Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected xp recovery virus; desktop is black with few icons


  • This topic is locked This topic is locked
13 replies to this topic

#1 shim

shim

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 27 May 2011 - 02:49 PM

Following the instructions, I created the following logs:
The internet is working; folders showing empty; black desktop screen with few icons
ran malwarebytes- unsuccessful at removing (3) infections
I did run rkill and tdss (2x)prior to malwarebytes
pop-ups saying harddrive problems, memory problems - have ceased

please help to remove virus

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:06 PM

Posted 02 June 2011 - 12:01 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 shim

shim
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 02 June 2011 - 12:35 PM

I have since recovered my desktop; but I know that there are still trojans on the computer. I tried to run malware bytes and it recognizes three infections but then 'craps out' before completion- I get some run address error?-i can't exactly recall. I have since been able to transfer my important files and was thinking of wiping the drive; but first I will try what you recommend and get back to you. Thanks for responding. Best -dave

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:06 PM

Posted 02 June 2011 - 12:37 PM

:thumbsup:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 shim

shim
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 02 June 2011 - 09:46 PM

I ran the reports and below are the results. The computer is very sluggish.

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF68C0000 C:\WINDOWS\system32\DRIVERS\BCMSM.sys 1101824 bytes (Broadcom Corporation, Modem Device Driver)
0xBF06B000 C:\WINDOWS\System32\ialmdd5.DLL 905216 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF6A05000 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys 811008 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF7571000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF679A000 C:\WINDOWS\system32\drivers\smwdm.sys 540672 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xB0BDC000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF2201000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB0E02000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAC039000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF148000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF7615000 bdfsfltr.sys 282624 bytes (BitDefender S.R.L. Bucharest, ROMANIA, BitDefender AntiVirus FS filter driver)
0xAB9AB000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF76D4000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAC28C000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7544000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF03F000 C:\WINDOWS\System32\ialmdev5.DLL 180224 bytes (Intel Corporation, Component GHAL Driver)
0xB0CB0000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAC309000 C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys 163840 bytes (AVG Technologies , IDS Application Activity Monitor Driver.)
0xB0D57000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB0BA5000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xABC1C000 C:\WINDOWS\System32\Drivers\dd0c4eec.sys 147456 bytes
0xAC3D6000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6776000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF69CD000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF689D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB0CDB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF766C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF76A4000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 126976 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF752A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF768C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAC3BE000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF75FE000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF674B000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAC3A9000 C:\WINDOWS\System32\Drivers\DefragFS.SYS 86016 bytes (Raxco Software, Inc., Defragmentation Support Driver)
0xAC24F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6762000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF69F1000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB0E9E000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF765A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xABC68000 C:\WINDOWS\System32\Drivers\EPLPDX02.SYS 69632 bytes (MK Systems CO., LTD., LPT I/O driver for EPSON PRINTER)
0xF76C3000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF673A000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xABDE1000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF78B3000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF63BB000 C:\WINDOWS\system32\DRIVERS\rspndr.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0xF6D4E000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF6D5E000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF6D8E000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF78F3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF4871000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF2AE8000 C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys 57344 bytes (Radialpoint, Inc., Radialpoint Filter)
0xF7763000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF6D3E000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF6D2E000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7743000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6CFE000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF632B000 C:\WINDOWS\system32\DRIVERS\rp_skt32.sys 49152 bytes (Radialpoint Inc., Radialpoint Filter)
0xF7893000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 45056 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xB21F2000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF78A3000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7733000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6D0E000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF23CA000 C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys 40960 bytes (AVG Technologies , IDS Application Activity Monitor Filter Driver.)
0xF7723000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF2AD8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF2AF8000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xABE31000 C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys 40960 bytes (BitDefender S.R.L., Trufos Kernel Module)
0xF7783000 AVGIDSEH.sys 36864 bytes (AVG Technologies , IDS Application Activity Monitor Helper Driver.)
0xAB94B000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7753000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB273B000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF78E3000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF78C3000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB272B000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7773000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB21E2000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7A6B000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB1D2D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7A63000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF29F5000 C:\WINDOWS\system32\ANIO.SYS 28672 bytes (Alpha Networks Inc., ANIO (NT5) Driver )
0xF7A7B000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF29ED000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF79A3000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB0A44000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7A73000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7A8B000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF79F3000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB0A2C000 C:\WINDOWS\system32\DRIVERS\purendis.sys 24576 bytes (Pure Networks, Inc., NDIS Relay Driver)
0xF7B03000 C:\WINDOWS\system32\drivers\symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xF7A5B000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7B23000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB05EE000 C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys 20480 bytes (AVG Technologies , IDS Application Activity Monitor Loader Driver.)
0xF2A05000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB1D35000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF79AB000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB0D2D000 C:\WINDOWS\system32\DRIVERS\pnarp.sys 20480 bytes (Pure Networks, Inc., Address Resolution Protocol Driver)
0xF7A4B000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7A53000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7A83000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xACA36000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF243B000 C:\WINDOWS\System32\Drivers\ASPI32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xF2F5D000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAED31000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF1EFD000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)
0xABEA5000 C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys 16384 bytes (BitDefender S.R.L., Profos Kernel Module)
0xF74D2000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7B33000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xACA98000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF241B000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF2437000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF74CE000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6ADB000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF6AD7000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7C71000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7C35000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB0ECC000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7C33000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7C27000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7C23000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7C37000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xACC8A000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7C29000 PenClass.sys 8192 bytes (Wacom Technology Corporation, Pen Class Driver)
0xF7C39000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7C73000 C:\WINDOWS\System32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7C2B000 sonyhcb.sys 8192 bytes (Sony Corporation, sonyhcb.sys)
0xF7CCB000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7CD7000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7C25000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E57000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB0D4F000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xB22B5000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7E14000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB22B4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7CEB000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

Next are the OTL and extras reports:

OTL logfile created on: 6/2/2011 10:14:28 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 267.82 Mb Available Physical Memory | 26.19% Memory free
1.65 Gb Paging File | 1.09 Gb Available in Paging File | 66.11% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 6.38 Gb Free Space | 11.42% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 0.71 Gb Free Space | 18.95% Space Free | Partition Type: FAT32

Computer Name: DAVEDESKTOP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 22:11:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/01/04 17:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
PRC - [2011/01/04 17:51:14 | 004,318,520 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
PRC - [2011/01/04 17:51:14 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/06/07 16:10:06 | 000,378,088 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RPS.exe
PRC - [2010/06/07 16:10:06 | 000,166,944 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
PRC - [2010/06/07 16:09:06 | 000,382,208 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
PRC - [2010/06/07 13:46:12 | 000,120,048 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe
PRC - [2010/06/07 13:46:08 | 001,053,936 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Rogers Backup Manager\VaultClientSRV.exe
PRC - [2009/11/02 17:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/12/16 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/09/09 08:18:24 | 001,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/01/10 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/11/01 01:04:02 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2005/12/06 00:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe


========== Modules (SafeList) ==========

MOD - [2011/06/02 22:11:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2011/03/06 18:28:16 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\scan.dll -- (scan)
SRV - [2011/01/04 17:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/06/07 16:10:06 | 000,166,944 | ---- | M] (Rogers) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/06/07 16:09:06 | 000,382,208 | ---- | M] (Rogers) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe -- (RP_FWS)
SRV - [2010/06/07 13:46:12 | 000,120,048 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe -- (VaultClientUpgrade)
SRV - [2010/06/07 13:46:08 | 001,053,936 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files\Rogers Backup Manager\VaultClientSRV.exe -- (VaultClientSRV)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/02 17:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/06/08 13:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/06/08 13:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/12/16 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/09/09 08:18:24 | 001,174,664 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/01/10 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/11/01 01:04:02 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2006/10/14 20:21:04 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2006/07/03 15:22:58 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2005/12/06 00:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/06 18:10:05 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2009/11/26 11:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys -- (Trufos)
DRV - [2009/11/26 11:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys -- (Profos)
DRV - [2009/11/02 17:27:02 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/11/02 17:27:02 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/11/02 17:27:02 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)
DRV - [2009/11/02 17:27:02 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)
DRV - [2009/10/23 15:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/06/08 11:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/01/05 23:37:35 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/10/17 13:54:02 | 000,003,072 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2007/08/07 13:56:58 | 000,009,344 | ---- | M] (Lavasoft AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2007/07/11 14:37:26 | 000,006,272 | ---- | M] (Lavasoft AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AWRTPD.sys -- (Ad-Watch Real-Time Scanner)
DRV - [2007/03/27 03:55:32 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/02/08 20:44:22 | 000,026,944 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2007/02/08 20:44:00 | 000,025,792 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/08/01 15:45:29 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/05/08 19:10:44 | 000,347,648 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2005/12/11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/11/30 00:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2005/04/26 13:25:00 | 000,015,360 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2005/04/06 19:46:50 | 000,034,240 | R--- | M] (ADS) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adsexpb.sys -- (ADSEXPB)
DRV - [2004/09/22 18:45:38 | 000,233,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\blackbox.dll -- (BlackBox)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/01/15 15:45:06 | 000,042,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)
DRV - [2001/11/05 09:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 09:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys -- (sonyhcb)
DRV - [2001/08/29 04:48:12 | 000,094,688 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\upatc.sys -- (UPATC)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/09 22:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-1770027372-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1708250
IE - HKU\S-1-5-21-1078081533-1770027372-725345543-1003\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1078081533-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Free Lunch Design Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Free Lunch Design Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: {5556F97E-11A5-46b0-9082-32AD74AAA920}:0.4.2.2
FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.8.1
FF - prefs.js..extensions.enabledItems: Dcurrency@Dcurrency.fr:0.4.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 20:49:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 12:11:51 | 000,000,000 | ---D | M]

[2010/10/10 12:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/10/10 12:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/05/29 20:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3z7h4lqh.default\extensions
[2010/12/15 21:26:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3z7h4lqh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/10/20 08:35:08 | 000,000,000 | ---D | M] ("Adblock") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3z7h4lqh.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2010/12/15 21:26:22 | 000,000,000 | ---D | M] (AutoFormer) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3z7h4lqh.default\extensions\{5556F97E-11A5-46b0-9082-32AD74AAA920}
[2010/06/09 21:08:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3z7h4lqh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/01/05 19:28:48 | 000,000,000 | ---D | M] (Check4Change) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3z7h4lqh.default\extensions\check4change-owner@mozdev.org
[2010/05/21 16:19:18 | 000,000,000 | ---D | M] (Dcurrency) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3z7h4lqh.default\extensions\Dcurrency@Dcurrency.fr
[2008/08/24 21:49:30 | 000,000,000 | ---D | M] (myTimeZone for eBay) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3z7h4lqh.default\extensions\myTimeZone@smartgamez.org
[2009/05/31 18:45:28 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3z7h4lqh.default\searchplugins\conduit.xml
[2010/06/09 21:19:38 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3z7h4lqh.default\searchplugins\ebay-negs.xml
[2007/07/28 18:16:30 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3z7h4lqh.default\searchplugins\siteadvisor.xml
[2011/05/29 20:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 10:09:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/17 10:08:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/17 10:08:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/14 20:20:05 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll

Hosts file not found
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - Reg Error: Value error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-1078081533-1770027372-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-1770027372-725345543-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-1770027372-725345543-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-1770027372-725345543-1003\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [RogersServicepointAgent.exe] C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1078081533-1770027372-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab (EPUImageControl Class)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.real.com/263b66c05a11497c9f05/netzip/RdxIE601.cab (RdxIE Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111089987000 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136743007593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.photolab.ca/en/Photo/ImageUploader3.cab (Aurigma Image Uploader 3.0 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/13 15:12:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5ad97404-665a-11dc-9fd7-000bdb26a4de}\Shell - "" = AutoRun
O33 - MountPoints2\{5ad97404-665a-11dc-9fd7-000bdb26a4de}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5ad97404-665a-11dc-9fd7-000bdb26a4de}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{5c603560-59ce-11df-841d-000bdb26a4de}\Shell\Auto\command - "" = E:\launcher.exe
O33 - MountPoints2\{5c603560-59ce-11df-841d-000bdb26a4de}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5c603560-59ce-11df-841d-000bdb26a4de}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe
O33 - MountPoints2\{91d7e835-d467-11df-84d7-000bdb26a4de}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{9c7e134c-9e2d-11df-8490-000bdb26a4de}\Shell\Auto\command - "" = E:\launcher.exe
O33 - MountPoints2\{9c7e134c-9e2d-11df-8490-000bdb26a4de}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9c7e134c-9e2d-11df-8490-000bdb26a4de}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 22:13:33 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/05/30 09:18:32 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/05/29 16:12:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Recent
[2011/05/27 12:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2011/05/27 12:11:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2011/05/27 12:11:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/05/27 12:11:27 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/05/27 07:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Windows XP Recovery
[2011/05/20 18:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/15 20:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\INET
[2011/05/13 17:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Intuit
[2011/05/13 17:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
[2011/05/13 17:18:25 | 002,471,424 | ---- | C] (Steema Software SL) -- C:\WINDOWS\System32\TeeChart5.ocx
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 22:11:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/02 21:57:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/02 21:55:30 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/06/02 21:54:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/02 21:34:14 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/05/29 23:33:06 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/29 21:05:05 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/29 20:21:50 | 000,075,776 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 16:14:56 | 000,447,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/29 16:14:55 | 000,073,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/27 12:16:19 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/05/27 12:11:26 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/05/15 20:47:13 | 010,986,496 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dr David Lasko.QBB.QBB.QBW
[2011/05/14 13:15:49 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WORD2002.lnk
[2011/05/13 17:20:09 | 000,000,231 | ---- | M] () -- C:\WINDOWS\WinHelp.ini
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/02 21:37:09 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/05/27 12:16:20 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/05/15 20:41:46 | 010,986,496 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dr David Lasko.QBB.QBB.QBW
[2011/03/02 21:44:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/09/09 00:16:03 | 000,122,220 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/14 20:19:03 | 000,098,136 | ---- | C] () -- C:\WINDOWS\gzip.exe
[2010/04/04 21:32:03 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/02/05 15:07:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/02/05 15:07:10 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/02/05 15:07:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/02/05 15:07:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/02/05 15:07:10 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/02/05 15:07:10 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/02/05 15:07:10 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/02/05 15:07:09 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/02/05 15:07:09 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/02/05 15:07:09 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/02/05 15:07:09 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/02/05 15:07:09 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/02/05 15:07:09 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/02/05 15:07:09 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/02/05 15:07:09 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/02/05 15:07:09 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/02/05 14:51:00 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX100.ini
[2010/02/02 00:26:41 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/10/21 15:20:08 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
[2009/04/21 15:59:19 | 093,239,584 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/04/21 15:59:19 | 009,712,416 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/04/13 18:24:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2007/09/09 08:12:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/05/25 17:10:48 | 000,000,182 | ---- | C] () -- C:\WINDOWS\KA.INI
[2007/04/13 15:19:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007/04/07 19:53:44 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007/03/27 03:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/10 18:42:11 | 000,000,071 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/02/25 23:58:45 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\FixVTS.ini
[2007/01/12 17:56:14 | 000,000,336 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2007/01/09 21:41:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2006/12/28 23:59:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/16 21:38:10 | 000,000,357 | ---- | C] () -- C:\WINDOWS\DVDRipper.INI
[2006/12/12 12:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/12/05 22:21:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/12/05 22:21:25 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2006/12/05 22:21:25 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/12/05 22:21:25 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006/11/12 00:26:01 | 000,000,274 | ---- | C] () -- C:\WINDOWS\maketorrent.ini
[2006/10/29 21:36:50 | 000,000,189 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2006/10/29 00:55:29 | 000,002,059 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Lame (Exe) Codec.dat
[2006/10/20 18:34:38 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2006/10/20 18:34:36 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/10/20 18:34:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2006/10/06 22:48:15 | 000,002,276 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat
[2006/09/28 21:59:41 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2006/09/28 21:59:40 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2006/09/05 19:39:46 | 000,001,331 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Shorten Codec.dat
[2006/08/19 22:30:34 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
[2006/08/19 07:58:28 | 000,036,104 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2006/08/19 07:57:51 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006/08/19 07:57:51 | 000,010,840 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dMC Power Pack.dat
[2006/07/14 15:35:46 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2006/03/19 17:18:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/02/24 18:06:56 | 000,000,310 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2006/02/24 18:03:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/02/24 18:03:24 | 000,000,740 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/02/23 16:30:46 | 000,149,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2005/11/29 17:46:40 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/10/23 19:50:23 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/10/23 19:50:08 | 000,003,548 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/09/16 20:36:01 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/08/19 16:57:37 | 000,000,190 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/08/11 15:19:03 | 000,075,776 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/13 22:25:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/05/14 19:43:55 | 000,000,290 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/04/13 23:43:24 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/01/10 23:03:40 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/01/10 23:03:40 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2005/01/10 23:03:40 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/10/24 14:45:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/03 19:09:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/09/24 15:24:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2004/08/30 14:09:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/15 18:53:19 | 000,000,227 | ---- | C] () -- C:\WINDOWS\WSOPDELX.INI
[2004/08/15 13:11:24 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/08/13 16:02:18 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/08/13 16:00:55 | 000,000,358 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2004/08/13 15:59:58 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2004/08/13 15:59:49 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSON C62 Installer.ini
[2004/08/13 15:55:40 | 000,000,231 | ---- | C] () -- C:\WINDOWS\WinHelp.ini
[2004/08/13 15:14:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/13 15:09:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/13 09:03:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/13 09:03:02 | 000,516,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 13:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 13:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 12:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 12:52:00 | 000,447,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 12:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 12:51:54 | 000,073,800 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 12:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 12:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 12:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 12:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 12:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2000/09/13 22:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1998/03/24 00:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\REGTLIB.EXE

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50678933

< End of report >


and finally....

OTL Extras logfile created on: 6/2/2011 10:14:28 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 267.82 Mb Available Physical Memory | 26.19% Memory free
1.65 Gb Paging File | 1.09 Gb Available in Paging File | 66.11% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 6.38 Gb Free Space | 11.42% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 0.71 Gb Free Space | 18.95% Space Free | Partition Type: FAT32

Computer Name: DAVEDESKTOP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\COFFEE~1\COFFEE~1\coffee.exe" "%1" (CoffeeCup Software)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Generate MD5 Signatures] -- "c:\program files\mkw toolkit\mkwACT.exe" (Michael K. Weise)
Directory [NIYoW] -- "C:\Program Files\NIYoW\niyow.exe" "/folder %1" (MC Software)
Directory [NIYoW.QuickRename] -- "C:\Program Files\NIYoW\niyow.exe" /quickrename folder="%1" rules="$choose_task$" (MC Software)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Owner\Desktop\utorrent.exe" = C:\Documents and Settings\Owner\Desktop\utorrent.exe:*:Enabled:µTorrent
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
"G:\program files\uTorrent\utorrent.exe" = G:\program files\uTorrent\utorrent.exe:*:Enabled:µTorrent
"C:\Program Files\WildTangent\Polar Bowler\polar.exe" = C:\Program Files\WildTangent\Polar Bowler\polar.exe:*:Enabled:polar
"C:\Program Files\MidTen Media\Comic Collector Live\CCL.exe" = C:\Program Files\MidTen Media\Comic Collector Live\CCL.exe:*:Enabled:Comic Collector Live -- (MidTen Media)
"C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe" = C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0FCAE604-F20E-45F6-BD55-A0520CD90BAE}" = ArcSoft PhotoImpression
"{11E13ECA-9958-4A49-8545-81B34F68E803}" = Comic Collector Live
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{316CDA1E-4760-4772-94B0-0FFC56D85700}" = RPS CRT
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{33A783E8-DC11-427F-A56C-8ED43EEC0695}" = RPS CRT
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35AE9CC9-10A3-4A24-87DF-A6A99BDC1969}" = Rogers Online Protection
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{548B7B4A-B4F6-4074-A2D2-40154DC906B5}" = RPS PerfectDiskStub
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{71798A51-4265-49F9-B307-3D26E9B24404}" = QuickBooks Premier 2007: Accountant and Bookkeeper Edition
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{779C01A3-8466-499D-88FC-EB820EB3AC51}" = RPS RpsCore
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110487177}" = Marble Blast
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B103FC2F-C0D7-48F7-8DE2-AB4F28CDF0F7}" = Learn to Play Chess with Fritz and Chesster
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BA180519-5857-4D89-9EAD-A2248B89AEF7}" = RangeBooster G WUA-2340
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CC964932-75AE-4C79-8EBF-865C799C3D35}" = Network Magic
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEC2A5B9-CE19-4F2E-9C8F-F310C0EAB993}" = ArcSoft Media Card Companion
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F836B31F-4E5C-4DCB-88D7-6F9714B21D83}" = TMPGEnc DVD Author 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4264EB8698BC18BF27D0CE835379C57124AD2B98" = Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (02/08/2007 4.1.7039.0)
"77DC33BA594917395D7B0FB0ECCE284BF207C1F7" = Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (02/08/2007 4.1.7039.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Adobe Shockwave Player" = Adobe Shockwave Player
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Belarc Advisor" = Belarc Advisor 8.1
"ChessOpeningsWizardProfessional_is1" = Chess Openings Wizard - Professional build 54
"CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor
"dBpowerAMP FLAC Codec" = dBpowerAMP FLAC Codec
"dBpowerAMP Lame (Exe) Codec" = dBpowerAMP Lame (Exe) Codec
"dBpowerAMP Monkeys Audio Codec" = dBpowerAMP Monkeys Audio Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Shorten Codec" = dBpowerAMP Shorten Codec
"dMC Power Pack" = dMC Power Pack
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.3.2.1
"foobar2000" = foobar2000 v0.9.4.1
"Free_Lunch_Design Toolbar" = Free_Lunch_Design Toolbar
"Homestead SiteBuilder" = Homestead SiteBuilder
"Icy Tower v1.4_is1" = Icy Tower v1.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{BA180519-5857-4D89-9EAD-A2248B89AEF7}" = RangeBooster G WUA-2340
"IsoBuster_is1" = IsoBuster 2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mkwACT" = mkw Audio Compression Toolkit
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MVApplication1" = Memorex exPressit Label Design Studio
"Name It Your Way (NIYoW)_is1" = Name It Your Way (NIYoW) v1.7.6
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey" = NeroVision Express Content
"Peshka_is1" = Peshka
"QuickGamma_is1" = QuickGamma 2.0.0.3
"RadialpointClientGateway_is1" = Rogers Servicepoint Agent 3.7.44
"RegCure" = RegCure 1.5.0.0
"Rogers Yahoo! Applications" = Rogers Yahoo! Applications
"SuperTux_is1" = SuperTux 0.1.3
"Tablet Driver" = Tablet
"TOD 012010" = TOD 012010
"TOD 072009" = TOD 072009
"TomTom HOME" = TomTom HOME 2.7.6.2056
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinDjView" = WinDjView 1.0.3
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Works2003Setup" = Microsoft Works 2003 Setup Launcher

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2011 8:22:42 AM | Computer Name = DAVEDESKTOP | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/2796BAE63F1801E277261BA0D77770028F20EEE4.crt>
with error: This network connection does not exist.

Error - 5/27/2011 8:22:55 AM | Computer Name = DAVEDESKTOP | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt>
with error: The connection with the server was terminated abnormally

Error - 5/27/2011 8:22:55 AM | Computer Name = DAVEDESKTOP | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt>
with error: This network connection does not exist.

Error - 5/27/2011 12:22:47 PM | Computer Name = DAVEDESKTOP | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15627, faulting module
gmer.exe, version 1.0.15.15627, fault address 0x0000c676.

Error - 5/29/2011 4:15:34 PM | Computer Name = DAVEDESKTOP | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.140:5353 27 Rp\.SpaEndpointV1._rp-hsd._tcp.local.
SRV 0 0 8965 davidlaptopxp.local.

Error - 5/29/2011 4:15:34 PM | Computer Name = DAVEDESKTOP | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 25 Rp\.SpaEndpointV1._rp-hsd._tcp.local.
SRV 0 0 8965 DAVEDESKTOP.local.

Error - 5/29/2011 4:21:38 PM | Computer Name = DAVEDESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
winmm.dll, version 5.1.2600.5512, fault address 0x00005d9f.

Error - 5/29/2011 7:20:58 PM | Computer Name = DAVEDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4127, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2011 10:21:30 PM | Computer Name = DAVEDESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/30/2011 10:21:36 PM | Computer Name = DAVEDESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 5/30/2011 10:27:59 PM | Computer Name = DAVEDESKTOP | Source = Service Control Manager | ID = 7034
Description = The RadialpointIDSAgent service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/30/2011 10:28:20 PM | Computer Name = DAVEDESKTOP | Source = Service Control Manager | ID = 7034
Description = The Rogers Online Protection service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/30/2011 11:12:35 PM | Computer Name = DAVEDESKTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for PowerPoint Viewer 2003 (KB969615).

Error - 6/2/2011 9:25:30 PM | Computer Name = DAVEDESKTOP | Source = Print | ID = 23
Description = Printer SnagIt 7 failed to initialize because a suitable SnagIt 7
Printer driver could not be found.

Error - 6/2/2011 9:25:40 PM | Computer Name = DAVEDESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 6/2/2011 9:25:50 PM | Computer Name = DAVEDESKTOP | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 340 (0x154).

Error - 6/2/2011 9:35:14 PM | Computer Name = DAVEDESKTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 6/2/2011 9:55:14 PM | Computer Name = DAVEDESKTOP | Source = Print | ID = 23
Description = Printer SnagIt 7 failed to initialize because a suitable SnagIt 7
Printer driver could not be found.

Error - 6/2/2011 9:55:36 PM | Computer Name = DAVEDESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 6/2/2011 9:55:46 PM | Computer Name = DAVEDESKTOP | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 340 (0x154).


< End of report >

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:06 PM

Posted 03 June 2011 - 09:53 AM

Hi Dave!

Can you please post the TDSSKiller logs, if you still have them?

They can be found in your C:\ drive.



Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Value error. File not found
    O3 - HKU\S-1-5-21-1078081533-1770027372-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1078081533-1770027372-725345543-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-1078081533-1770027372-725345543-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1078081533-1770027372-725345543-1003\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (Reg Error: Key error.)
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Reg Error: Key error.)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O33 - MountPoints2\{5ad97404-665a-11dc-9fd7-000bdb26a4de}\Shell - "" = AutoRun
    O33 - MountPoints2\{5ad97404-665a-11dc-9fd7-000bdb26a4de}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5ad97404-665a-11dc-9fd7-000bdb26a4de}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{5c603560-59ce-11df-841d-000bdb26a4de}\Shell\Auto\command - "" = E:\launcher.exe
    O33 - MountPoints2\{5c603560-59ce-11df-841d-000bdb26a4de}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5c603560-59ce-11df-841d-000bdb26a4de}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe
    O33 - MountPoints2\{91d7e835-d467-11df-84d7-000bdb26a4de}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
    O33 - MountPoints2\{9c7e134c-9e2d-11df-8490-000bdb26a4de}\Shell\Auto\command - "" = E:\launcher.exe
    O33 - MountPoints2\{9c7e134c-9e2d-11df-8490-000bdb26a4de}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9c7e134c-9e2d-11df-8490-000bdb26a4de}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Remove Program
We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):
  • Java™ 6 Update 20
  • J2SE Runtime Environment 5.0 Update 6
  • J2SE Runtime Environment 5.0 Update 11
  • Ad-Aware 2007
  • Free_Lunch_Design Toolbar
  • McAfee Security Scan Plus


NEXT:



MalwareBytes' Anti-Malware Uninstall

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 shim

shim
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 03 June 2011 - 02:21 PM

tdss logs

2011/05/27 08:59:35.0375 2712 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/27 08:59:36.0921 2712 ================================================================================
2011/05/27 08:59:36.0921 2712 SystemInfo:
2011/05/27 08:59:36.0921 2712
2011/05/27 08:59:36.0921 2712 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/27 08:59:36.0921 2712 Product type: Workstation
2011/05/27 08:59:36.0953 2712 ComputerName: DAVEDESKTOP
2011/05/27 08:59:36.0953 2712 UserName: Owner
2011/05/27 08:59:36.0953 2712 Windows directory: C:\WINDOWS
2011/05/27 08:59:36.0953 2712 System windows directory: C:\WINDOWS
2011/05/27 08:59:36.0953 2712 Processor architecture: Intel x86
2011/05/27 08:59:36.0984 2712 Number of processors: 1
2011/05/27 08:59:36.0984 2712 Page size: 0x1000
2011/05/27 08:59:36.0984 2712 Boot type: Normal boot
2011/05/27 08:59:36.0984 2712 ================================================================================
2011/05/27 08:59:39.0984 2712 Initialize success
2011/05/27 08:59:49.0000 2120 Deinitialize success


and...


2011/05/27 09:00:29.0703 2332 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/27 09:00:30.0312 2332 ================================================================================
2011/05/27 09:00:30.0312 2332 SystemInfo:
2011/05/27 09:00:30.0312 2332
2011/05/27 09:00:30.0312 2332 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/27 09:00:30.0312 2332 Product type: Workstation
2011/05/27 09:00:30.0328 2332 ComputerName: DAVEDESKTOP
2011/05/27 09:00:30.0328 2332 UserName: Owner
2011/05/27 09:00:30.0328 2332 Windows directory: C:\WINDOWS
2011/05/27 09:00:30.0328 2332 System windows directory: C:\WINDOWS
2011/05/27 09:00:30.0328 2332 Processor architecture: Intel x86
2011/05/27 09:00:30.0328 2332 Number of processors: 1
2011/05/27 09:00:30.0328 2332 Page size: 0x1000
2011/05/27 09:00:30.0328 2332 Boot type: Normal boot
2011/05/27 09:00:30.0328 2332 ================================================================================
2011/05/27 09:00:32.0593 2332 Initialize success
2011/05/27 09:00:53.0187 2336 ================================================================================
2011/05/27 09:00:53.0187 2336 Scan started
2011/05/27 09:00:53.0187 2336 Mode: Manual;
2011/05/27 09:00:53.0187 2336 ================================================================================
2011/05/27 09:00:58.0312 2336 A5AGU (7cd94733f81127159c974f6a963580f2) C:\WINDOWS\system32\DRIVERS\A5AGU.sys
2011/05/27 09:01:02.0812 2336 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/27 09:01:04.0609 2336 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/27 09:01:06.0859 2336 Ad-Watch Connect Filter (05bdd706a847bbfa9fd5948cd636eb1a) C:\WINDOWS\system32\drivers\NSDriver.sys
2011/05/27 09:01:10.0671 2336 Ad-Watch Real-Time Scanner (ec018602809b28520caa132cd616bb2a) C:\WINDOWS\system32\drivers\AWRTPD.sys
2011/05/27 09:01:14.0015 2336 ADSEXPB (d6283a2039c54e34eb5ba518c9aedca5) C:\WINDOWS\system32\Drivers\adsexpb.SYS
2011/05/27 09:01:15.0390 2336 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/27 09:01:18.0031 2336 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/27 09:01:19.0812 2336 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/27 09:01:24.0625 2336 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
2011/05/27 09:01:28.0234 2336 ASPI32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/05/27 09:01:29.0796 2336 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/27 09:01:30.0359 2336 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/27 09:01:32.0640 2336 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/27 09:01:33.0812 2336 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/27 09:01:34.0937 2336 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/05/27 09:01:36.0593 2336 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/05/27 09:01:37.0562 2336 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2011/05/27 09:01:38.0406 2336 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\WINDOWS\system32\drivers\bdfsfltr.sys
2011/05/27 09:01:41.0750 2336 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/27 09:01:44.0375 2336 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/27 09:01:48.0437 2336 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/27 09:01:50.0828 2336 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/27 09:01:53.0046 2336 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/27 09:01:55.0265 2336 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/05/27 09:01:56.0640 2336 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/27 09:02:04.0406 2336 DefragFS (65c7122d1115a4e1db3e8c11df919a40) C:\WINDOWS\system32\drivers\DefragFS.sys
2011/05/27 09:02:07.0281 2336 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/27 09:02:09.0625 2336 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/27 09:02:13.0203 2336 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/27 09:02:14.0531 2336 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/27 09:02:15.0750 2336 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/27 09:02:19.0328 2336 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/27 09:02:21.0281 2336 Eplpdx02 (f9472131367d39435d750f5fa3d23582) C:\WINDOWS\System32\Drivers\EPLPDX02.SYS
2011/05/27 09:02:22.0750 2336 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/27 09:02:24.0281 2336 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/27 09:02:25.0781 2336 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/27 09:02:27.0531 2336 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/27 09:02:29.0156 2336 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/27 09:02:30.0687 2336 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/27 09:02:32.0750 2336 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/27 09:02:35.0515 2336 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/27 09:02:38.0093 2336 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/27 09:02:40.0906 2336 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/27 09:02:44.0875 2336 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/27 09:02:51.0828 2336 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/27 09:02:53.0828 2336 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/27 09:02:56.0750 2336 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/27 09:03:01.0437 2336 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/27 09:03:04.0421 2336 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/27 09:03:06.0937 2336 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/27 09:03:11.0859 2336 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/27 09:03:14.0265 2336 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/27 09:03:16.0890 2336 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/27 09:03:19.0000 2336 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/27 09:03:21.0890 2336 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/27 09:03:24.0984 2336 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/27 09:03:27.0984 2336 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/27 09:03:29.0953 2336 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/27 09:03:32.0984 2336 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/27 09:03:37.0750 2336 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/27 09:03:39.0921 2336 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/27 09:03:42.0156 2336 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/27 09:03:43.0906 2336 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/27 09:03:45.0953 2336 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/27 09:03:48.0062 2336 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/27 09:03:51.0406 2336 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/27 09:03:54.0234 2336 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/27 09:03:55.0781 2336 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/27 09:03:59.0421 2336 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/27 09:04:01.0437 2336 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/27 09:04:03.0734 2336 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/27 09:04:06.0203 2336 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/27 09:04:09.0109 2336 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/27 09:04:11.0015 2336 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/27 09:04:12.0500 2336 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/27 09:04:14.0265 2336 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/27 09:04:15.0640 2336 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
2011/05/27 09:04:17.0093 2336 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/27 09:04:19.0625 2336 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/27 09:04:21.0765 2336 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/27 09:04:23.0531 2336 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/27 09:04:25.0703 2336 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/27 09:04:30.0375 2336 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/27 09:04:32.0578 2336 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/27 09:04:34.0781 2336 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/27 09:04:38.0828 2336 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/27 09:04:41.0828 2336 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/27 09:04:44.0578 2336 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/27 09:04:46.0531 2336 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/27 09:04:49.0265 2336 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/05/27 09:04:51.0484 2336 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/27 09:04:53.0328 2336 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/27 09:04:55.0109 2336 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/27 09:04:58.0078 2336 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/27 09:05:01.0859 2336 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/27 09:05:04.0578 2336 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/27 09:05:16.0109 2336 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
2011/05/27 09:05:21.0031 2336 pnarp (98da00160e8f1c988488dfb6924e8b11) C:\WINDOWS\system32\DRIVERS\pnarp.sys
2011/05/27 09:05:22.0750 2336 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/27 09:05:24.0140 2336 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/27 09:05:24.0781 2336 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys
2011/05/27 09:05:26.0281 2336 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/27 09:05:27.0484 2336 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/27 09:05:28.0968 2336 purendis (22badb3e8a930440b5cbea11f94022f0) C:\WINDOWS\system32\DRIVERS\purendis.sys
2011/05/27 09:05:30.0375 2336 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/27 09:05:37.0687 2336 RadialpointIDSDriver (9dc4b985729c8ae26b0fd607d2081048) C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
2011/05/27 09:05:39.0234 2336 RadialpointIDSEH (2457250ca176e7fde9c3d3b2c94341f0) C:\WINDOWS\system32\drivers\AVGIDSEH.sys
2011/05/27 09:05:40.0515 2336 RadialpointIDSFilter (0871aad56c4960e311150fd724e106ae) C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
2011/05/27 09:05:41.0921 2336 RadialpointIDSShim (2b949205f1c53b6e4002a3c38327c9a2) C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
2011/05/27 09:05:43.0187 2336 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/27 09:05:45.0359 2336 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/27 09:05:46.0875 2336 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/27 09:05:48.0656 2336 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/27 09:05:49.0765 2336 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/27 09:05:50.0781 2336 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/27 09:05:52.0140 2336 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/27 09:05:53.0484 2336 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/27 09:05:54.0484 2336 RPPKT (b7e136986bb3dac249a00e760281f0a9) C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys
2011/05/27 09:05:55.0671 2336 RPSKT (750d83c39d60964b6bc2b8a75ed7a165) C:\WINDOWS\system32\DRIVERS\rp_skt32.sys
2011/05/27 09:05:56.0671 2336 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2011/05/27 09:05:57.0687 2336 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/27 09:05:59.0234 2336 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/27 09:06:00.0265 2336 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/27 09:06:01.0687 2336 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/27 09:06:03.0187 2336 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/27 09:06:04.0375 2336 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/27 09:06:06.0046 2336 sonyhcb (e78cd3bb53a208dfab8fc826384307e0) C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
2011/05/27 09:06:07.0093 2336 sonyhcs (610f515fcd95d37f3252e1c250ef8c61) C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
2011/05/27 09:06:09.0375 2336 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/27 09:06:10.0703 2336 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/27 09:06:11.0968 2336 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/27 09:06:14.0265 2336 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/05/27 09:06:15.0203 2336 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/27 09:06:16.0312 2336 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/27 09:06:17.0640 2336 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/27 09:06:21.0265 2336 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/05/27 09:06:22.0812 2336 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/05/27 09:06:25.0890 2336 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/27 09:06:27.0281 2336 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/27 09:06:29.0578 2336 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/27 09:06:31.0218 2336 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/27 09:06:32.0765 2336 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/27 09:06:34.0953 2336 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys
2011/05/27 09:06:36.0796 2336 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/27 09:06:39.0718 2336 UPATC (dcf812e04e90d5e07cc09795d1dfe92a) C:\WINDOWS\system32\DRIVERS\upatc.sys
2011/05/27 09:06:41.0531 2336 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/27 09:06:43.0359 2336 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/27 09:06:44.0703 2336 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/27 09:06:46.0296 2336 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/27 09:06:47.0843 2336 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/27 09:06:49.0484 2336 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/27 09:06:51.0156 2336 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/27 09:06:53.0265 2336 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/27 09:06:55.0406 2336 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/27 09:06:57.0500 2336 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/27 09:06:59.0531 2336 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/27 09:07:02.0953 2336 vncmirror (efc092b667cbbe3b0a089db902df7ff6) C:\WINDOWS\system32\DRIVERS\vncmirror.sys
2011/05/27 09:07:04.0593 2336 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/27 09:07:06.0328 2336 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/27 09:07:09.0203 2336 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/27 09:07:11.0093 2336 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/27 09:07:12.0953 2336 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/27 09:07:14.0703 2336 {6080A529-897E-4629-A488-ABA0C29B635E} (afeffe0f8805fcd47b05cf1fbde08092) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/05/27 09:07:16.0562 2336 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (85a36991a5ceaf9e65c4b743210e759b) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/05/27 09:07:16.0687 2336 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/05/27 09:07:16.0796 2336 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/27 09:07:16.0796 2336 ================================================================================
2011/05/27 09:07:16.0796 2336 Scan finished
2011/05/27 09:07:16.0796 2336 ================================================================================
2011/05/27 09:07:16.0859 3728 Detected object count: 1
2011/05/27 09:07:16.0859 3728 Actual detected object count: 1
2011/05/27 09:07:37.0703 3728 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/27 09:07:37.0703 3728 \Device\Harddisk0\DR0 - ok
2011/05/27 09:07:37.0703 3728 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/05/27 09:08:13.0609 2488 Deinitialize success



and....


2011/05/27 09:39:19.0234 0768 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/27 09:39:21.0296 0768 ================================================================================
2011/05/27 09:39:21.0296 0768 SystemInfo:
2011/05/27 09:39:21.0296 0768
2011/05/27 09:39:21.0296 0768 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/27 09:39:21.0296 0768 Product type: Workstation
2011/05/27 09:39:21.0296 0768 ComputerName: DAVEDESKTOP
2011/05/27 09:39:21.0296 0768 UserName: Owner
2011/05/27 09:39:21.0296 0768 Windows directory: C:\WINDOWS
2011/05/27 09:39:21.0296 0768 System windows directory: C:\WINDOWS
2011/05/27 09:39:21.0296 0768 Processor architecture: Intel x86
2011/05/27 09:39:21.0296 0768 Number of processors: 1
2011/05/27 09:39:21.0296 0768 Page size: 0x1000
2011/05/27 09:39:21.0296 0768 Boot type: Normal boot
2011/05/27 09:39:21.0296 0768 ================================================================================
2011/05/27 09:39:28.0140 0768 Initialize success
2011/05/27 09:39:49.0437 1664 ================================================================================
2011/05/27 09:39:49.0437 1664 Scan started
2011/05/27 09:39:49.0437 1664 Mode: Manual;
2011/05/27 09:39:49.0437 1664 ================================================================================
2011/05/27 09:39:51.0625 1664 A5AGU (7cd94733f81127159c974f6a963580f2) C:\WINDOWS\system32\DRIVERS\A5AGU.sys
2011/05/27 09:39:55.0343 1664 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/27 09:39:56.0906 1664 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/27 09:39:58.0546 1664 Ad-Watch Connect Filter (05bdd706a847bbfa9fd5948cd636eb1a) C:\WINDOWS\system32\drivers\NSDriver.sys
2011/05/27 09:40:00.0078 1664 Ad-Watch Real-Time Scanner (ec018602809b28520caa132cd616bb2a) C:\WINDOWS\system32\drivers\AWRTPD.sys
2011/05/27 09:40:02.0640 1664 ADSEXPB (d6283a2039c54e34eb5ba518c9aedca5) C:\WINDOWS\system32\Drivers\adsexpb.SYS
2011/05/27 09:40:03.0781 1664 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/27 09:40:05.0000 1664 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/27 09:40:06.0140 1664 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/27 09:40:13.0750 1664 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
2011/05/27 09:40:19.0390 1664 ASPI32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/05/27 09:40:20.0750 1664 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/27 09:40:22.0218 1664 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/27 09:40:25.0015 1664 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/27 09:40:26.0421 1664 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/27 09:40:27.0890 1664 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/05/27 09:40:29.0546 1664 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/05/27 09:40:31.0187 1664 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2011/05/27 09:40:33.0046 1664 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\WINDOWS\system32\drivers\bdfsfltr.sys
2011/05/27 09:40:34.0000 1664 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/27 09:40:36.0546 1664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/27 09:40:37.0765 1664 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/27 09:40:39.0859 1664 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/27 09:40:41.0421 1664 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/27 09:40:42.0984 1664 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/05/27 09:40:44.0062 1664 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/27 09:40:50.0656 1664 DefragFS (65c7122d1115a4e1db3e8c11df919a40) C:\WINDOWS\system32\drivers\DefragFS.sys
2011/05/27 09:40:52.0578 1664 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/27 09:40:54.0109 1664 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/27 09:40:55.0281 1664 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/27 09:40:56.0500 1664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/27 09:40:57.0859 1664 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/27 09:41:00.0437 1664 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/27 09:41:01.0890 1664 Eplpdx02 (f9472131367d39435d750f5fa3d23582) C:\WINDOWS\System32\Drivers\EPLPDX02.SYS
2011/05/27 09:41:03.0234 1664 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/27 09:41:04.0109 1664 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/27 09:41:05.0281 1664 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/27 09:41:06.0546 1664 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/27 09:41:07.0953 1664 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/27 09:41:09.0718 1664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/27 09:41:11.0375 1664 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/27 09:41:12.0968 1664 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/27 09:41:14.0515 1664 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/27 09:41:16.0093 1664 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/27 09:41:18.0968 1664 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/27 09:41:24.0109 1664 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/27 09:41:25.0812 1664 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/27 09:41:27.0875 1664 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/27 09:41:30.0921 1664 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/27 09:41:32.0640 1664 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/27 09:41:34.0125 1664 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/27 09:41:35.0656 1664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/27 09:41:37.0687 1664 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/27 09:41:39.0515 1664 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/27 09:41:41.0343 1664 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/27 09:41:42.0718 1664 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/27 09:41:44.0234 1664 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/27 09:41:45.0546 1664 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/27 09:41:46.0703 1664 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/27 09:41:48.0109 1664 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/27 09:41:50.0781 1664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/27 09:41:52.0437 1664 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/27 09:41:54.0218 1664 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/27 09:41:55.0890 1664 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/27 09:41:57.0984 1664 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/27 09:41:59.0859 1664 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/27 09:42:01.0859 1664 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/27 09:42:03.0734 1664 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/27 09:42:05.0828 1664 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/27 09:42:07.0343 1664 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/27 09:42:08.0890 1664 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/27 09:42:10.0796 1664 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/27 09:42:12.0890 1664 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/27 09:42:15.0343 1664 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/27 09:42:17.0312 1664 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/27 09:42:18.0984 1664 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/27 09:42:20.0890 1664 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/27 09:42:23.0468 1664 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
2011/05/27 09:42:25.0953 1664 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/27 09:42:28.0671 1664 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/27 09:42:30.0421 1664 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/27 09:42:32.0125 1664 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/27 09:42:34.0859 1664 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/27 09:42:36.0781 1664 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/27 09:42:38.0453 1664 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/27 09:42:39.0796 1664 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/27 09:42:41.0265 1664 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/27 09:42:42.0890 1664 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/27 09:42:44.0406 1664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/27 09:42:46.0125 1664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/27 09:42:47.0484 1664 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/05/27 09:42:49.0500 1664 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/27 09:42:51.0703 1664 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/27 09:42:53.0984 1664 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/27 09:42:56.0656 1664 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/27 09:43:01.0218 1664 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/27 09:43:03.0796 1664 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/27 09:43:13.0328 1664 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
2011/05/27 09:43:17.0500 1664 pnarp (98da00160e8f1c988488dfb6924e8b11) C:\WINDOWS\system32\DRIVERS\pnarp.sys
2011/05/27 09:43:18.0281 1664 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/27 09:43:19.0609 1664 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/27 09:43:20.0484 1664 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys
2011/05/27 09:43:22.0140 1664 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/27 09:43:23.0593 1664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/27 09:43:24.0765 1664 purendis (22badb3e8a930440b5cbea11f94022f0) C:\WINDOWS\system32\DRIVERS\purendis.sys
2011/05/27 09:43:26.0046 1664 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/27 09:43:33.0687 1664 RadialpointIDSDriver (9dc4b985729c8ae26b0fd607d2081048) C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
2011/05/27 09:43:35.0140 1664 RadialpointIDSEH (2457250ca176e7fde9c3d3b2c94341f0) C:\WINDOWS\system32\drivers\AVGIDSEH.sys
2011/05/27 09:43:36.0031 1664 RadialpointIDSFilter (0871aad56c4960e311150fd724e106ae) C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
2011/05/27 09:43:37.0046 1664 RadialpointIDSShim (2b949205f1c53b6e4002a3c38327c9a2) C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
2011/05/27 09:43:38.0500 1664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/27 09:43:40.0156 1664 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/27 09:43:41.0765 1664 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/27 09:43:43.0250 1664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/27 09:43:44.0937 1664 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/27 09:43:46.0203 1664 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/27 09:43:47.0656 1664 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/27 09:43:48.0968 1664 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/27 09:43:50.0187 1664 RPPKT (b7e136986bb3dac249a00e760281f0a9) C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys
2011/05/27 09:43:51.0656 1664 RPSKT (750d83c39d60964b6bc2b8a75ed7a165) C:\WINDOWS\system32\DRIVERS\rp_skt32.sys
2011/05/27 09:43:52.0953 1664 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2011/05/27 09:43:54.0375 1664 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/27 09:43:55.0875 1664 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/27 09:43:57.0265 1664 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/27 09:43:58.0531 1664 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/27 09:44:01.0140 1664 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/27 09:44:02.0875 1664 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/27 09:44:06.0031 1664 sonyhcb (e78cd3bb53a208dfab8fc826384307e0) C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
2011/05/27 09:44:07.0656 1664 sonyhcs (610f515fcd95d37f3252e1c250ef8c61) C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
2011/05/27 09:44:10.0421 1664 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/27 09:44:11.0593 1664 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/27 09:44:12.0968 1664 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/27 09:44:15.0296 1664 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/05/27 09:44:16.0906 1664 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/27 09:44:18.0359 1664 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/27 09:44:19.0781 1664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/27 09:44:24.0031 1664 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/05/27 09:44:25.0421 1664 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/05/27 09:44:29.0734 1664 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/27 09:44:31.0359 1664 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/27 09:44:33.0343 1664 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/27 09:44:35.0203 1664 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/27 09:44:36.0968 1664 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/27 09:44:39.0203 1664 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys
2011/05/27 09:44:41.0015 1664 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/27 09:44:44.0265 1664 UPATC (dcf812e04e90d5e07cc09795d1dfe92a) C:\WINDOWS\system32\DRIVERS\upatc.sys
2011/05/27 09:44:45.0968 1664 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/27 09:44:47.0640 1664 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/27 09:44:48.0968 1664 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/27 09:44:50.0125 1664 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/27 09:44:51.0656 1664 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/27 09:44:53.0468 1664 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/27 09:44:55.0125 1664 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/27 09:44:56.0765 1664 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/27 09:44:58.0234 1664 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/27 09:44:59.0546 1664 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/27 09:45:01.0265 1664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/27 09:45:03.0906 1664 vncmirror (efc092b667cbbe3b0a089db902df7ff6) C:\WINDOWS\system32\DRIVERS\vncmirror.sys
2011/05/27 09:45:05.0343 1664 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/27 09:45:06.0671 1664 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/27 09:45:09.0265 1664 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/27 09:45:10.0781 1664 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/27 09:45:12.0187 1664 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/27 09:45:13.0765 1664 {6080A529-897E-4629-A488-ABA0C29B635E} (afeffe0f8805fcd47b05cf1fbde08092) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/05/27 09:45:15.0250 1664 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (85a36991a5ceaf9e65c4b743210e759b) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/05/27 09:45:15.0328 1664 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/27 09:45:19.0046 1664 ================================================================================
2011/05/27 09:45:19.0046 1664 Scan finished
2011/05/27 09:45:19.0046 1664 ================================================================================
2011/05/27 09:45:19.0078 2712 Detected object count: 0
2011/05/27 09:45:19.0078 2712 Actual detected object count: 0
2011/05/27 09:45:58.0015 3464 Deinitialize success


i will get the other data and post again

#8 shim

shim
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 03 June 2011 - 02:23 PM

sorry, one more- most recent


2011/05/29 21:43:27.0062 1472 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/29 21:43:28.0031 1472 ================================================================================
2011/05/29 21:43:28.0031 1472 SystemInfo:
2011/05/29 21:43:28.0031 1472
2011/05/29 21:43:28.0031 1472 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/29 21:43:28.0031 1472 Product type: Workstation
2011/05/29 21:43:28.0031 1472 ComputerName: DAVEDESKTOP
2011/05/29 21:43:28.0031 1472 UserName: Owner
2011/05/29 21:43:28.0031 1472 Windows directory: C:\WINDOWS
2011/05/29 21:43:28.0031 1472 System windows directory: C:\WINDOWS
2011/05/29 21:43:28.0031 1472 Processor architecture: Intel x86
2011/05/29 21:43:28.0031 1472 Number of processors: 1
2011/05/29 21:43:28.0031 1472 Page size: 0x1000
2011/05/29 21:43:28.0031 1472 Boot type: Normal boot
2011/05/29 21:43:28.0031 1472 ================================================================================
2011/05/29 21:43:31.0343 1472 Initialize success
2011/05/29 21:43:33.0484 0628 ================================================================================
2011/05/29 21:43:33.0484 0628 Scan started
2011/05/29 21:43:33.0484 0628 Mode: Manual;
2011/05/29 21:43:33.0484 0628 ================================================================================
2011/05/29 21:43:35.0765 0628 A5AGU (7cd94733f81127159c974f6a963580f2) C:\WINDOWS\system32\DRIVERS\A5AGU.sys
2011/05/29 21:43:37.0984 0628 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/29 21:43:38.0781 0628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/29 21:43:39.0500 0628 Ad-Watch Connect Filter (05bdd706a847bbfa9fd5948cd636eb1a) C:\WINDOWS\system32\drivers\NSDriver.sys
2011/05/29 21:43:40.0921 0628 Ad-Watch Real-Time Scanner (ec018602809b28520caa132cd616bb2a) C:\WINDOWS\system32\drivers\AWRTPD.sys
2011/05/29 21:43:42.0375 0628 ADSEXPB (d6283a2039c54e34eb5ba518c9aedca5) C:\WINDOWS\system32\Drivers\adsexpb.SYS
2011/05/29 21:43:43.0218 0628 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/29 21:43:44.0000 0628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/29 21:43:44.0828 0628 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/29 21:43:48.0937 0628 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
2011/05/29 21:43:51.0656 0628 ASPI32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/05/29 21:43:52.0437 0628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/29 21:43:53.0390 0628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/29 21:43:55.0921 0628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/29 21:43:57.0500 0628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/29 21:43:58.0625 0628 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/05/29 21:43:59.0593 0628 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/05/29 21:44:01.0656 0628 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2011/05/29 21:44:03.0406 0628 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\WINDOWS\system32\drivers\bdfsfltr.sys
2011/05/29 21:44:04.0578 0628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/29 21:44:06.0437 0628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/29 21:44:07.0656 0628 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/29 21:44:11.0015 0628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/29 21:44:11.0734 0628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/29 21:44:12.0578 0628 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/05/29 21:44:14.0140 0628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/29 21:44:21.0984 0628 DefragFS (65c7122d1115a4e1db3e8c11df919a40) C:\WINDOWS\system32\drivers\DefragFS.sys
2011/05/29 21:44:23.0265 0628 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/29 21:44:24.0531 0628 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/29 21:44:25.0906 0628 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/29 21:44:27.0015 0628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/29 21:44:27.0781 0628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/29 21:44:29.0234 0628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/29 21:44:29.0984 0628 Eplpdx02 (f9472131367d39435d750f5fa3d23582) C:\WINDOWS\System32\Drivers\EPLPDX02.SYS
2011/05/29 21:44:30.0843 0628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/29 21:44:31.0640 0628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/29 21:44:32.0593 0628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/29 21:44:33.0453 0628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/29 21:44:34.0171 0628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/29 21:44:35.0015 0628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/29 21:44:35.0812 0628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/29 21:44:36.0656 0628 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/29 21:44:37.0406 0628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/29 21:44:38.0156 0628 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/29 21:44:39.0671 0628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/29 21:44:41.0859 0628 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/29 21:44:42.0906 0628 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/29 21:44:44.0125 0628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/29 21:44:45.0515 0628 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/29 21:44:46.0250 0628 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/29 21:44:46.0984 0628 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/29 21:44:47.0734 0628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/29 21:44:48.0484 0628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/29 21:44:49.0265 0628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/29 21:44:50.0046 0628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/29 21:44:50.0796 0628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/29 21:44:51.0562 0628 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/29 21:44:52.0265 0628 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/29 21:44:53.0046 0628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/29 21:44:53.0859 0628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/29 21:44:55.0359 0628 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/05/29 21:44:56.0156 0628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/29 21:44:56.0875 0628 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/29 21:44:57.0593 0628 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/29 21:44:58.0312 0628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/29 21:44:59.0015 0628 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/29 21:44:59.0718 0628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/29 21:45:01.0234 0628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/29 21:45:02.0250 0628 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/29 21:45:03.0218 0628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/29 21:45:03.0984 0628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/29 21:45:04.0765 0628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/29 21:45:05.0484 0628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/29 21:45:06.0296 0628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/29 21:45:07.0015 0628 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/29 21:45:07.0734 0628 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/29 21:45:08.0500 0628 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/29 21:45:09.0328 0628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/29 21:45:10.0093 0628 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
2011/05/29 21:45:10.0796 0628 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/29 21:45:11.0531 0628 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/29 21:45:12.0250 0628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/29 21:45:12.0984 0628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/29 21:45:13.0718 0628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/29 21:45:14.0453 0628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/29 21:45:15.0234 0628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/29 21:45:16.0078 0628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/29 21:45:17.0031 0628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/29 21:45:17.0968 0628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/29 21:45:18.0734 0628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/29 21:45:19.0453 0628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/29 21:45:20.0187 0628 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/05/29 21:45:20.0906 0628 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/29 21:45:21.0687 0628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/29 21:45:22.0406 0628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/29 21:45:23.0093 0628 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/29 21:45:24.0531 0628 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/29 21:45:25.0390 0628 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/29 21:45:29.0468 0628 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
2011/05/29 21:45:31.0578 0628 pnarp (98da00160e8f1c988488dfb6924e8b11) C:\WINDOWS\system32\DRIVERS\pnarp.sys
2011/05/29 21:45:32.0328 0628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/29 21:45:33.0046 0628 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/29 21:45:33.0375 0628 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys
2011/05/29 21:45:34.0140 0628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/29 21:45:34.0812 0628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/29 21:45:35.0531 0628 purendis (22badb3e8a930440b5cbea11f94022f0) C:\WINDOWS\system32\DRIVERS\purendis.sys
2011/05/29 21:45:36.0265 0628 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/29 21:45:40.0015 0628 RadialpointIDSDriver (9dc4b985729c8ae26b0fd607d2081048) C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
2011/05/29 21:45:40.0859 0628 RadialpointIDSEH (2457250ca176e7fde9c3d3b2c94341f0) C:\WINDOWS\system32\drivers\AVGIDSEH.sys
2011/05/29 21:45:41.0171 0628 RadialpointIDSFilter (0871aad56c4960e311150fd724e106ae) C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
2011/05/29 21:45:41.0562 0628 RadialpointIDSShim (2b949205f1c53b6e4002a3c38327c9a2) C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
2011/05/29 21:45:42.0296 0628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/29 21:45:43.0015 0628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/29 21:45:43.0734 0628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/29 21:45:44.0578 0628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/29 21:45:45.0453 0628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/29 21:45:46.0218 0628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/29 21:45:47.0093 0628 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/29 21:45:47.0859 0628 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/29 21:45:48.0640 0628 RPPKT (b7e136986bb3dac249a00e760281f0a9) C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys
2011/05/29 21:45:49.0421 0628 RPSKT (750d83c39d60964b6bc2b8a75ed7a165) C:\WINDOWS\system32\DRIVERS\rp_skt32.sys
2011/05/29 21:45:50.0156 0628 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2011/05/29 21:45:50.0953 0628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/29 21:45:51.0703 0628 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/29 21:45:52.0421 0628 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/29 21:45:53.0156 0628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/29 21:45:54.0500 0628 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/29 21:45:55.0484 0628 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/29 21:45:56.0390 0628 sonyhcb (e78cd3bb53a208dfab8fc826384307e0) C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
2011/05/29 21:45:57.0234 0628 sonyhcs (610f515fcd95d37f3252e1c250ef8c61) C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
2011/05/29 21:45:58.0703 0628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/29 21:45:59.0515 0628 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/29 21:46:00.0406 0628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/29 21:46:01.0968 0628 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/05/29 21:46:02.0687 0628 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/29 21:46:03.0437 0628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/29 21:46:04.0140 0628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/29 21:46:06.0828 0628 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/05/29 21:46:07.0703 0628 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/05/29 21:46:09.0796 0628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/29 21:46:10.0703 0628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/29 21:46:11.0562 0628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/29 21:46:12.0312 0628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/29 21:46:13.0046 0628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/29 21:46:14.0078 0628 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys
2011/05/29 21:46:14.0843 0628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/29 21:46:16.0296 0628 UPATC (dcf812e04e90d5e07cc09795d1dfe92a) C:\WINDOWS\system32\DRIVERS\upatc.sys
2011/05/29 21:46:17.0281 0628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/29 21:46:18.0265 0628 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/29 21:46:19.0062 0628 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/29 21:46:19.0812 0628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/29 21:46:20.0578 0628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/29 21:46:21.0296 0628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/29 21:46:22.0046 0628 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/29 21:46:22.0750 0628 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/29 21:46:23.0515 0628 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/29 21:46:24.0234 0628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/29 21:46:25.0062 0628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/29 21:46:26.0406 0628 vncmirror (efc092b667cbbe3b0a089db902df7ff6) C:\WINDOWS\system32\DRIVERS\vncmirror.sys
2011/05/29 21:46:27.0250 0628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/29 21:46:28.0000 0628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/29 21:46:29.0406 0628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/29 21:46:30.0265 0628 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/29 21:46:30.0984 0628 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/29 21:46:31.0796 0628 {6080A529-897E-4629-A488-ABA0C29B635E} (afeffe0f8805fcd47b05cf1fbde08092) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/05/29 21:46:32.0734 0628 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (85a36991a5ceaf9e65c4b743210e759b) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/05/29 21:46:32.0828 0628 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/29 21:46:33.0125 0628 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR10
2011/05/29 21:46:33.0296 0628 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR12
2011/05/29 21:46:33.0328 0628 ================================================================================
2011/05/29 21:46:33.0328 0628 Scan finished
2011/05/29 21:46:33.0328 0628 ================================================================================
2011/05/29 21:46:33.0343 0868 Detected object count: 0
2011/05/29 21:46:33.0343 0868 Actual detected object count: 0
2011/05/29 21:46:42.0578 0436 Deinitialize success

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:06 PM

Posted 03 June 2011 - 02:26 PM

Hi!

One of your TDSSKiller logs indicated that you had a TDL4 infection at one point (5/27/11).

See the snippet of text below:

2011/05/27 09:07:16.0859 3728 Detected object count: 1
2011/05/27 09:07:16.0859 3728 Actual detected object count: 1
2011/05/27 09:07:37.0703 3728 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/27 09:07:37.0703 3728 \Device\Harddisk0\DR0 - ok
2011/05/27 09:07:37.0703 3728 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/05/27 09:08:13.0609 2488 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Please post the other logs when you get a chance to run them.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 shim

shim
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 03 June 2011 - 03:13 PM

ok thank you for the info; i will keep going (for now)- here is the otl report

========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1078081533-1770027372-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1078081533-1770027372-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-1078081533-1770027372-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1078081533-1770027372-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {3451DEDE-631F-421C-8127-FD793AFC6CC8}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3451DEDE-631F-421C-8127-FD793AFC6CC8}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3451DEDE-631F-421C-8127-FD793AFC6CC8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3451DEDE-631F-421C-8127-FD793AFC6CC8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3451DEDE-631F-421C-8127-FD793AFC6CC8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3451DEDE-631F-421C-8127-FD793AFC6CC8}\ not found.
Starting removal of ActiveX control {44990200-3C9D-426D-81DF-AAB636FA4345}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990200-3C9D-426D-81DF-AAB636FA4345}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990200-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990200-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44990200-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990200-3C9D-426D-81DF-AAB636FA4345}\ not found.
Starting removal of ActiveX control {44990301-3C9D-426D-81DF-AAB636FA4345}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990301-3C9D-426D-81DF-AAB636FA4345}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990301-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ad97404-665a-11dc-9fd7-000bdb26a4de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ad97404-665a-11dc-9fd7-000bdb26a4de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ad97404-665a-11dc-9fd7-000bdb26a4de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ad97404-665a-11dc-9fd7-000bdb26a4de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ad97404-665a-11dc-9fd7-000bdb26a4de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ad97404-665a-11dc-9fd7-000bdb26a4de}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c603560-59ce-11df-841d-000bdb26a4de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c603560-59ce-11df-841d-000bdb26a4de}\ not found.
File E:\launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c603560-59ce-11df-841d-000bdb26a4de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c603560-59ce-11df-841d-000bdb26a4de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c603560-59ce-11df-841d-000bdb26a4de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c603560-59ce-11df-841d-000bdb26a4de}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91d7e835-d467-11df-84d7-000bdb26a4de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91d7e835-d467-11df-84d7-000bdb26a4de}\ not found.
File E:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c7e134c-9e2d-11df-8490-000bdb26a4de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c7e134c-9e2d-11df-8490-000bdb26a4de}\ not found.
File E:\launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c7e134c-9e2d-11df-8490-000bdb26a4de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c7e134c-9e2d-11df-8490-000bdb26a4de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c7e134c-9e2d-11df-8490-000bdb26a4de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c7e134c-9e2d-11df-8490-000bdb26a4de}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.23.0 log created on 06032011_160916

#11 shim

shim
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 03 June 2011 - 03:32 PM

i was not able to remove ad aware 2007, and java runtime update 6 and 11- fatal error 1327, invalid drive f:/. i am continuing with the malware bytes uninstall

#12 shim

shim
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 03 June 2011 - 04:24 PM

runtime error 7 -out of memory was the message when i tried to remove 2 infected files found by malware bytes.


I think that I am just going to wipe the drive and start over. thank you for your help

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:06 PM

Posted 03 June 2011 - 06:12 PM

I think that I am just going to wipe the drive and start over. thank you for your help

Okay.

Reformatting a hard disk deletes all data. You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (.exe), screensavers (.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If you're not sure how to reformat or need help with reformatting, please review:
These links include step-by-step instructions with screenshots:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.
Also see How to keep your Windows XP activation after clean install.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows pre-installed. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media.

If you need additional assistance with reformatting or have questions about multiple hard drives, you can start a new topic in the Windows XP Home and Professional forum. If you don't get a reply, please send me a PM and I will get someone to take a look.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:06 PM

Posted 05 June 2011 - 05:28 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users