Checkpoint
RP95: 3/2/2011 7:16:16 PM - System Checkpoint
RP96: 3/4/2011 1:16:46 PM - System Checkpoint
RP97: 3/6/2011 10:09:00 PM - System Checkpoint
RP98: 3/7/2011 11:36:29 PM - System Checkpoint
RP99: 3/10/2011 12:02:49 AM - System Checkpoint
RP100: 3/11/2011 6:12:01 PM - System Checkpoint
RP101: 3/13/2011 3:26:11 AM - System Checkpoint
RP102: 3/14/2011 6:11:44 PM - System Checkpoint
RP103: 3/16/2011 2:54:33 AM - System Checkpoint
RP104: 3/19/2011 2:32:27 PM - System Checkpoint
RP105: 3/21/2011 1:56:55 PM - System Checkpoint
RP106: 3/22/2011 9:58:41 PM - System Checkpoint
RP107: 3/24/2011 11:37:04 PM - System Checkpoint
RP108: 3/29/2011 12:33:39 AM - System Checkpoint
RP109: 3/30/2011 1:07:05 AM - System Checkpoint
RP110: 3/31/2011 1:08:04 AM - System Checkpoint
RP111: 4/1/2011 2:07:00 AM - System Checkpoint
RP112: 4/2/2011 2:08:09 AM - System Checkpoint
RP113: 4/3/2011 3:07:00 AM - System Checkpoint
RP114: 4/4/2011 4:05:11 AM - System Checkpoint
RP115: 4/5/2011 5:05:13 AM - System Checkpoint
RP116: 4/6/2011 6:05:10 AM - System Checkpoint
RP117: 4/7/2011 7:05:10 AM - System Checkpoint
RP118: 4/8/2011 8:05:13 AM - System Checkpoint
RP119: 4/9/2011 9:05:20 AM - System Checkpoint
RP120: 4/10/2011 10:05:14 AM - System Checkpoint
RP121: 4/11/2011 11:05:19 AM - System Checkpoint
RP122: 4/12/2011 12:05:20 PM - System Checkpoint
RP123: 4/13/2011 1:05:23 PM - System Checkpoint
RP124: 4/14/2011 2:06:35 PM - System Checkpoint
RP125: 4/26/2011 9:54:27 PM - System Checkpoint
RP126: 5/24/2011 4:54:09 PM - Removed J2SE Runtime Environment 5.0 Update 3
RP127: 5/24/2011 4:56:15 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP128: 5/24/2011 4:58:18 PM - Removed Java™ 6 Update 2
RP129: 5/24/2011 6:26:35 PM - OTL Restore Point
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9
Adobe Reader 6.0.1
Adobe Shockwave Player
AIM 7
AmpliTube2
Antares Auto-Tune 3.03 DirectX
Antares Auto-Tune Evo VST
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARP2600 V 1.2
Bonjour
Collab
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
dBpoweramp Music Converter
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
Download Updater (AOL LLC)
EarthLink setup files
EducateU
ELIcon
Games, Music, & Photos Launcher
Get High Speed Internet!
Hijackthis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Interlok driver setup x32
Internet Service Offers Launcher
iTunes
Java™ 6 Update 15
KRISTAL Audio Engine
Last.fm 1.5.4.24567
Learn2 Player (Uninstall Only)
Lexmark 2500 Series
Lexmark Fax Solutions
Lexmark Toolbar
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
LUXONIX LFX-1310
Magic ISO Maker v5.5 (build 0272)
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
MCU
Melodyne 3.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 Redistributable
minimoog V 1.6
Modem Helper
Mozilla Firefox (3.6.17)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NetWaiting
Norton Ghost 10.0
QuickTime
RealPlayer Basic
REAPER
Reason 3.0
Reason 4.0
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sonic Activation Module
Sonic Update Manager
Sony Media Manager 2.1
Steinberg Cubase SX v3.1.1.944
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
UltraISO Premium V9.32
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
VoiceOver Kit
WebFldrs XP
Webroot Software
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WordPerfect Office 12
XILS 3 DEMO
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/25/2011 12:58:50 AM, error: Dhcp [1002] - The IP address lease 192.168.2.11 for the Network Card with network address 00167651DD88 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
5/25/2011 1:48:56 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
5/25/2011 1:44:08 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The class is configured to run as a security id different from the caller
5/24/2011 4:57:21 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
5/24/2011 4:41:09 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
5/24/2011 4:40:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Memory Checker service to connect.
5/24/2011 4:40:15 PM, error: Service Control Manager [7000] - The Memory Checker service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/23/2011 12:07:30 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
5/22/2011 11:41:40 PM, error: System Error [1003] - Error code 10000050, parameter1 f9a54008, parameter2 00000000, parameter3 b13893b3, parameter4 00000000.
5/22/2011 11:28:54 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
5/22/2011 11:27:50 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
.
==== End Of File ===========================

#14 d.s.

d.s.
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 25 May 2011 - 01:19 PM

Redirects aren't occurring on google searches thus far. svchost.exe will occasionally still cause high CPU usage up to 100%. New symptoms, however, include a pop-up from a "wordslife" website when I attempted to post here and audio now sounds slowed-down and warped (something has damaged the audio drivers maybe?)

#15 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 25 May 2011 - 02:03 PM

That was strange.
Let's do this

Step 1.
Filescan:

Please go to: VirusTotal

  • On the page you'll find a Browse - button.
  • Click on the Browse button.
  • In the Choose File to Upload window which opens, copy and paste this into the File Name box.

    c:\windows\mc00167.exe
  • Next, click the Open button.
  • Then click the Send File - button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.


Step 2.
MBRCheck:

Run the MBRCheck.exe on your desktop.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Step 2.
ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Step 3.
Things I would like to see in your reply:

  • The link to the result from the filescan in step 1.
  • The content of the log from MBRCheck in step 2.
  • The content of C:\Combofix.txt from step 3.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users