Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website Redirects, IE Script Errors, Audio Ads


  • This topic is locked This topic is locked
7 replies to this topic

#1 shizuko

shizuko

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 26 May 2011 - 11:21 AM

As per the title - I got the "2011 Vista Security" virus that manifested a couple different times. I scanned with multiple different anti-malware software (MBAM, S&D, Stopzilla) - Stopzilla was the only one that continued to find traces of the virus. After finally biting the bullet and registering my copy of SZ, I deleted the final files. Unfortunately, it seems like my money for SZ was wasted. Although the Vista Security 2011 appears to be gone for good, I now have a very persistent bug that I can't remove. Anytime Stopzilla decides that it's cleaned everything, it reappears on the next reboot.

Symptoms:
-Internet VERY Slow and takes much longer than usual to connect after reboot (5-10 minutes)
-Fluctuating Hard Drive Space
-File Folders Hidden and/or Missing
-Administrative Access Removed
-Websites redirect
-IE Script Error pop-ups
-Audio ads play from non-visible windows
-Vundo.A7 and Vundo.H continue to reinstall themselves

I did some preliminary research and scanned with DDS and RKUnhooker.

---- PLEASE . HELP! ----



DDS LOG:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24
Run by Rising Sun Photos at 8:57:39 on 2011-05-26
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.945 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Rising Sun Photos\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\CheckSURPackage.EXE
c:\3de4db4aed36944da3c397ecda32\checksurlauncher.exe
c:\3de4db4aed36944da3c397ecda32\CheckSUR.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Rising Sun Photos\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {35065594-9169-4A34-B167-FC4865038E53} - No File
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\users\rising sun photos\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://217.128.151.33/activex/AMC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://212.87.154.68/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2010-10-7 234160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2010-5-12 29792]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2011-3-31 57800]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\mediafour\macdrive 8\MacDrive8Service.exe [2010-10-8 131584]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2010-2-22 45312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-13 1153368]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\common files\surething shared\stllssvr.exe [2006-11-1 74392]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-26 15:56:46 -------- d-----w- C:\3de4db4aed36944da3c397ecda32
2011-05-24 19:18:01 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-24 18:54:46 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-24 18:54:14 -------- d-----w- c:\programdata\Hitman Pro
2011-05-19 05:33:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-11 22:27:59 -------- d-----w- c:\programdata\STOPzilla!
2011-05-11 22:27:59 -------- d-----w- c:\program files\STOPzilla!
2011-05-11 22:27:59 -------- d-----w- c:\program files\common files\iS3
2011-05-11 21:05:30 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-05-11 21:05:30 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-05-11 21:05:30 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-05-11 21:05:30 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-05-11 21:05:30 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-05-11 21:05:30 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-05-11 21:05:28 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-05-11 21:05:28 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-05-11 21:05:28 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-05-11 21:05:28 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-05-11 21:05:28 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-05-11 21:05:28 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-05-11 16:32:41 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-11 01:23:29 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-11 01:23:29 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-11 01:23:29 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-05-11 01:23:29 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-11 01:23:29 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-11 01:23:29 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-11 01:23:29 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-11 01:23:29 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-05-11 01:23:29 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-10 21:16:45 -------- d-----w- c:\program files\Axis Communications
2011-05-01 02:04:30 -------- d--h--w- c:\users\rising sun photos\appdata\local\Graphisoft
2011-05-01 02:04:28 -------- d--h--w- c:\users\rising sun photos\appdata\roaming\Graphisoft
2011-05-01 02:04:28 -------- d-----w- c:\users\rising sun photos\Graphisoft
2011-05-01 01:56:53 -------- d--ha-w- c:\program files\common files\Graphisoft Shared
2011-05-01 01:56:20 -------- d-----w- c:\program files\Graphisoft
2011-04-28 17:11:46 -------- d-----w- c:\program files\Easy Rafters
2011-04-27 20:03:11 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 20:03:09 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
==================== Find3M ====================
.
.
============= FINISH: 8:58:34.88 ===============






RKUNHOOKER LOG:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8CA0A000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7610368 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 177.13 )
0x8301E000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8301E000 PnpManager 3903488 bytes
0x8301E000 RAW 3903488 bytes
0x8301E000 WMIxWDM 3903488 bytes
0x8D401000 C:\Windows\system32\DRIVERS\NETw5v32.sys 3706880 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x99220000 Win32k 2109440 bytes
0x99220000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8940A000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x8900A000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8DE70000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8368C000 PCI_PNP4913 995328 bytes
0x8368C000 C:\Windows\System32\Drivers\spbx.sys 995328 bytes
0x8368C000 sptd 995328 bytes
0x89201000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x806C9000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA0E0C000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8E00B000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8E4F2000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8D14C000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88F3C000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8360D000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9F005000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8060F000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8917A000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x9F175000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x99470000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x88E2D000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8DF73000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x837AE000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x89569000 C:\Windows\System32\Drivers\MDFSYSNT.sys 270336 bytes (Mediafour Corporation, MacDrive file system driver)
0x80688000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8DC38000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8DE32000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8936F000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8E402000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x89140000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x88FC5000 C:\Windows\System32\Drivers\aikqr2mt.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9F0FC000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x89519000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8D78A000 C:\Windows\system32\DRIVERS\e1e6032.sys 229376 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x8DD54000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x833D7000 ACPI_HAL 208896 bytes
0x833D7000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88ED7000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8E1B8000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8DDA2000 C:\Windows\system32\drivers\CHDRT32.sys 200704 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x8DC0A000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8DDD3000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89115000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8DD13000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8E5B1000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8E46C000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x9F14D000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x895AB000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x807D2000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x83788000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8DE0D000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8DCA6000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x89305000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8DFDC000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8E0F7000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8E13B000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9F0BD000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9F0DD000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x88EA4000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9F072000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x892EA000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8E4CF000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x893AD000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x9F08F000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x88F23000 C:\Windows\System32\Drivers\TPkd.sys 102400 bytes (PACE Anti-Piracy, Inc., InterLok system file)
0x88FAD000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9F135000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8E448000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8DC84000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8E0DE000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA0F31000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8E1EA000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8E18E000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9F0A8000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8DCEC000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xA0F00000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8DCD8000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x893D5000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8E1A4000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x891CB000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8E5E5000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8DFC9000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8935D000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xA0F15000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x895D2000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8DD91000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8066F000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x88F09000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x893E9000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8E5A1000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x88E8C000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8D7DC000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8DD01000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x89345000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8E4C0000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8955A000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x88E02000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8DCC9000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8D7CD000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x88E1E000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8D7EC000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x99460000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8DFBB000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8E177000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88E7E000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x893C7000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0x807A9000 C:\Windows\system32\DRIVERS\szkg.sys 57344 bytes (iS3 Inc., szkg Device Driver)
0x8367E000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8E45F000 C:\Windows\system32\drivers\CBDisk.sys 53248 bytes (EldoS Corporation, CallbackDisk Virtual Storage Driver)
0x8E494000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8E0C0000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x807B7000 C:\Windows\system32\drivers\szkgfs.sys 53248 bytes (iS3, Inc., STOPzilla Kernel Guard File System, x86-32 )
0x8DD47000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8D1EB000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0xA0EF4000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8E12F000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8E4A1000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x891DE000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x88ECC000 C:\Windows\System32\Drivers\MDPMGRNT.sys 45056 bytes (Mediafour Corporation, MacDrive partition driver)
0x891E9000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8E16C000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8DC9B000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8DC79000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x89331000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8D7C2000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x88E14000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8E4AC000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x8E4B6000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x88EC2000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8DD3D000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E5DB000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8E43E000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x88F19000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA0EEA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x895E3000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8E118000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8DD88000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xA0F4E000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8E185000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x8E0D5000 C:\Windows\system32\DRIVERS\sffdisk.sys 36864 bytes (Microsoft Corporation, Small Form Factor Disk Driver)
0x99440000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8933C000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89354000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8377F000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x88E9C000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80680000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x80607000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x837F4000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x891F4000 C:\Windows\system32\drivers\NTIDrvr.sys 32768 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0x8E15C000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8E164000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8E0CD000 C:\Windows\system32\DRIVERS\sffp_sd.sys 32768 bytes (Microsoft Corporation, Small Form Factor SD Protocol Driver)
0x89552000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8CA00000 C:\Windows\system32\drivers\UBHelper.sys 32768 bytes (NewTech Infosystems Corporation, NTI CDROM Filter Driver)
0xA0F27000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8E128000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8D1F8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x88E77000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xA0F47000 C:\Users\RISING~1\AppData\Local\Temp\mbr.sys 28672 bytes
0x8E121000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x893F9000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8E002000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x895F9000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9F1DC000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x88E11000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8D7FA000 C:\Windows\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Development Company, L.P., HP Tablet PC Key Button HID Driver)
0x8E000000 C:\Windows\system32\DRIVERS\eabfiltr.sys 8192 bytes (Hewlett-Packard Development Company, L.P., QLB PS/2 Keyboard filter driver)
0x8DD11000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8E0F5000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8564D1F8 unknown_irp_handler 3592 bytes
0x88D6C1F8 unknown_irp_handler 3592 bytes
0x856861F8 unknown_irp_handler 3592 bytes
0x856851F8 unknown_irp_handler 3592 bytes
0x870EB1F8 unknown_irp_handler 3592 bytes
0x88C911F8 unknown_irp_handler 3592 bytes
0x88C8A1F8 unknown_irp_handler 3592 bytes
0x872911F8 unknown_irp_handler 3592 bytes
0x872951F8 unknown_irp_handler 3592 bytes
0x85FDA1F8 unknown_irp_handler 3592 bytes
0x870EA1F8 unknown_irp_handler 3592 bytes
0x85FD11F8 unknown_irp_handler 3592 bytes
0x872811F8 unknown_irp_handler 3592 bytes
0x8700F1F8 unknown_irp_handler 3592 bytes
0xA581B1F8 unknown_irp_handler 3592 bytes
==============================================
>Stealth
==============================================
0x87067A91 Unknown page with executable code, 1391 bytes
0x89519000 WARNING: Virus alike driver modification [volsnap.sys], 233472 bytes
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x87066288 Unknown page with executable code, 3448 bytes
0x87068191 Unknown page with executable code, 3695 bytes
0x8706AE7A Unknown thread object [ ETHREAD 0x87054380 ] TID: 248, 600 bytes
0x8706D008 Unknown thread object [ ETHREAD 0x8528A8F8 ] TID: 252, 600 bytes
0x8706C0DE Unknown thread object [ ETHREAD 0x86FE8A48 ] , 600 bytes
0x8706AB45 Unknown thread object [ ETHREAD 0x86E26B38 ] , 600 bytes
0x00A90000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x9BEA6870 ] PID: 1956, 77824 bytes
0x8706CCDC Unknown page with executable code, 804 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:49 PM

Posted 29 May 2011 - 11:21 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 shizuko

shizuko
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 30 May 2011 - 10:07 PM

OK, here are my logs. The computer has been having basically the same problems. I've pretty much given up on scanning with StopZilla, because everything is reinfecting itself. I have also noticed my Spybot S&D Resident has been popping up with some notifications about firewall changes - I disabled a bunch of possible suspect firewall connections and retained only the ones I trust. Aside from that, I'm still getting a fair amount of redirects, the occasional script errors and it seems like the audio ads have gone down significantly, but not disappeared completely.

Thank you very much for your help.

LOGFILES PASTED BELOW: ((((WARNING: INCOMPLETE LOG - SEE FOLLOWING POST))))



RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8D604000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7610368 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 177.13 )
0x83036000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x83036000 PnpManager 3903488 bytes
0x83036000 RAW 3903488 bytes
0x83036000 WMIxWDM 3903488 bytes
0x8DE06000 C:\Windows\system32\DRIVERS\NETw5v32.sys 3706880 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x99A60000 Win32k 2109440 bytes
0x99A60000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x89404000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x89003000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8E490000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8368D000 PCI_PNP0833 995328 bytes
0x8368D000 C:\Windows\System32\Drivers\speb.sys 995328 bytes
0x8368D000 sptd 995328 bytes
0x89207000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x806C2000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA140E000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8EA07000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8ECD6000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8DD46000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88F44000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8360E000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9E807000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x80608000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x89173000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x9E977000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x99CB0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x88E35000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8E593000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x837AF000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x89563000 C:\Windows\System32\Drivers\MDFSYSNT.sys 270336 bytes (Mediafour Corporation, MacDrive file system driver)
0x80681000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E66D000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8E452000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x89374000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8EC0E000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x89139000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8E606000 C:\Windows\System32\Drivers\arv3a1gr.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9E8FE000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x89513000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8E18F000 C:\Windows\system32\DRIVERS\e1e6032.sys 229376 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x8E789000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83003000 ACPI_HAL 208896 bytes
0x83003000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88EDF000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8EBA3000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x88FCD000 C:\Windows\system32\drivers\CHDRT32.sys 200704 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x8E63F000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8E400000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8910E000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8E748000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8ED95000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9E94F000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x895A5000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x807CB000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x83789000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8E42D000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8E6DB000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x895DD000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8E7D7000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8EAE2000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8EB26000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9E8BF000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9E8DF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x88EAC000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9E874000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x892F0000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8ECB3000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x893B2000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x9E891000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x88F2B000 C:\Windows\System32\Drivers\TPkd.sys 102400 bytes (PACE Anti-Piracy, Inc., InterLok system file)
0x88FB5000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9E937000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8EC54000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8E6B9000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8EAC9000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA150C000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8EBD5000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8EB79000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9E8AA000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8E721000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8E70D000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x893CC000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8EB8F000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x891C4000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8EDC9000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E5DB000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x89362000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x895CC000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8E7C6000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80668000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x88F11000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x893E0000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8ED85000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x88E94000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8E1E1000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8E736000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8934A000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0xA1522000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x89554000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x88E0A000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8E6FE000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8E1D2000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x88E26000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8E1F1000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x99CA0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8EBEB000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8EB62000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88E86000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8DDF2000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0x807A2000 C:\Windows\system32\DRIVERS\szkg.sys 57344 bytes (iS3 Inc., szkg Device Driver)
0x8367F000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8EC6B000 C:\Windows\system32\drivers\CBDisk.sys 53248 bytes (EldoS Corporation, CallbackDisk Virtual Storage Driver)
0x8EC78000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8EABC000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x807B0000 C:\Windows\system32\driver

Edited by shizuko, 30 May 2011 - 10:39 PM.


#4 shizuko

shizuko
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 30 May 2011 - 10:35 PM

(CONTINUED: BLUE SCREEN OF DEATH MID-POST - "Normandy.sys")



RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8D408000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7610368 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 177.13 )
0x83035000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x83035000 PnpManager 3903488 bytes
0x83035000 RAW 3903488 bytes
0x83035000 WMIxWDM 3903488 bytes
0x8DC00000 C:\Windows\system32\DRIVERS\NETw5v32.sys 3706880 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x99290000 Win32k 2109440 bytes
0x99290000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8940E000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x8900F000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8E864000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x83683000 PCI_PNP3921 995328 bytes
0x83683000 C:\Windows\System32\Drivers\spjt.sys 995328 bytes
0x83683000 sptd 995328 bytes
0x8920D000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x806CB000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA0C00000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8EC05000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8F0CD000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8DB4A000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88F44000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x83604000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9E201000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x80611000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8917F000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x9E371000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x994E0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x88E35000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8E967000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x837A5000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8956D000 C:\Windows\System32\Drivers\MDFSYSNT.sys 270336 bytes (Mediafour Corporation, MacDrive file system driver)
0x8068A000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E667000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8E826000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8937E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8F005000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x89145000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8E600000 C:\Windows\System32\Drivers\aia1r7xy.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9E2F8000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8951D000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8DF89000 C:\Windows\system32\DRIVERS\e1e6032.sys 229376 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x8E783000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83002000 ACPI_HAL 208896 bytes
0x83002000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88EDF000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8EDA1000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x88FCD000 C:\Windows\system32\drivers\CHDRT32.sys 200704 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x8E639000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8E7D1000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8911A000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8E742000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8F18C000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9E349000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x895AF000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x807D4000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8377F000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8E801000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8E6D5000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x89311000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8E9C2000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8ECE0000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8ED24000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9E2B9000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9E2D9000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x88EAC000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9E26E000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x892F6000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8F0AA000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x893BC000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x9E28B000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x88F2B000 C:\Windows\System32\Drivers\TPkd.sys 102400 bytes (PACE Anti-Piracy, Inc., InterLok system file)
0x88FB5000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9E331000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F04B000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8E6B3000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8ECC7000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA0CFE000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8EDD3000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8ED77000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9E2A4000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8E71B000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8E707000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x893E4000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8ED8D000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x891E0000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8F1C0000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E9AF000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8936C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x895D6000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8E7C0000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80671000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x88F11000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x891D0000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8F17C000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x88E94000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8DFDB000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8E730000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x89350000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8F09B000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8955E000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x88E0A000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8E6F8000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8DFCC000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x88E26000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8DFEB000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x994D0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8EDE9000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8ED60000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88E86000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x893D6000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0x807AB000 C:\Windows\system32\DRIVERS\szkg.sys 57344 bytes (iS3 Inc., szkg Device Driver)
0x83675000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8F062000 C:\Windows\system32\drivers\CBDisk.sys 53248 bytes (EldoS Corporation, CallbackDisk Virtual Storage Driver)
0x8F06F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8ECBA000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x807B9000 C:\Windows\system32\drivers\szkgfs.sys 53248 bytes (iS3, Inc., STOPzilla Kernel Guard File System, x86-32 )
0x8E776000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8DBE9000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0xA0CE8000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8ED18000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8F07C000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x89200000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x88ED4000 C:\Windows\System32\Drivers\MDPMGRNT.sys 45056 bytes (Mediafour Corporation, MacDrive partition driver)
0x891F3000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8ED55000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E6CA000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E6A8000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8933C000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8DFC1000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x88E1C000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8F087000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x8F091000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x88ECA000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8E76C000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8F1B6000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8F041000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x88F21000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA0CDE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x895E7000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8ED01000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8E7B7000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xA0D14000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8ED6E000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x994B0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x89347000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89363000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x83776000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x88EA4000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80682000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x80609000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x837EB000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x893F8000 C:\Windows\system32\drivers\NTIDrvr.sys 32768 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0x8ED45000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8ED4D000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x89556000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8D400000 C:\Windows\system32\drivers\UBHelper.sys 32768 bytes (NewTech Infosystems Corporation, NTI CDROM Filter Driver)
0xA0CF4000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8ED11000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8DBF6000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x88E7F000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8ED0A000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x89000000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8EDF9000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8935F000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9E3D8000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x88E19000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8DFF9000 C:\Windows\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Development Company, L.P., HP Tablet PC Key Button HID Driver)
0x8EDF7000 C:\Windows\system32\DRIVERS\eabfiltr.sys 8192 bytes (Hewlett-Packard Development Company, L.P., QLB PS/2 Keyboard filter driver)
0x8E740000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8ECDE000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x85FD41F8 unknown_irp_handler 3592 bytes
0x85FD31F8 unknown_irp_handler 3592 bytes
0x85FD01F8 unknown_irp_handler 3592 bytes
0x872E31F8 unknown_irp_handler 3592 bytes
0x88D0B1F8 unknown_irp_handler 3592 bytes
0x88CE11F8 unknown_irp_handler 3592 bytes
0x872D91F8 unknown_irp_handler 3592 bytes
0x873151F8 unknown_irp_handler 3592 bytes
0x872CC1F8 unknown_irp_handler 3592 bytes
0x856781F8 unknown_irp_handler 3592 bytes
0x872E51F8 unknown_irp_handler 3592 bytes
0x8524C1F8 unknown_irp_handler 3592 bytes
0x870741F8 unknown_irp_handler 3592 bytes
0xA4D3D500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
0x870BAA91 Unknown page with executable code, 1391 bytes
0x8951D000 WARNING: Virus alike driver modification [volsnap.sys], 233472 bytes
0x870BDF14 Unknown page with executable code, 236 bytes
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x870B9288 Unknown page with executable code, 3448 bytes
0x870BB191 Unknown page with executable code, 3695 bytes
0x870BE02C Unknown page with executable code, 4052 bytes
0x870BCDC6 Unknown page with executable code, 570 bytes
0x870BDE7A Unknown thread object [ ETHREAD 0x87053D78 ] TID: 248, 600 bytes
0x870C0008 Unknown thread object [ ETHREAD 0x8708A520 ] TID: 252, 600 bytes
0x870BF0DE Unknown thread object [ ETHREAD 0x8708A278 ] , 600 bytes
0x870BDB45 Unknown thread object [ ETHREAD 0x87053970 ] , 600 bytes
0x00460000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x81FFFD90 ] PID: 1944, 77824 bytes
0x870BFCDC Unknown page with executable code, 804 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#5 shizuko

shizuko
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 30 May 2011 - 10:44 PM

OTL logfile created on: 5/30/2011 8:38:35 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Rising Sun Photos\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.66% Memory free
3.66 Gb Paging File | 2.52 Gb Available in Paging File | 68.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.42 Gb Total Space | 0.54 Gb Free Space | 0.38% Space Free | Partition Type: NTFS
Drive D: | 6.63 Gb Total Space | 0.60 Gb Free Space | 9.04% Space Free | Partition Type: NTFS

Computer Name: RISINGSUNDBA | User Name: Rising Sun Photos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/30 20:38:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Rising Sun Photos\Desktop\OTL.exe
PRC - [2011/05/11 14:05:40 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/05/11 14:05:36 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2010/09/05 01:36:50 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/03/03 04:31:29 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2010/02/22 10:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/11/24 16:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2006/11/24 16:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/30 20:38:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Rising Sun Photos\Desktop\OTL.exe
MOD - [2010/08/31 08:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/05/11 14:05:36 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/10/08 12:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2010/06/07 20:45:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/22 10:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/16 19:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2007/03/13 02:23:18 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/03/13 02:23:18 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/24 16:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/24 16:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/06/26 10:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (Normandy)
DRV - [2010/10/07 15:36:04 | 000,234,160 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/06/07 20:43:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/05/12 14:51:34 | 000,029,792 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/05/12 14:42:50 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2008/12/05 08:55:40 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/12/04 03:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/03 06:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/07/10 07:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/19 04:32:16 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/16 02:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 21:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 19:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/09 02:02:30 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/06/28 10:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-792080314-3432794986-437033187-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-792080314-3432794986-437033187-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-792080314-3432794986-437033187-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-792080314-3432794986-437033187-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {153DF480-6C31-42A2-A3A4-0ADADD947F8E}:1.9.1
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.1.1.2
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/16 14:20:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/16 14:20:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{153DF480-6C31-42A2-A3A4-0ADADD947F8E}: C:\Users\Rising Sun Photos\AppData\Local\{153DF480-6C31-42A2-A3A4-0ADADD947F8E} [2011/02/23 10:31:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/18 22:33:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 16:47:47 | 000,000,000 | ---D | M]

[2010/04/22 16:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rising Sun Photos\AppData\Roaming\Mozilla\Extensions
[2011/05/11 09:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rising Sun Photos\AppData\Roaming\Mozilla\Firefox\Profiles\d7l2gbmk.default\extensions
[2010/04/23 22:04:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rising Sun Photos\AppData\Roaming\Mozilla\Firefox\Profiles\d7l2gbmk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/11 09:23:57 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Rising Sun Photos\AppData\Roaming\Mozilla\Firefox\Profiles\d7l2gbmk.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/05/09 20:25:56 | 000,001,490 | ---- | M] () -- C:\Users\Rising Sun Photos\AppData\Roaming\Mozilla\Firefox\Profiles\d7l2gbmk.default\searchplugins\AOL Search.xml
[2011/05/18 22:33:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/02/23 10:31:43 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\RISING SUN PHOTOS\APPDATA\LOCAL\{153DF480-6C31-42A2-A3A4-0ADADD947F8E}
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/23 16:42:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/09 20:25:56 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/11 15:32:58 | 000,434,391 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 14941 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKU\S-1-5-21-792080314-3432794986-437033187-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-792080314-3432794986-437033187-1000\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-792080314-3432794986-437033187-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-792080314-3432794986-437033187-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-792080314-3432794986-437033187-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-792080314-3432794986-437033187-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-792080314-3432794986-437033187-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-792080314-3432794986-437033187-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://217.128.151.33/activex/AMC.cab (AxisMediaControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://212.87.154.68/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Rising Sun Photos\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rising Sun Photos\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/17 22:35:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-792080314-3432794986-437033187-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 20:38:09 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Rising Sun Photos\Desktop\OTL.exe
[2011/05/26 01:17:27 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Rising Sun Photos\Desktop\dds.com
[2011/05/26 01:09:51 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Rising Sun Photos\Desktop\dds.scr
[2011/05/25 09:44:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/24 12:18:01 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/05/24 11:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/05/17 20:38:04 | 000,000,000 | ---D | C] -- C:\Users\Rising Sun Photos\Desktop\Norma
[2011/05/11 15:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/05/11 15:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/05/11 15:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/05/11 15:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/05/11 14:05:30 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/05/11 14:05:30 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/05/11 14:05:30 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/05/11 14:05:30 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/05/11 14:05:30 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/05/11 14:05:30 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/05/11 14:05:28 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/05/11 14:05:28 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/05/11 14:05:28 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/05/11 14:05:28 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/05/11 14:05:28 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/05/11 14:05:28 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/05/11 00:22:37 | 000,000,000 | ---D | C] -- C:\Users\Rising Sun Photos\Desktop\nateprint
[2011/05/10 18:23:16 | 000,000,000 | ---D | C] -- C:\Users\Rising Sun Photos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/05/10 14:35:14 | 000,000,000 | ---D | C] -- C:\Users\Rising Sun Photos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011/05/10 14:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Axis Communications

========== Files - Modified Within 30 Days ==========

[2011/05/30 20:38:13 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Rising Sun Photos\Desktop\OTL.exe
[2011/05/30 20:32:29 | 000,020,894 | ---- | M] () -- C:\Users\Rising Sun Photos\Desktop\RkunhookerReport
[2011/05/30 20:30:05 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/30 20:30:04 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/30 20:26:58 | 000,001,256 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/05/30 20:24:35 | 000,084,738 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/30 20:24:35 | 000,084,738 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/30 20:24:12 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 20:24:12 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 20:24:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/30 12:04:15 | 000,222,909 | ---- | M] () -- C:\Users\Rising Sun Photos\Desktop\tAWGn.jpg
[2011/05/26 01:57:44 | 000,133,632 | ---- | M] () -- C:\Users\Rising Sun Photos\Desktop\RKUnhookerLE.EXE
[2011/05/26 01:17:31 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Rising Sun Photos\Desktop\dds.com
[2011/05/26 01:11:31 | 000,293,775 | ---- | M] () -- C:\Users\Rising Sun Photos\Desktop\gmer.zip
[2011/05/26 01:06:03 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Rising Sun Photos\Desktop\dds.scr
[2011/05/25 20:50:06 | 000,002,102 | ---- | M] () -- C:\Users\Rising Sun Photos\Desktop\Google Chrome.lnk
[2011/05/25 20:50:06 | 000,002,064 | ---- | M] () -- C:\Users\Rising Sun Photos\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/25 03:52:46 | 000,001,356 | ---- | M] () -- C:\Users\Rising Sun Photos\AppData\Local\d3d9caps.dat
[2011/05/24 12:18:01 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/05/24 11:54:46 | 000,017,480 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/21 15:42:54 | 004,561,867 | ---- | M] () -- C:\Users\Rising Sun Photos\Desktop\Jessica_Alba_jessica-alba568edit.jpg
[2011/05/21 14:49:28 | 001,501,270 | ---- | M] () -- C:\Users\Rising Sun Photos\Desktop\Jessica_Alba_jessica-alba568.jpg
[2011/05/18 22:33:47 | 000,000,870 | ---- | M] () -- C:\Users\Rising Sun Photos\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/18 22:33:47 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/18 20:40:35 | 000,097,792 | ---- | M] () -- C:\Users\Rising Sun Photos\Desktop\Resume.pub
[2011/05/18 19:18:11 | 000,325,044 | ---- | M] () -- C:\Users\Rising Sun Photos\Desktop\Resume.pdf
[2011/05/13 11:43:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/11 15:32:58 | 000,434,391 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/11 14:14:46 | 000,002,862 | -HS- | M] () -- C:\ProgramData\80v1mp4c4a8450x2
[2011/05/11 14:05:30 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/05/11 14:05:30 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/05/11 14:05:30 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/05/11 14:05:30 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/05/11 14:05:30 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/05/11 14:05:30 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/05/11 14:05:28 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/05/11 14:05:28 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/05/11 14:05:28 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/05/11 14:05:28 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/05/11 14:05:28 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/05/11 14:05:28 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/05/11 09:23:11 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/10 21:05:27 | 000,000,934 | ---- | M] () -- C:\Users\Rising Sun Photos\Desktop\Lightroom.lnk
[2011/05/10 21:05:05 | 000,000,988 | ---- | M] () -- C:\Users\Rising Sun Photos\Desktop\PhotoShop.lnk
[2011/05/10 18:22:53 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-792080314-3432794986-437033187-1000Core.job
[2011/05/04 13:54:12 | 000,302,080 | ---- | M] () -- C:\Users\Rising Sun Photos\Desktop\gmer.exe

========== Files Created - No Company Name ==========

[2011/05/30 20:25:29 | 000,001,256 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/05/30 12:04:12 | 000,222,909 | ---- | C] () -- C:\Users\Rising Sun Photos\Desktop\tAWGn.jpg
[2011/05/26 09:04:04 | 000,020,894 | ---- | C] () -- C:\Users\Rising Sun Photos\Desktop\RkunhookerReport
[2011/05/26 01:57:29 | 000,133,632 | ---- | C] () -- C:\Users\Rising Sun Photos\Desktop\RKUnhookerLE.EXE
[2011/05/26 01:11:43 | 000,302,080 | ---- | C] () -- C:\Users\Rising Sun Photos\Desktop\gmer.exe
[2011/05/26 01:11:27 | 000,293,775 | ---- | C] () -- C:\Users\Rising Sun Photos\Desktop\gmer.zip
[2011/05/24 11:54:46 | 000,017,480 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/21 15:42:40 | 004,561,867 | ---- | C] () -- C:\Users\Rising Sun Photos\Desktop\Jessica_Alba_jessica-alba568edit.jpg
[2011/05/21 14:49:26 | 001,501,270 | ---- | C] () -- C:\Users\Rising Sun Photos\Desktop\Jessica_Alba_jessica-alba568.jpg
[2011/05/18 18:45:02 | 000,325,044 | ---- | C] () -- C:\Users\Rising Sun Photos\Desktop\Resume.pdf
[2011/05/18 18:44:46 | 000,097,792 | ---- | C] () -- C:\Users\Rising Sun Photos\Desktop\Resume.pub
[2011/05/11 16:18:32 | 061,662,028 | ---- | C] () -- C:\Users\Rising Sun Photos\Desktop\complete with adjustment for lens mod1-.tif
[2011/05/11 16:18:31 | 012,285,200 | ---- | C] () -- C:\Users\Rising Sun Photos\Desktop\complete with adjustment for lens mod1-.jpg
[2011/05/11 14:13:33 | 000,002,862 | -HS- | C] () -- C:\ProgramData\80v1mp4c4a8450x2
[2011/05/11 09:23:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/10 21:05:27 | 000,000,934 | ---- | C] () -- C:\Users\Rising Sun Photos\Desktop\Lightroom.lnk
[2011/05/10 21:05:05 | 000,000,988 | ---- | C] () -- C:\Users\Rising Sun Photos\Desktop\PhotoShop.lnk
[2011/05/10 18:23:32 | 000,000,870 | ---- | C] () -- C:\Users\Rising Sun Photos\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/10 18:23:32 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/10 18:23:32 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/10 18:23:20 | 000,002,102 | ---- | C] () -- C:\Users\Rising Sun Photos\Desktop\Google Chrome.lnk
[2011/05/10 18:23:20 | 000,002,064 | ---- | C] () -- C:\Users\Rising Sun Photos\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/10 18:22:53 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-792080314-3432794986-437033187-1000Core.job
[2011/04/17 07:39:58 | 000,001,368 | -HS- | C] () -- C:\Users\Rising Sun Photos\AppData\Local\f8772mw7g33g3lwtxyp0v8j2j1s27802s75cw2h36dlal
[2011/04/17 07:39:58 | 000,001,368 | -HS- | C] () -- C:\ProgramData\f8772mw7g33g3lwtxyp0v8j2j1s27802s75cw2h36dlal
[2011/04/07 12:42:49 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/03/25 06:55:23 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/03/25 06:55:23 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/23 10:31:44 | 000,003,056 | ---- | C] () -- C:\Users\Rising Sun Photos\AppData\Local\Klipamewigame.dat
[2011/02/23 10:31:44 | 000,000,000 | ---- | C] () -- C:\Users\Rising Sun Photos\AppData\Local\Usegina.bin
[2011/02/07 20:14:42 | 000,001,057 | ---- | C] () -- C:\Users\Rising Sun Photos\AppData\Roaming\vso_ts_preview.xml
[2011/01/18 02:11:05 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/06 13:59:03 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/06 13:59:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/04 00:07:24 | 000,137,176 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/01/03 17:54:04 | 000,268,952 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/01/03 17:53:56 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/12/14 06:42:11 | 001,235,574 | ---- | C] () -- C:\Users\Rising Sun Photos\AppData\Local\[j0002]-[p01].bmp
[2010/11/18 14:45:37 | 000,000,132 | ---- | C] () -- C:\Users\Rising Sun Photos\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/11/02 14:31:33 | 000,159,851 | ---- | C] () -- C:\Windows\ScanWiz Uninstaller.exe
[2010/10/07 16:10:54 | 000,118,907 | ---- | C] () -- C:\Windows\hpoins31.dat
[2010/10/07 16:10:54 | 000,000,945 | ---- | C] () -- C:\Windows\hpomdl31.dat
[2010/08/03 15:42:31 | 000,000,079 | ---- | C] () -- C:\Users\Rising Sun Photos\AppData\Roaming\rjzserver.cfg
[2010/07/17 14:01:16 | 000,148,901 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/07/17 13:51:17 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/07/12 22:45:15 | 000,000,060 | ---- | C] () -- C:\Windows\System32\SYSWQDRV.SYS
[2010/06/16 12:31:21 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2010/06/15 13:01:35 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/10 08:12:32 | 000,017,408 | ---- | C] () -- C:\Users\Rising Sun Photos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/27 20:33:21 | 000,001,356 | ---- | C] () -- C:\Users\Rising Sun Photos\AppData\Local\d3d9caps.dat
[2010/03/04 14:18:07 | 000,084,738 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/03/04 14:18:07 | 000,084,738 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/03/01 17:27:20 | 000,013,589 | ---- | C] () -- C:\Users\Rising Sun Photos\AppData\Roaming\nvModes.001
[2010/03/01 00:56:07 | 000,013,589 | ---- | C] () -- C:\Users\Rising Sun Photos\AppData\Roaming\nvModes.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2006/12/17 21:36:18 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/29 00:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 003,857,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,105,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 00:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 00:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/05/07 21:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/09/16 13:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:F7F48F12
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:C7DEC6B7
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:4E3BC198

< End of report >









OTL Extras logfile created on: 5/30/2011 8:38:35 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Rising Sun Photos\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.66% Memory free
3.66 Gb Paging File | 2.52 Gb Available in Paging File | 68.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.42 Gb Total Space | 0.54 Gb Free Space | 0.38% Space Free | Partition Type: NTFS
Drive D: | 6.63 Gb Total Space | 0.60 Gb Free Space | 9.04% Space Free | Partition Type: NTFS

Computer Name: RISINGSUNDBA | User Name: Rising Sun Photos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-792080314-3432794986-437033187-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03831346-7DB6-4FA7-B8FF-C0EF3B8F830E}" = lport=1492 | protocol=17 | dir=in | name=192.168.0.10 |
"{47524D91-CF9E-45B9-81CD-089CE9274856}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{50B0C92E-8578-4BE3-B457-05C9CCF7B716}" = lport=1492 | protocol=6 | dir=in | name=192.168.0.10 |
"{92F74A9A-19FA-4584-BCF9-6398DE23E8D8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A8594215-38FA-42BA-8CED-34DF51B839AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ED3C18-F157-4746-8F03-A0F0800DE0E1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{03AB6E20-C3AD-4B1B-8BC3-0757C5BCD165}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{0D7F4738-2A17-4066-B12E-D9F58C79275E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0EB82D0C-AFFB-4115-A4FD-105D4730C7A8}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{0F1C9F9F-441A-441D-823A-3F08A636EBFB}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1605DC24-FCB2-48C9-B885-7D6F58A048D8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{17EDFBA7-EBA7-4793-8539-AD2F16B453A2}" = protocol=17 | dir=in | app=c:\users\rising sun photos\appdata\local\apps\2.0\y4e78r8d.whz\n48bxazz.mjk\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{1A9933B2-2C50-4C29-8DA7-17E79B855A04}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1E0F8D11-994C-4EF2-90C7-FD44F3A34691}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\camarocowboy95\team fortress classic\hl.exe |
"{2A279D0E-2412-4502-83DE-1D252C4E7C9E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{2B68D622-F77B-4857-BF52-D7037512B7BF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2CFAD79B-1ABF-427A-8548-54DAB15003A0}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{3073D35F-BA48-4E95-8B4F-40835079CAD0}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposid01.exe |
"{31DCBC88-ABFD-403D-ABCA-01E554163929}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3570B5EF-2CE2-40F3-B8FE-88338FBD13EC}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxs08.exe |
"{3C0FCAC0-9A49-4582-8080-6A1BBBB1E82B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3C6EADC0-00AE-4B9C-82FE-7A005A537D35}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxm08.exe |
"{528A9003-AB62-4835-9FF8-732AE7901AE6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5D90EACF-DE36-4BB8-AED5-C91FC2CB91FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64AFA5FE-0E8D-4C61-90A8-60C65A2B554D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqnrs08.exe |
"{651B95D0-D427-4ACB-AAC0-00A542A9F5E8}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{6F005EC2-B494-48B5-90FF-E28BC1662759}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe |
"{6F43B12E-604A-4C65-9C49-CFB23B8C3B20}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{71381C35-F21E-4EDB-A9EE-62FFA05D7B40}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{723A000E-3FDD-4DC2-9357-A517239161CF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{74088053-E825-4ADD-AFF0-460B77D37FF6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\camarocowboy95\team fortress classic\hl.exe |
"{77BFC2C6-6C3A-49E3-AE08-B69461C3D0EA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8086198B-081A-436E-9B6A-BF038F095B62}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqcopy2.exe |
"{85526F10-3230-454F-AC2E-200C550D4CDA}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{8D722FBD-1196-4D6A-82DE-C8CCC9437E95}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{8EADC530-0C17-4E25-BD78-2B9B0B1F5B11}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{98418C4E-F177-4D95-B0D1-802F4009DD80}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{989FC5E8-636B-46A0-90FB-67D381C134B3}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpzwiz01.exe |
"{99636CF8-5F1A-4A17-8B95-C90E08ED4C74}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqkygrp.exe |
"{A29A3B3D-0BCB-460A-AF84-649DE1840EF3}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposfx08.exe |
"{A3DBE404-55F8-4D56-89E2-A83E9B55EE31}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{A50F745E-9CAE-4F51-8D0E-E93ABC1CFDF9}" = protocol=6 | dir=in | app=c:\users\rising sun photos\appdata\local\apps\2.0\y4e78r8d.whz\n48bxazz.mjk\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{A796B0D5-C03C-4323-87E5-8AEEF9695897}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{B00BAA18-9642-4CAA-833E-3D157BBB2931}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpoews01.exe |
"{B08AB0B3-59B0-4EB5-9EB2-DA789112F29A}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B2962AB1-64EC-49E1-8419-5B274500A595}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B302B955-2BC9-4A6D-972E-A416B61DD736}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqste08.exe |
"{B8B5AB4E-7B43-4F16-B5F0-0FCF5172612D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BEB47D7D-3771-4929-B24E-E9031B933514}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D0B6AF37-9E64-4BC6-B414-8D39AA01DB09}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpiscnapp.exe |
"{D28CD40F-D13B-4055-AB4F-40C9E867C835}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DFC666CC-D851-4C69-9482-EB12E500D612}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{E3C47F6C-05BB-41F8-92F8-6283D178E757}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{E5F1255C-3225-4EAA-AB0A-E304D03DAD7B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E76E914A-62B9-47A2-97FC-7D18B7B2A32B}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpfccopy.exe |
"{F9FEAA0D-883A-4EF7-A376-F877B51EED74}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FA20E106-6830-4D53-8F8C-B25EA3602457}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"TCP Query User{0F27FAB3-F022-4DFE-AD10-5E5A2FC19F36}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{2C801575-ADBC-416A-83C1-3697D1B8390C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{8C6CAF4E-5A33-475B-B7B9-E5E4BF5448C4}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"TCP Query User{9896F8C8-9FC7-464D-A060-9931F00D5CE0}C:\users\rising sun photos\appdata\local\temp\rar$ex09.882\rjdjcomposerpack_windows\rjzserver\rjzserver.exe" = protocol=6 | dir=in | app=c:\users\rising sun photos\appdata\local\temp\rar$ex09.882\rjdjcomposerpack_windows\rjzserver\rjzserver.exe |
"TCP Query User{9E4A29A7-F763-4A1F-9E28-90E4D1C81D8E}C:\program files\botz\honorbuddy.exe" = protocol=6 | dir=in | app=c:\program files\botz\honorbuddy.exe |
"TCP Query User{A3A99E40-16A1-4411-8267-B8CDCF48B711}C:\program files\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"TCP Query User{BAF102B3-CC3B-4B6D-A11C-18FCB8448590}C:\pd\pd\bin\pd.exe" = protocol=6 | dir=in | app=c:\pd\pd\bin\pd.exe |
"TCP Query User{D8693423-8FDB-4121-8C4C-14F065A8E05E}C:\pd\pd\bin\pd.com" = protocol=6 | dir=in | app=c:\pd\pd\bin\pd.com |
"UDP Query User{19EBF12F-B5EF-4F73-9078-7AD17BCA1C28}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{25D209E6-F347-42E5-ACE6-7FC00A39AF3C}C:\program files\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"UDP Query User{581B5FD6-E06F-49B1-8E12-D3F7394865BF}C:\pd\pd\bin\pd.exe" = protocol=17 | dir=in | app=c:\pd\pd\bin\pd.exe |
"UDP Query User{9FB3C184-71C5-4738-898D-323890D99DF5}C:\program files\botz\honorbuddy.exe" = protocol=17 | dir=in | app=c:\program files\botz\honorbuddy.exe |
"UDP Query User{B7360336-4C2D-4D36-BDCB-F2EDD87DBB45}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"UDP Query User{DC8412BC-662F-43D9-A7E7-6384511341C8}C:\users\rising sun photos\appdata\local\temp\rar$ex09.882\rjdjcomposerpack_windows\rjzserver\rjzserver.exe" = protocol=17 | dir=in | app=c:\users\rising sun photos\appdata\local\temp\rar$ex09.882\rjdjcomposerpack_windows\rjzserver\rjzserver.exe |
"UDP Query User{E192B8A8-16D9-4F13-8AE3-822732D939F4}C:\pd\pd\bin\pd.com" = protocol=17 | dir=in | app=c:\pd\pd\bin\pd.com |
"UDP Query User{E5B6A565-120C-40D2-A018-535DD1F81E5A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D9F0E6-4C48-4279-894E-C8EC6F60CF18}" = Craigslist Notifier
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23DD8A17-65DB-4D49-A2E0-164C6F460E3F}" = Adobe Photoshop Lightroom 3
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2F19B641-5FD4-43C8-9637-23AD726ACC40}" = Easy Rafters
"{324A4F1C-3CA5-4158-A64D-D593739B8A73}" = CraigsList Reader Business
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{795A3A1E-E06A-4214-A2EF-3DDF3BA05C2B}" = STOPzilla
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{7FEFAD2B-CD9B-478F-8AD4-4A9B54FB786D}" = Prish Image Resizer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}" = LightScribe Applications
"{88D18C5E-5113-4A1E-8EC9-2B7E24688A14}" = PS_AIO_04_C6300_Software_Min
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99C5770C-1C90-42E7-9B74-D47CFAF14621}" = muvee autoProducer 5.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D0E65B9-B525-43C0-A2C9-5D73D24ADB80}" = Miro Video Converter
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AF346D59-7F5B-4CA2-9302-7F4AC3C09C10}" = MacDrive 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"{BA8DF709-6BAB-4092-91E0-4D67EFC12A98}" = HP Photosmart C6300 All-In-One Driver 12.0 Rel .4
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB7B4260-0E23-4444-8376-1D3E74F421D8}_is1" = ScanToPDF 4.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4454286-A321-469A-9D9D-F210FD02B992}_is1" = Basternae Client 0.18
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}" = HP User Guide 0048
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F665C0D9-D110-4E21-A073-952057C7ADB1}" = PTDD Super Fdisk 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"001FFF1FFF14FF00FF0301F01F02F000-R1" = ArchiCAD 14 USA
"7-Zip" = 7-Zip 9.14 beta
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnalogX MaxMem" = AnalogX MaxMem
"ASIO4ALL" = ASIO4ALL
"Auto Clicker Typer_is1" = Auto Clicker Typer 1.0
"AutoHotkey" = AutoHotkey 1.0.48.05
"AXIS Media Control" = AXIS Media Control
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Conquest_is1" = Conquest 4.0
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HPOCR" = HP OCR Software 8.0
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro4.0x32_is1" = Photomatix Pro version 4.0.2
"Recover My Photos_is1" = Recover My Photos
"Replay Media Catcher 3.11" = Replay Media Catcher
"ScanWiz" = ScanWiz
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery v3.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VueScan" = VueScan
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-792080314-3432794986-437033187-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/31/2011 7:55:22 PM | Computer Name = RisingSunDBA | Source = Windows Search Service | ID = 3013
Description =

Error - 4/1/2011 12:54:40 PM | Computer Name = RisingSunDBA | Source = Perflib | ID = 1010
Description =

Error - 4/1/2011 12:54:41 PM | Computer Name = RisingSunDBA | Source = Perflib | ID = 1008
Description =

Error - 4/2/2011 12:55:20 AM | Computer Name = RisingSunDBA | Source = Perflib | ID = 1008
Description =

Error - 4/2/2011 9:00:10 PM | Computer Name = RisingSunDBA | Source = Windows Search Service | ID = 3013
Description =

Error - 4/2/2011 9:00:35 PM | Computer Name = RisingSunDBA | Source = Windows Search Service | ID = 3013
Description =

Error - 4/2/2011 9:01:54 PM | Computer Name = RisingSunDBA | Source = Windows Search Service | ID = 3013
Description =

Error - 4/3/2011 3:36:36 AM | Computer Name = RisingSunDBA | Source = Windows Search Service | ID = 3013
Description =

Error - 4/3/2011 3:43:02 AM | Computer Name = RisingSunDBA | Source = Windows Search Service | ID = 3013
Description =

Error - 4/3/2011 3:45:32 AM | Computer Name = RisingSunDBA | Source = Windows Search Service | ID = 3013
Description =

[ OSession Events ]
Error - 4/14/2011 1:56:13 PM | Computer Name = RisingSunDBA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/30/2011 11:29:29 PM | Computer Name = RisingSunDBA | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 5/30/2011 11:29:29 PM | Computer Name = RisingSunDBA | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 5/30/2011 11:29:29 PM | Computer Name = RisingSunDBA | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 5/30/2011 11:29:29 PM | Computer Name = RisingSunDBA | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 5/30/2011 11:36:04 PM | Computer Name = RisingSunDBA | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 5/30/2011 11:36:04 PM | Computer Name = RisingSunDBA | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 5/30/2011 11:36:04 PM | Computer Name = RisingSunDBA | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 5/30/2011 11:36:04 PM | Computer Name = RisingSunDBA | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 5/30/2011 11:36:04 PM | Computer Name = RisingSunDBA | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 5/30/2011 11:36:04 PM | Computer Name = RisingSunDBA | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.


< End of report >

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:49 PM

Posted 31 May 2011 - 09:25 AM

Hi shizuko!

We still have some work to do!

Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



GooredFix
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    FF - prefs.js..network.proxy.type: 4
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-792080314-3432794986-437033187-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-792080314-3432794986-437033187-1000\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
    O4 - HKU\S-1-5-21-792080314-3432794986-437033187-1000..\Run: [AdobeBridge] File not found
    O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O37 - HKU\S-1-5-21-792080314-3432794986-437033187-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [2011/05/10 14:35:14 | 000,000,000 | ---D | C] -- C:\Users\Rising Sun Photos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
    [2011/05/11 14:14:46 | 000,002,862 | -HS- | M] () -- C:\ProgramData\80v1mp4c4a8450x2
    [2011/05/11 14:13:33 | 000,002,862 | -HS- | C] () -- C:\ProgramData\80v1mp4c4a8450x2
    [2011/04/17 07:39:58 | 000,001,368 | -HS- | C] () -- C:\Users\Rising Sun Photos\AppData\Local\f8772mw7g33g3lwtxyp0v8j2j1s27802s75cw2h36dlal
    [2011/04/17 07:39:58 | 000,001,368 | -HS- | C] () -- C:\ProgramData\f8772mw7g33g3lwtxyp0v8j2j1s27802s75cw2h36dlal
    [2011/02/23 10:31:44 | 000,003,056 | ---- | C] () -- C:\Users\Rising Sun Photos\AppData\Local\Klipamewigame.dat
    [2011/02/23 10:31:44 | 000,000,000 | ---- | C] () -- C:\Users\Rising Sun Photos\AppData\Local\Usegina.bin
    
    :Reg
    
    :Files
    type "C:\ComboFix.txt" /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:49 PM

Posted 02 June 2011 - 11:04 AM

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:49 PM

Posted 04 June 2011 - 11:52 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users