Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Recovery - TDSS & Google redirecting


  • This topic is locked This topic is locked
11 replies to this topic

#1 FunnEGirl

FunnEGirl

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 04 June 2011 - 07:10 PM

I was getting the "fake" Windows XP Recovery screen (and google is redirecting) so I tried to remove per instructions on this site but couldn't continue b/c tdsskiller would not run even after renaming. So I followed the Prep Guide before using Malware removal tools and Requesting help and here I am. DDS seemed to run but the 2 logs would not generate after hitting OK in the message box. GMER ran and Ark.txt log is attached... Thank you prematurely for your help!!! ...Kim

Attached Files

  • Attached File  ark.txt   13.74KB   1 downloads


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:39 AM

Posted 08 June 2011 - 01:36 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 FunnEGirl

FunnEGirl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 09 June 2011 - 06:55 AM

Hi, thanks for replying at all! I appreciate the help...

RkU and OTL ran fine... Here are my results:

My RkU Report:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9C0A000 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBA616000 btkrnl.sys 1245184 bytes (WIDCOMM, Inc., Bluetooth Protocol Driver for Windows 2000)
0xBF07B000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xB9AE9000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xABB2F000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB99DA000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xABD02000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA768D000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF15D000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xABC35000 C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20101230.002\symidsco.sys 290816 bytes (Symantec Corporation, IDS Core Driver)
0xA7124000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xABCC2000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 262144 bytes (Symantec Corporation, Network Dispatch Driver)
0xBF046000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xA7735000 C:\WINDOWS\System32\drivers\btslbcsp.sys 204800 bytes (WIDCOMM, Inc., Bluetooth Serial Driver for Windows 2000)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA77B7000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7420000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA653B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xABB9F000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xABC7C000 C:\WINDOWS\System32\Drivers\SYMFW.SYS 167936 bytes (Symantec Corporation, Firewall Filter Driver)
0xB9A9D000 C:\WINDOWS\System32\DRIVERS\abvpn2k.sys 163840 bytes (-, Net Firewall)
0xABC0D000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xABB09000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9BAE000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 147456 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xA880D000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9AC5000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9BD2000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9B77000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xABBEB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF024000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xABBCA000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF74A0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xABCA5000 C:\Program Files\Symantec\SYMEVENT.SYS 118784 bytes (Symantec Corporation, Symantec Event Library)
0xBA746000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA7A7F000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF74C0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA87F5000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xA7A98000 C:\WINDOWS\system32\dla\tfsnudf.sys 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7462000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9A86000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF7479000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xA7AB0000 C:\WINDOWS\system32\dla\tfsnifs.sys 86016 bytes (Sonic Solutions, Drive Letter Access Component)
0xA7952000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF744D000 WudfPf.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xB9B9A000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9BF6000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xABD5B000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF748E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9A75000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAA36A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA12F000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7667000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xAE761000 C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS 65536 bytes (Symantec Corporation, SAVRTPEL)
0xBA13F000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB9F4F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA11F000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAE771000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA7E0000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7677000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBF016000 C:\WINDOWS\System32\ialmrnt5.DLL 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7637000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA91B4000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xBA14F000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB9F1F000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB9F2F000 C:\WINDOWS\System32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB9F3F000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7687000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xAE751000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB9F5F000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB9F0F000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7657000 sbp2port.sys 45056 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0xAEA3A000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7577000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xAE7A1000 C:\WINDOWS\System32\Drivers\SYMNDIS.SYS 40960 bytes (Symantec Corporation, NDIS Filter Driver)
0xB9EDF000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAA32A000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA15F000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB9EFF000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xAE791000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB9EEF000 C:\WINDOWS\System32\Drivers\Pcouffin.sys 36864 bytes (VSO Software, Patin-Couffin low level access layer for CD devices)
0xF7647000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xAEBDA000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xAE741000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7737000 C:\WINDOWS\system32\drivers\aw_host5.sys 32768 bytes (Symantec Corporation, pcAnywhere Host Driver for Windows 2000)
0xB9E8F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xAEDE8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xAEDD8000 C:\WINDOWS\System32\Drivers\SYMIDS.SYS 32768 bytes (Symantec Corporation, IDS Filter Driver)
0xF7797000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB9EBF000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB9D80000 C:\WINDOWS\System32\DRIVERS\btport.sys 28672 bytes (WIDCOMM, Inc., Bluetooth BTPORT Driver for Windows 2000)
0xB9EB7000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xA7B05000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xAA45E000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xAAE61000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB9E97000 C:\WINDOWS\System32\DRIVERS\btaudio.sys 24576 bytes (WIDCOMM, Inc., Bluetooth Audio)
0xAEDC8000 C:\WINDOWS\System32\drivers\btserial.sys 24576 bytes
0xB9E9F000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xAA44E000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xB9EAF000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB9EA7000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xAEDD0000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xAAE51000 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 24576 bytes ( SUPERAdBlocker.com and SUPERAntiSpyware.com, SASENUM.SYS)
0xAEE00000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xAEDE0000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 24576 bytes (Symantec Corporation, Redirector Filter Driver)
0xB9EC7000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xAEDF8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB9D88000 C:\WINDOWS\System32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xAEDF0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB9D78000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB9E7F000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB9D90000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB9E87000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77CF000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF789B000 Gernuwa.sys 16384 bytes (Symantec Corporation, pcAnywhere AWUNREG Driver)
0xA9BE1000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xBA595000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAAEDB000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA5AD000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA8A72000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xAAECF000 C:\WINDOWS\System32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF793B000 C:\WINDOWS\System32\Drivers\awlegacy.sys 12288 bytes (Symantec Corporation, pcAnywhere Legacy Driver)
0xBF012000 C:\WINDOWS\System32\awvid5.dll 12288 bytes (Symantec Corporation, pcAnywhere Display Driver for Windows 2000)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA8AE0000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF790B000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA5A5000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xAEECF000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xAEEC7000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF79CD000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF79B3000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79C7000 C:\Program Files\321Studios\Shared\CDRPDACC.SYS 8192 bytes (Arrowkey, CD Device Access)
0xAAD54000 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 8192 bytes (Gteko Ltd., Process Trigger Driver)
0xAEE9F000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xAAD56000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79B1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79B5000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79FB000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79B7000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79CF000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF79CB000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF79D1000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79B9000 C:\WINDOWS\System32\Drivers\SYMDNS.SYS 8192 bytes (Symantec Corporation, DNS Filter Driver)
0xAEE9D000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF79E1000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7AA9000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBF015000 C:\WINDOWS\System32\AWDDI5.DLL 4096 bytes (Symantec Corporation, pcAnywhere Display Driver Information DLL)
0xAEEEE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xACE6A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xA8948000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xA8949000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================
0x8AD8FA91 Unknown page with executable code, 1391 bytes
0x8AD8E288 Unknown page with executable code, 3448 bytes
0x8AD90191 Unknown page with executable code, 3695 bytes
0xF7617000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes
0x8AD92E7A Unknown thread object [ ETHREAD 0x8AD51020 ] TID: 120, 600 bytes
0x8AD95008 Unknown thread object [ ETHREAD 0x8AD51DA8 ] TID: 124, 600 bytes
0x8AD94CDC Unknown page with executable code, 804 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)


OTL.txt:

OTL logfile created on: 6/9/2011 7:48:12 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Kimmie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 57.82% Memory free
3.10 Gb Paging File | 2.23 Gb Available in Paging File | 71.87% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 1.62 Gb Free Space | 4.35% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 11.44 Gb Free Space | 11.72% Space Free | Partition Type: NTFS
Drive G: | 135.23 Gb Total Space | 112.13 Gb Free Space | 82.92% Space Free | Partition Type: NTFS
Drive I: | 1.86 Gb Total Space | 1.26 Gb Free Space | 67.64% Space Free | Partition Type: FAT

Computer Name: KIM | User Name: Kimmie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/09 07:47:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kimmie\Desktop\OTL.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | -H-- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/07 17:50:07 | 000,910,296 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/29 08:29:04 | 002,012,912 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | -H-- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/03 16:44:46 | 000,444,224 | -H-- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2008/07/30 13:34:12 | 000,566,592 | -H-- | M] (Apple Inc.) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | -H-- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/04/26 19:13:48 | 001,003,590 | -H-- | M] (Zinio Systems, Inc.) -- C:\Program Files\Zinio\ZinioDeliveryManager.exe
PRC - [2006/01/17 14:03:06 | 000,135,168 | -H-- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2005/07/15 14:48:34 | 000,479,232 | -H-- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
PRC - [2005/01/21 22:32:12 | 000,206,552 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004/12/22 17:45:42 | 000,235,120 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2004/12/22 17:45:22 | 000,255,600 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2004/12/22 17:45:16 | 000,071,280 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2004/12/22 13:20:44 | 000,218,736 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
PRC - [2004/03/26 08:46:17 | 000,151,597 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/08/19 14:27:52 | 001,376,360 | -H-- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/08/13 12:27:40 | 000,028,672 | -H-- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/01/10 19:13:04 | 000,065,536 | -H-- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2001/09/10 20:08:50 | 000,032,256 | -H-- | M] (C-Dilla Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE


========== Modules (SafeList) ==========

MOD - [2011/06/09 07:47:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kimmie\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/09/26 10:20:28 | 000,197,760 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Antispam\ASOEHOOK.DLL
MOD - [2003/11/21 18:05:02 | 000,344,064 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcr70.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2010/03/18 12:19:26 | 000,113,152 | -H-- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/03 16:44:46 | 000,444,224 | -H-- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2009/05/20 14:18:28 | 000,297,472 | -H-- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2007/08/09 03:27:52 | 000,073,728 | -H-- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 16:47:46 | 000,076,848 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/01/25 21:48:50 | 000,194,272 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan)
SRV - [2005/01/21 22:32:12 | 000,206,552 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/12/22 17:45:42 | 000,235,120 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/12/22 17:45:30 | 000,087,664 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/12/22 17:45:22 | 000,255,600 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/12/22 13:20:44 | 000,218,736 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2004/04/23 11:04:18 | 000,158,848 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2003/08/19 14:27:52 | 001,376,360 | -H-- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/06/24 20:23:10 | 000,066,784 | -H-- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
SRV - [2003/03/03 15:33:40 | 000,143,360 | -H-- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/01/10 19:13:04 | 000,065,536 | -H-- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2002/09/25 08:00:00 | 000,073,728 | -H-- | M] (AT&T) [Auto | Stopped] -- C:\Program Files\MS Remote Access\NetCfgSv.EXE -- (NetCfgSvr)
SRV - [2001/11/02 10:50:00 | 000,110,651 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
SRV - [2001/09/10 20:08:50 | 000,032,256 | -H-- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv)


========== Driver Services (SafeList) ==========

DRV - [2010/09/15 14:07:08 | 000,270,712 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20101230.002\SymIDSco.sys -- (SYMIDSCO)
DRV - [2010/02/17 11:25:50 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | RH-- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2007/08/15 08:27:18 | 000,009,600 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\n558.sys -- (n558)
DRV - [2007/05/04 18:04:04 | 000,042,112 | -H-- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motodrv.sys -- (MotDev)
DRV - [2007/05/04 17:54:08 | 000,022,528 | -H-- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | -H-- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/05 11:21:06 | 000,362,944 | -H-- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WG11TND5.sys -- (AR5523)
DRV - [2005/05/13 19:50:10 | 000,123,488 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/01/25 21:48:52 | 000,305,288 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/01/25 21:48:52 | 000,037,000 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrtpel.sys -- (SAVRTPEL)
DRV - [2005/01/21 22:31:50 | 000,267,384 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/01/21 22:31:48 | 000,026,424 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/01/21 22:31:46 | 000,035,000 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/01/21 22:31:44 | 000,172,216 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/01/21 22:31:44 | 000,046,808 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/01/21 22:31:40 | 000,011,544 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/08/04 01:29:49 | 000,019,455 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/06/19 04:00:00 | 000,600,264 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040619.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2004/06/19 04:00:00 | 000,068,168 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040619.019\NAVENG.SYS -- (NAVENG)
DRV - [2004/04/12 16:26:02 | 000,016,509 | -H-- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/09/15 16:27:04 | 000,022,183 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btserial.sys -- (BTSERIAL)
DRV - [2003/09/15 16:26:40 | 000,222,876 | -H-- | M] (WIDCOMM, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btslbcsp.sys -- (BTSLBCSP)
DRV - [2003/09/15 16:23:40 | 001,257,418 | -H-- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2003/09/15 16:22:06 | 000,146,812 | -H-- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - [2003/09/15 16:17:02 | 000,030,235 | -H-- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btport.sys -- (BTDriver)
DRV - [2003/09/15 16:15:28 | 000,021,861 | -H-- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btaudio.sys -- (BtAudio)
DRV - [2003/09/15 16:14:36 | 000,051,848 | -H-- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwusb.sys -- (BTWUSB)
DRV - [2003/01/10 19:13:04 | 000,033,588 | -H-- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2003/01/10 11:56:34 | 000,030,921 | -H-- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/11/08 15:45:06 | 000,017,217 | -H-- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/09/11 10:33:22 | 000,170,484 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\abvpn2k.sys -- (ABVPN2K)
DRV - [2002/07/25 13:33:58 | 000,004,633 | -H-- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - [2001/10/22 10:50:00 | 000,031,192 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AW_HOST5.sys -- (AW_HOST)
DRV - [2001/10/09 10:50:00 | 000,014,944 | -H-- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2001/09/10 20:09:46 | 000,057,392 | -H-- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANT.SYS -- (C-Dilla)
DRV - [2001/08/17 14:11:06 | 000,066,591 | -H-- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/09/11 10:50:00 | 000,010,816 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/lobby/search.asp
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/lobby/search.asp
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = www.google.com
IE - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = www.google.com
IE - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Internet Explorer\Search, = http://www.google.com/
IE - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com/
IE - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = www.google.com
IE - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 09:10:18 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/08 15:22:43 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/12/21 09:10:18 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/12/21 09:10:18 | 000,000,000 | -H-D | M]

[2010/08/30 16:30:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Kimmie\Application Data\Mozilla\Extensions
[2011/06/09 07:44:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Kimmie\Application Data\Mozilla\Firefox\Profiles\nece6ad4.default\extensions
[2010/10/19 07:38:03 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kimmie\Application Data\Mozilla\Firefox\Profiles\nece6ad4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/30 16:28:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/01 18:13:45 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 18:16:28 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 18:16:29 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2007/10/15 20:29:39 | 000,000,686 | -H-- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Web assistant) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\URLLSTCK.EXE (Symantec Corporation)
O4 - HKU\S-1-5-21-561045629-1165081875-2817813103-1007..\Run: [ASduaswhIfbMHgW] C:\Documents and Settings\All Users\Application Data\ASduaswhIfbMHgW.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-561045629-1165081875-2817813103-1007..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-561045629-1165081875-2817813103-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-561045629-1165081875-2817813103-1007..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe (Zinio Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Kimmie\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\Kimmie\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-561045629-1165081875-2817813103-1007\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.39/uploader2.cab (UploadListView Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe (Reg Error: Key error.)
O16 - DPF: {59878370-5892-4ACB-AF20-2F9AADA79BB4} http://restoration.scancafe.com/ScancafeUploader.cab (Scancafe Uploader Control)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab (Install Class)
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} http://evite.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab (Ofoto Upload Manager Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} http://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab (Closet Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab (FujifilmUploader Class)
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} http://www.rockefellercenter.com/viewer/wg_webeye.cab (WebEyeControl)
O16 - DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} https://mydesk-pi02.morganstanley.com/prx/000/http/rc.ms.com:8180/md/1.2/common/htdocs/SPX/2.3.0.10/TerminalSvcsTCS.cab (TerminalSvcsTCSX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sosevents.webex.com/client/T27LB/event/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\System32\awgina.dll) - C:\WINDOWS\SYSTEM32\awgina.dll (Symantec Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/05/09 21:36:18 | 000,000,034 | ---- | M] () - I:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{5770be14-6625-11dd-ab30-0011955057b8}\Shell\AutoRun\command - "" = H:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{5770be14-6625-11dd-ab30-0011955057b8}\Shell\Flip Video for PC\command - "" = H:\system\viewer\FlipVideoforPC.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/09 07:47:40 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kimmie\Desktop\OTL.exe
[2011/06/06 07:33:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kimmie\Recent
[2011/06/04 12:54:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kimmie\Desktop\gmer
[2011/06/04 12:41:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kimmie\Start Menu\Programs\Administrative Tools
[2011/06/04 12:40:55 | 000,607,222 | RH-- | C] (Swearware) -- C:\Documents and Settings\Kimmie\Desktop\dds.scr
[2011/06/03 08:18:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/06/02 09:30:34 | 001,431,344 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kimmie\Desktop\TDSSKiller.exe
[2011/06/02 09:27:31 | 001,431,344 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kimmie\Desktop\123tdk.com
[2011/06/02 08:07:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kimmie\Start Menu\Programs\Windows XP Recovery
[2011/06/02 08:07:40 | 000,369,152 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\18079524.exe
[2011/06/02 07:58:37 | 000,473,088 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\ASduaswhIfbMHgW.exe
[2011/05/23 08:50:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8updates
[2011/05/23 08:30:41 | 000,954,368 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/05/23 08:30:41 | 000,953,856 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/05/23 08:30:24 | 000,617,472 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/05/23 08:30:02 | 000,744,448 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/05/23 08:29:54 | 000,040,960 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/05/23 08:28:57 | 000,743,424 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/05/23 08:26:49 | 003,558,912 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/05/23 08:25:37 | 000,045,568 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/05/21 18:52:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Prefetch
[2011/05/21 10:06:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\scripting
[2011/05/21 10:06:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\l2schemas
[2011/05/21 10:06:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\en
[2011/05/20 19:16:56 | 000,404,640 | -H-- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[6 C:\Documents and Settings\Kimmie\My Documents\*.tmp files -> C:\Documents and Settings\Kimmie\My Documents\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/09 07:47:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kimmie\Desktop\OTL.exe
[2011/06/09 07:44:00 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/09 07:44:00 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/09 07:43:15 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Kimmie\Desktop\RKUnhookerLE.EXE
[2011/06/09 07:35:36 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\Kimmie\Desktop\iExplore.exe
[2011/06/07 06:33:21 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/06/06 22:24:00 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/06 07:14:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/06/06 07:14:46 | 2682,310,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/04 12:52:58 | 000,293,977 | -H-- | M] () -- C:\Documents and Settings\Kimmie\Desktop\gmer.zip
[2011/06/04 12:52:09 | 000,001,170 | -H-- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/06/04 12:40:31 | 000,607,222 | RH-- | M] (Swearware) -- C:\Documents and Settings\Kimmie\Desktop\dds.scr
[2011/06/04 12:39:09 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Kimmie\defogger_reenable
[2011/06/04 12:38:38 | 000,050,477 | -H-- | M] () -- C:\Documents and Settings\Kimmie\Desktop\Defogger.exe
[2011/06/04 12:31:16 | 000,000,550 | -H-- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2011/06/03 08:19:03 | 001,431,344 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kimmie\Desktop\123tdk.com
[2011/06/02 09:29:59 | 001,301,452 | -H-- | M] () -- C:\Documents and Settings\Kimmie\Desktop\tdsskiller.zip
[2011/06/02 08:27:29 | 000,404,640 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/02 08:08:18 | 000,000,799 | -H-- | M] () -- C:\Documents and Settings\Kimmie\Desktop\Windows XP Recovery.lnk
[2011/06/02 08:08:13 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~18079524r
[2011/06/02 08:08:13 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~18079524
[2011/06/02 08:07:43 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\18079524
[2011/06/02 08:07:40 | 000,369,152 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\18079524.exe
[2011/06/02 07:58:36 | 000,473,088 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\ASduaswhIfbMHgW.exe
[2011/05/30 13:38:49 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/25 07:10:16 | 001,431,344 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kimmie\Desktop\TDSSKiller.exe
[2011/05/24 08:00:29 | 000,000,000 | -H-- | M] () -- C:\1b3801af.exe
[2011/05/24 07:57:42 | 000,249,496 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/23 09:22:05 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/23 09:16:59 | 000,441,124 | -H-- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/05/23 09:16:59 | 000,071,060 | -H-- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/05/21 10:01:21 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2011/05/13 08:12:32 | 000,072,192 | -H-- | M] () -- C:\Documents and Settings\Kimmie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\Documents and Settings\Kimmie\My Documents\*.tmp files -> C:\Documents and Settings\Kimmie\My Documents\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/09 07:43:18 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Kimmie\Desktop\RKUnhookerLE.EXE
[2011/06/09 07:35:43 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Kimmie\Desktop\iExplore.exe
[2011/06/04 12:53:28 | 000,293,977 | -H-- | C] () -- C:\Documents and Settings\Kimmie\Desktop\gmer.zip
[2011/06/04 12:39:09 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Kimmie\defogger_reenable
[2011/06/04 12:38:46 | 000,050,477 | -H-- | C] () -- C:\Documents and Settings\Kimmie\Desktop\Defogger.exe
[2011/06/02 09:29:56 | 001,301,452 | -H-- | C] () -- C:\Documents and Settings\Kimmie\Desktop\tdsskiller.zip
[2011/06/02 08:08:18 | 000,000,799 | -H-- | C] () -- C:\Documents and Settings\Kimmie\Desktop\Windows XP Recovery.lnk
[2011/06/02 08:08:13 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18079524r
[2011/06/02 08:07:57 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18079524
[2011/06/02 08:07:43 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18079524
[2010/03/29 18:18:36 | 000,011,868 | -HS- | C] () -- C:\Documents and Settings\Kimmie\Local Settings\Application Data\5lRk1
[2010/03/29 18:18:36 | 000,011,868 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5lRk1
[2009/06/09 19:56:24 | 000,054,548 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/02/24 09:06:21 | 000,006,919 | -H-- | C] () -- C:\Documents and Settings\Kimmie\Application Data\PrimoPDFSet.xml
[2009/02/21 10:58:11 | 000,176,235 | -H-- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/06/25 08:25:48 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/06/25 08:03:45 | 000,117,404 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/04/28 13:13:33 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\primopdf.ini
[2007/10/19 21:59:45 | 000,000,038 | -H-- | C] () -- C:\WINDOWS\webica.ini
[2007/10/19 08:46:05 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\catchme.exe
[2007/10/19 08:46:05 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\VFind.exe
[2007/08/15 08:27:18 | 000,009,600 | -H-- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/05/13 23:48:05 | 000,000,015 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/05/13 23:18:00 | 000,000,067 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2007/05/13 23:18:00 | 000,000,019 | -H-- | C] () -- C:\WINDOWS\popcinfot.dat
[2007/04/19 22:42:44 | 000,011,634 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/02/01 20:47:51 | 000,030,208 | -H-- | C] () -- C:\WINDOWS\System32\Clearer.exe
[2006/02/01 20:47:51 | 000,030,208 | -H-- | C] () -- C:\WINDOWS\Clearer.exe
[2006/01/21 18:44:15 | 000,000,028 | -H-- | C] () -- C:\WINDOWS\atid.ini
[2006/01/19 08:57:11 | 000,029,696 | -H-- | C] () -- C:\WINDOWS\System32\cl2.exe
[2006/01/19 08:57:11 | 000,029,696 | -H-- | C] () -- C:\WINDOWS\cl2.exe
[2006/01/07 14:09:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/10/04 23:27:48 | 000,000,049 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/10/02 08:54:07 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/10 00:17:59 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/07/27 21:15:20 | 000,149,392 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2005/02/26 14:53:14 | 000,293,716 | -H-- | C] () -- C:\WINDOWS\Golden Palace Casino PT setup.exe
[2005/02/24 20:43:39 | 000,029,521 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2005/02/24 20:43:39 | 000,020,910 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2005/02/24 20:43:39 | 000,020,869 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2005/02/24 20:43:39 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/02/24 20:41:06 | 000,096,768 | -H-- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/02/24 20:41:06 | 000,003,136 | -H-- | C] () -- C:\WINDOWS\Ade001.bin
[2005/02/24 20:41:06 | 000,000,072 | -H-- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/02/24 20:38:04 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\EPCX4600.ini
[2005/02/19 21:02:29 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/02/19 21:02:25 | 000,000,361 | -H-- | C] () -- C:\WINDOWS\videomvp.ini
[2005/02/19 21:01:39 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005/01/01 05:16:54 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\CD_Start.INI
[2004/11/09 01:22:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/10/02 10:06:13 | 000,170,484 | -H-- | C] () -- C:\WINDOWS\System32\drivers\abvpn2k.sys
[2004/10/02 10:06:12 | 000,010,009 | -H-- | C] () -- C:\WINDOWS\agnslang.ini
[2004/09/09 07:36:59 | 000,037,027 | -H-- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/07/12 21:11:51 | 000,095,440 | -H-- | C] () -- C:\WINDOWS\NSUninst.exe
[2004/07/12 21:10:38 | 000,095,440 | -H-- | C] () -- C:\WINDOWS\GREUninstall.exe
[2004/07/12 21:10:35 | 000,009,357 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2004/06/23 22:14:20 | 000,003,584 | -H-- | C] () -- C:\WINDOWS\istinstall_si.exe
[2004/06/14 21:21:03 | 000,238,435 | -H-- | C] () -- C:\WINDOWS\mxtarget.ini
[2004/06/14 21:21:02 | 000,000,059 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/13 10:26:35 | 000,000,129 | -H-- | C] () -- C:\Documents and Settings\Kimmie\Local Settings\Application Data\fusioncache.dat
[2004/05/27 00:32:35 | 000,115,623 | -H-- | C] () -- C:\WINDOWS\System32\datastore.dll
[2004/05/25 21:59:53 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\sysupd1003.exe
[2004/05/15 18:03:57 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/20 10:36:02 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\System32\master.dll
[2004/04/09 03:27:23 | 000,072,192 | -H-- | C] () -- C:\Documents and Settings\Kimmie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/08 18:56:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ump.INI
[2004/04/08 18:55:39 | 000,014,905 | -H-- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/04/02 21:18:28 | 000,001,125 | -H-- | C] () -- C:\WINDOWS\winamp.ini
[2004/04/02 21:01:30 | 000,000,010 | -H-- | C] () -- C:\WINDOWS\smdat32m.sys
[2004/04/02 21:01:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\smdat32a.sys
[2004/03/26 08:57:55 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/26 08:51:25 | 000,149,504 | -H-- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/03/26 08:47:28 | 000,000,258 | -H-- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/03/26 08:44:39 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2004/03/26 08:40:14 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/26 08:26:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/03/26 08:25:02 | 000,363,520 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/26 08:24:56 | 000,441,124 | -H-- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/03/26 08:24:56 | 000,071,060 | -H-- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/03/26 08:11:52 | 000,000,550 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/26 10:28:43 | 000,003,149 | -H-- | C] () -- C:\Program Files\Common Files\remove_tools.html
[2003/11/20 15:39:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2003/09/15 16:41:56 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2003/09/15 16:41:14 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2003/09/15 16:36:40 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/09/15 16:27:04 | 000,022,183 | -H-- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys
[2003/03/10 10:53:56 | 000,000,242 | -H-- | C] () -- C:\WINDOWS\System32\sub.dll
[2002/09/03 11:05:08 | 000,249,496 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 10:59:14 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 10:56:30 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 10:31:46 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 10:31:44 | 000,004,594 | -H-- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 07:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 07:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 07:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 07:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 07:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 07:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/11/14 13:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/07 04:00:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1980/01/01 02:00:00 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Kimmie\Desktop\123tdk.com:SummaryInformation

< End of report >

Extras.txt:

OTL Extras logfile created on: 6/9/2011 7:48:12 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Kimmie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 57.82% Memory free
3.10 Gb Paging File | 2.23 Gb Available in Paging File | 71.87% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 1.62 Gb Free Space | 4.35% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 11.44 Gb Free Space | 11.72% Space Free | Partition Type: NTFS
Drive G: | 135.23 Gb Total Space | 112.13 Gb Free Space | 82.92% Space Free | Partition Type: NTFS
Drive I: | 1.86 Gb Total Space | 1.26 Gb Free Space | 67.64% Space Free | Partition Type: FAT

Computer Name: KIM | User Name: Kimmie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1

[HKEY_USERS\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon -- (Rosetta Stone Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{120E090D-9136-4b78-8258-F0B44B4BD2AC}" = MaxSpeed
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 20
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{326057C5-6185-4C85-A630-9C2FC2DB3F93}" = Rosetta Stone Ltd Services
"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3B29A786-5803-4e9e-9B58-3014A5B4E519}" = Norton AntiSpam
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{61B1A9C8-B2AD-4F54-B916-388FFD07BDE7}" = 4300
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7169B8E4-2632-46B1-AA5F-167CB5FE5029}" = Symantec Network Drivers Update
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8F9FBEB8-D216-4d6c-8D21-513157E09C0D}" = IE Host
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}" = Norton Internet Security
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A398F2DC-D706-4bb2-AC38-5532CD229D08}" = CC_ccProxyMSI
"{A744C7C3-76F5-42F5-9E15-497A3DFBC709}" = 4300Trb
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE704636-ECD0-426C-952E-05B8DABD1949}" = EPSON PhotoStarter3.2
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C2EBC2F1-B766-4AE3-A10C-6EBBC1EE3B02}" = mMode Sync
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}" = Norton Internet Security
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D6414CC7-F215-467F-88B1-546ED863F35B}" = CC_ccStart
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DD0D4E07-064F-4979-9062-4D7B586A3365}" = Motorola Software Update
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}" = Norton Internet Security
"{E4AC0E96-74A0-4563-BDBF-DAAA9667318A}" = NASPP Online Education
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E769999E-D0D9-4D51-AEFE-1BD44289E550}" = 4300_Help
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1E906E7-1120-428D-A124-4938C306427E}" = Palm Desktop
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F45C8DD6-EFDF-4F1E-8E5C-AB80653BCB75}" = Lexar Media Reader Products
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F57D8342-E2E4-46F4-915A-F50817CBCB45}" = ArcSoft Software Suite
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE90E9E7-A158-4687-8853-DF677A939A61}" = WIDCOMM Bluetooth Software
"01-mp3search" = 01-mp3search 4.0
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
"Bejeweled Deluxe 1.862" = Bejeweled Deluxe 1.862
"BitTorrent" = BitTorrent 4.0.1
"Cake Mania_is1" = Cake Mania
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD X Rescue" = DVD X Rescue
"DVDXCopyPlatinum" = DVDXCopy Platinum 3.2.1
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Golden Palace Casino PT" = Golden Palace Casino
"Handmark Solitaire for Palm OS" = Handmark Solitaire for Palm OS
"HijackThis" = HijackThis 1.99.1
"Hijackthis_is1" = Hijackthis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"LMS" = C-Dilla Licence Management System
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MS Remote Access {C:,PROGRA~1,MSREMO~1,}" = MS Remote Access
"MyPublisher" = MyPublisher
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Netscape (7.1)" = Netscape (7.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Photodex Presenter" = Photodex Presenter
"Picasa 3" = Picasa 3
"PrimoPDF4.1.0.9" = PrimoPDF
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealOne Player
"Registrar Lite 2.00" = Registrar Lite 2.00
"Shockwave" = Shockwave
"Silent Package Run-Time Sample" = EPSON CX4600 Reference Guide
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security (Symantec Corporation)
"Tweak UI 2.10" = Tweak UI
"Universal Media Player" = Universal Media Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinTools_AD" = Web Search Tools Contextual Ads
"WinTools_ES" = Web Search Tools Error Search
"WinTools_IES" = Web Search Tools Search Button
"WinTools_KW" = Web Search Tools Search Assistant
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
"Zinio Reader" = Zinio Reader

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-561045629-1165081875-2817813103-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/21/2011 8:03:35 AM | Computer Name = KIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 50715641

Error - 4/21/2011 8:03:37 AM | Computer Name = KIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/21/2011 8:03:37 AM | Computer Name = KIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 50717610

Error - 4/21/2011 8:03:37 AM | Computer Name = KIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 50717610

Error - 4/21/2011 8:03:39 AM | Computer Name = KIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/21/2011 8:03:39 AM | Computer Name = KIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 50719578

Error - 4/21/2011 8:03:39 AM | Computer Name = KIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 50719578

Error - 4/21/2011 3:31:39 PM | Computer Name = KIM | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3909, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x0000100b.

Error - 6/2/2011 8:15:57 AM | Computer Name = KIM | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6612.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/2/2011 8:44:31 AM | Computer Name = KIM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ole32.dll, version 5.1.2600.6010, fault address 0x00052c0d.

[ System Events ]
Error - 6/7/2011 3:36:36 AM | Computer Name = KIM | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/7/2011 3:36:36 AM | Computer Name = KIM | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/7/2011 3:36:37 AM | Computer Name = KIM | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/7/2011 3:36:37 AM | Computer Name = KIM | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/9/2011 7:31:00 AM | Computer Name = KIM | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/9/2011 7:31:00 AM | Computer Name = KIM | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/9/2011 7:31:03 AM | Computer Name = KIM | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 6/9/2011 7:31:05 AM | Computer Name = KIM | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/9/2011 7:31:05 AM | Computer Name = KIM | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/9/2011 7:36:56 AM | Computer Name = KIM | Source = Service Control Manager | ID = 7034
Description = The Network Configuration Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:39 AM

Posted 09 June 2011 - 09:39 AM

Hi!

It looks like we maybe dealing with a Rootkit infection here.

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{5770be14-6625-11dd-ab30-0011955057b8}\Shell\AutoRun\command - "" = H:\system\viewer\FlipVideoforPC.exe
    O33 - MountPoints2\{5770be14-6625-11dd-ab30-0011955057b8}\Shell\Flip Video for PC\command - "" = H:\system\viewer\FlipVideoforPC.exe
    [2011/06/02 08:07:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kimmie\Start Menu\Programs\Windows XP Recovery
    [2011/06/02 08:07:40 | 000,369,152 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\18079524.exe
    [2011/06/02 07:58:37 | 000,473,088 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\ASduaswhIfbMHgW.exe
    [2011/06/04 12:52:58 | 000,293,977 | -H-- | M] () -- C:\Documents and Settings\Kimmie\Desktop\gmer.zip
    [2011/06/03 08:19:03 | 001,431,344 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kimmie\Desktop\123tdk.com
    [2011/06/02 09:29:59 | 001,301,452 | -H-- | M] () -- C:\Documents and Settings\Kimmie\Desktop\tdsskiller.zip
    [2011/06/02 08:08:18 | 000,000,799 | -H-- | M] () -- C:\Documents and Settings\Kimmie\Desktop\Windows XP Recovery.lnk
    [2011/06/02 08:08:13 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~18079524r
    [2011/06/02 08:08:13 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~18079524
    [2011/06/02 08:07:43 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\18079524
    [2011/06/02 08:07:40 | 000,369,152 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\18079524.exe
    [2011/06/02 07:58:36 | 000,473,088 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\ASduaswhIfbMHgW.exe
    [2011/05/25 07:10:16 | 001,431,344 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kimmie\Desktop\TDSSKiller.exe
    [2011/05/24 08:00:29 | 000,000,000 | -H-- | M] () -- C:\1b3801af.exe
    [2011/06/04 12:53:28 | 000,293,977 | -H-- | C] () -- C:\Documents and Settings\Kimmie\Desktop\gmer.zip
    [2011/06/02 09:29:56 | 001,301,452 | -H-- | C] () -- C:\Documents and Settings\Kimmie\Desktop\tdsskiller.zip
    [2011/06/02 08:08:18 | 000,000,799 | -H-- | C] () -- C:\Documents and Settings\Kimmie\Desktop\Windows XP Recovery.lnk
    [2011/06/02 08:08:13 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18079524r
    [2011/06/02 08:07:57 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~18079524
    [2011/06/02 08:07:43 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18079524
    [2010/03/29 18:18:36 | 000,011,868 | -HS- | C] () -- C:\Documents and Settings\Kimmie\Local Settings\Application Data\5lRk1
    [2010/03/29 18:18:36 | 000,011,868 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5lRk1
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Kimmie\Desktop\123tdk.com:SummaryInformation
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 FunnEGirl

FunnEGirl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 09 June 2011 - 11:10 PM

OTL Report:

========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Starting removal of ActiveX control {41F17733-B041-4099-A042-B518BB6A408C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41F17733-B041-4099-A042-B518BB6A408C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41F17733-B041-4099-A042-B518BB6A408C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5770be14-6625-11dd-ab30-0011955057b8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5770be14-6625-11dd-ab30-0011955057b8}\ not found.
File H:\system\viewer\FlipVideoforPC.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5770be14-6625-11dd-ab30-0011955057b8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5770be14-6625-11dd-ab30-0011955057b8}\ not found.
File H:\system\viewer\FlipVideoforPC.exe not found.
C:\Documents and Settings\Kimmie\Start Menu\Programs\Windows XP Recovery folder moved successfully.
C:\Documents and Settings\All Users\Application Data\18079524.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ASduaswhIfbMHgW.exe moved successfully.
C:\Documents and Settings\Kimmie\Desktop\gmer.zip moved successfully.
C:\Documents and Settings\Kimmie\Desktop\123tdk.com moved successfully.
C:\Documents and Settings\Kimmie\Desktop\tdsskiller.zip moved successfully.
C:\Documents and Settings\Kimmie\Desktop\Windows XP Recovery.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\~18079524r moved successfully.
C:\Documents and Settings\All Users\Application Data\~18079524 moved successfully.
C:\Documents and Settings\All Users\Application Data\18079524 moved successfully.
File C:\Documents and Settings\All Users\Application Data\18079524.exe not found.
File C:\Documents and Settings\All Users\Application Data\ASduaswhIfbMHgW.exe not found.
C:\Documents and Settings\Kimmie\Desktop\TDSSKiller.exe moved successfully.
C:\1b3801af.exe moved successfully.
File C:\Documents and Settings\Kimmie\Desktop\gmer.zip not found.
File C:\Documents and Settings\Kimmie\Desktop\tdsskiller.zip not found.
File C:\Documents and Settings\Kimmie\Desktop\Windows XP Recovery.lnk not found.
File C:\Documents and Settings\All Users\Application Data\~18079524r not found.
File C:\Documents and Settings\All Users\Application Data\~18079524 not found.
File C:\Documents and Settings\All Users\Application Data\18079524 not found.
C:\Documents and Settings\Kimmie\Local Settings\Application Data\5lRk1 moved successfully.
C:\Documents and Settings\All Users\Application Data\5lRk1 moved successfully.
Unable to delete ADS C:\Documents and Settings\Kimmie\Desktop\123tdk.com:SummaryInformation .
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Kimmie\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kimmie\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.23.0 log created on 06092011_200154



TDSSkiller Report:

2011/06/09 23:56:01.0593 2984 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/09 23:56:03.0593 2984 ================================================================================
2011/06/09 23:56:03.0593 2984 SystemInfo:
2011/06/09 23:56:03.0593 2984
2011/06/09 23:56:03.0593 2984 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/09 23:56:03.0593 2984 Product type: Workstation
2011/06/09 23:56:03.0593 2984 ComputerName: KIM
2011/06/09 23:56:03.0593 2984 UserName: Kimmie
2011/06/09 23:56:03.0593 2984 Windows directory: C:\WINDOWS
2011/06/09 23:56:03.0593 2984 System windows directory: C:\WINDOWS
2011/06/09 23:56:03.0593 2984 Processor architecture: Intel x86
2011/06/09 23:56:03.0593 2984 Number of processors: 1
2011/06/09 23:56:03.0593 2984 Page size: 0x1000
2011/06/09 23:56:03.0593 2984 Boot type: Normal boot
2011/06/09 23:56:03.0593 2984 ================================================================================
2011/06/09 23:56:04.0828 2984 Initialize success
2011/06/09 23:56:16.0218 4856 ================================================================================
2011/06/09 23:56:16.0218 4856 Scan started
2011/06/09 23:56:16.0218 4856 Mode: Manual;
2011/06/09 23:56:16.0218 4856 ================================================================================
2011/06/09 23:56:17.0374 4856 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/06/09 23:56:17.0499 4856 ABVPN2K (05edb98a7d2364221ce9d7b37bb3ea56) C:\WINDOWS\system32\DRIVERS\abvpn2k.sys
2011/06/09 23:56:17.0624 4856 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/09 23:56:17.0749 4856 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/09 23:56:17.0921 4856 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/06/09 23:56:18.0062 4856 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/06/09 23:56:18.0203 4856 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/09 23:56:18.0328 4856 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/09 23:56:18.0453 4856 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/06/09 23:56:18.0593 4856 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/06/09 23:56:18.0734 4856 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/06/09 23:56:18.0859 4856 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/06/09 23:56:18.0984 4856 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/06/09 23:56:19.0140 4856 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/06/09 23:56:19.0281 4856 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/06/09 23:56:19.0406 4856 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/06/09 23:56:19.0531 4856 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/06/09 23:56:19.0687 4856 AR5523 (92637b97f57c1669d521a54482c4579c) C:\WINDOWS\system32\DRIVERS\WG11TND5.sys
2011/06/09 23:56:19.0843 4856 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/09 23:56:19.0984 4856 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/06/09 23:56:20.0109 4856 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/06/09 23:56:20.0234 4856 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/06/09 23:56:20.0406 4856 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/09 23:56:20.0531 4856 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/09 23:56:20.0718 4856 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/09 23:56:20.0859 4856 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/09 23:56:20.0984 4856 awlegacy (f7e75c620a04963c9a53c3b47da80405) C:\WINDOWS\System32\Drivers\awlegacy.sys
2011/06/09 23:56:21.0124 4856 AW_HOST (e3f3b6875d2ead9c03d04fe66dcd84c8) C:\WINDOWS\system32\drivers\aw_host5.sys
2011/06/09 23:56:21.0249 4856 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/09 23:56:21.0421 4856 BtAudio (2d8a94b633eb18e4205c6dc6506a5fcd) C:\WINDOWS\system32\DRIVERS\btaudio.sys
2011/06/09 23:56:21.0546 4856 BTDriver (cd67ed7fe193c5b3ddc8c291c9f10a6a) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/06/09 23:56:21.0671 4856 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/06/09 23:56:21.0812 4856 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/06/09 23:56:21.0937 4856 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/06/09 23:56:22.0078 4856 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/06/09 23:56:22.0234 4856 BTKRNL (774085424aa22201664f7609d31fd42c) C:\WINDOWS\system32\drivers\btkrnl.sys
2011/06/09 23:56:22.0406 4856 BTSERIAL (a983e7bf7cb3cb51de94e9a674705eca) C:\WINDOWS\System32\drivers\btserial.sys
2011/06/09 23:56:22.0546 4856 BTSLBCSP (9250c8b19419359d29a3a6018d4b0aba) C:\WINDOWS\System32\drivers\btslbcsp.sys
2011/06/09 23:56:22.0718 4856 BTWDNDIS (0b60bb7d9fc93d78c5e6f26132d4c2a5) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/06/09 23:56:22.0843 4856 BTWUSB (c7bd3b2f811f78331181c360c836a479) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/06/09 23:56:22.0984 4856 C-Dilla (4ff76600b4ca68376b80af1683799c60) C:\WINDOWS\System32\drivers\CDANT.SYS
2011/06/09 23:56:23.0265 4856 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/06/09 23:56:23.0390 4856 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/09 23:56:23.0515 4856 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/09 23:56:23.0687 4856 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/06/09 23:56:23.0812 4856 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/09 23:56:23.0953 4856 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/09 23:56:24.0078 4856 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/09 23:56:24.0140 4856 CDRPDACC (f4dd5641576334e4eeabfe50b065e572) C:\Program Files\321Studios\Shared\CDRPDACC.SYS
2011/06/09 23:56:24.0390 4856 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/06/09 23:56:24.0546 4856 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/06/09 23:56:24.0687 4856 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/06/09 23:56:24.0828 4856 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/06/09 23:56:24.0968 4856 DCamUSBSQTECH (100ff3d9e16afb3163bd6f9aaaab7c55) C:\WINDOWS\system32\Drivers\SQcaptur.sys
2011/06/09 23:56:25.0109 4856 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/09 23:56:25.0281 4856 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/09 23:56:25.0499 4856 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/09 23:56:25.0624 4856 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/09 23:56:25.0781 4856 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/09 23:56:25.0921 4856 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/06/09 23:56:26.0046 4856 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/09 23:56:26.0171 4856 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/06/09 23:56:26.0312 4856 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/06/09 23:56:26.0437 4856 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/06/09 23:56:26.0593 4856 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/06/09 23:56:26.0687 4856 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/09 23:56:26.0828 4856 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/06/09 23:56:27.0015 4856 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/09 23:56:27.0171 4856 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/09 23:56:27.0296 4856 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/09 23:56:27.0421 4856 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/09 23:56:27.0593 4856 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/09 23:56:27.0718 4856 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/09 23:56:27.0874 4856 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/09 23:56:27.0999 4856 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/09 23:56:28.0109 4856 Gernuwa (ba294768509fa03fcfe766962dee3cad) C:\WINDOWS\system32\drivers\Gernuwa.sys
2011/06/09 23:56:28.0234 4856 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/09 23:56:28.0421 4856 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/06/09 23:56:28.0562 4856 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/09 23:56:28.0687 4856 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/09 23:56:28.0812 4856 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/09 23:56:28.0937 4856 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/09 23:56:29.0078 4856 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/09 23:56:29.0218 4856 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/06/09 23:56:29.0390 4856 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/09 23:56:29.0515 4856 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/06/09 23:56:29.0656 4856 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/06/09 23:56:29.0781 4856 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/06/09 23:56:29.0937 4856 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/06/09 23:56:30.0281 4856 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/06/09 23:56:30.0390 4856 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/06/09 23:56:30.0515 4856 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/06/09 23:56:30.0656 4856 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/06/09 23:56:30.0859 4856 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/06/09 23:56:31.0015 4856 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/06/09 23:56:31.0218 4856 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/09 23:56:31.0421 4856 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/09 23:56:31.0609 4856 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/06/09 23:56:31.0749 4856 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/06/09 23:56:31.0890 4856 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/09 23:56:32.0015 4856 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/09 23:56:32.0156 4856 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/09 23:56:32.0281 4856 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/09 23:56:32.0421 4856 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/09 23:56:32.0546 4856 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/09 23:56:32.0687 4856 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/09 23:56:32.0828 4856 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/09 23:56:32.0984 4856 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/09 23:56:33.0187 4856 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/09 23:56:33.0421 4856 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/09 23:56:33.0578 4856 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/09 23:56:33.0687 4856 MotDev (20ff89c59b0a50f53822303064988e00) C:\WINDOWS\system32\DRIVERS\motodrv.sys
2011/06/09 23:56:33.0812 4856 motmodem (49bc2ea84db5320b880a222e6e11b28b) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/06/09 23:56:33.0937 4856 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/09 23:56:34.0062 4856 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/09 23:56:34.0656 4856 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/06/09 23:56:35.0265 4856 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/09 23:56:35.0703 4856 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/09 23:56:36.0078 4856 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/09 23:56:36.0374 4856 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/09 23:56:36.0640 4856 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/09 23:56:37.0062 4856 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/09 23:56:37.0312 4856 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/09 23:56:37.0828 4856 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/09 23:56:38.0234 4856 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/09 23:56:38.0781 4856 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys
2011/06/09 23:56:39.0499 4856 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/09 23:56:39.0703 4856 NAVENG (c3fddf2cb92d3254583d47da54af598c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040619.019\NAVENG.Sys
2011/06/09 23:56:39.0921 4856 NAVEX15 (824128cade302794827af8472a6a1f5c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040619.019\NavEx15.Sys
2011/06/09 23:56:40.0078 4856 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/09 23:56:40.0249 4856 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/09 23:56:40.0374 4856 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/09 23:56:40.0546 4856 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/09 23:56:40.0671 4856 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/09 23:56:40.0843 4856 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/09 23:56:41.0015 4856 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/09 23:56:41.0156 4856 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/09 23:56:41.0328 4856 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/09 23:56:41.0468 4856 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/09 23:56:41.0609 4856 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/09 23:56:41.0781 4856 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/09 23:56:41.0999 4856 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/09 23:56:42.0187 4856 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/09 23:56:42.0296 4856 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/09 23:56:42.0421 4856 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/09 23:56:42.0546 4856 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/06/09 23:56:42.0718 4856 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/06/09 23:56:42.0843 4856 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/06/09 23:56:42.0968 4856 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/09 23:56:43.0093 4856 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/09 23:56:43.0234 4856 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/09 23:56:43.0359 4856 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/09 23:56:43.0562 4856 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/09 23:56:43.0718 4856 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/09 23:56:43.0812 4856 Pcouffin (62c72e912a04aa927d9eaf9a0b157aaf) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/06/09 23:56:44.0187 4856 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/06/09 23:56:44.0312 4856 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/06/09 23:56:44.0578 4856 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/09 23:56:44.0937 4856 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/09 23:56:45.0078 4856 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/09 23:56:45.0296 4856 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/09 23:56:45.0531 4856 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/06/09 23:56:45.0749 4856 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/06/09 23:56:45.0906 4856 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/06/09 23:56:46.0062 4856 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/06/09 23:56:46.0265 4856 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/06/09 23:56:46.0468 4856 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/06/09 23:56:46.0624 4856 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/09 23:56:46.0843 4856 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/09 23:56:47.0140 4856 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/09 23:56:47.0421 4856 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/09 23:56:47.0718 4856 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/09 23:56:47.0937 4856 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/09 23:56:48.0187 4856 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/09 23:56:48.0515 4856 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/09 23:56:48.0749 4856 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/09 23:56:49.0015 4856 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/06/09 23:56:49.0265 4856 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/06/09 23:56:49.0515 4856 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/09 23:56:49.0937 4856 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/06/09 23:56:50.0031 4856 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/09 23:56:50.0140 4856 SAVRT (ac9d162f3dd155e6023aa5ac89f59780) C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
2011/06/09 23:56:50.0296 4856 SAVRTPEL (7bd636b57b7fd56c2c2ac9515f6b57d7) C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
2011/06/09 23:56:50.0437 4856 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/06/09 23:56:50.0593 4856 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/09 23:56:50.0749 4856 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/09 23:56:50.0906 4856 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/09 23:56:51.0124 4856 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/09 23:56:51.0453 4856 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/06/09 23:56:51.0624 4856 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/09 23:56:51.0781 4856 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/09 23:56:51.0953 4856 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/06/09 23:56:52.0093 4856 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/06/09 23:56:52.0218 4856 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/09 23:56:52.0359 4856 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/09 23:56:52.0546 4856 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/09 23:56:52.0718 4856 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/06/09 23:56:52.0843 4856 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/06/09 23:56:52.0999 4856 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/09 23:56:53.0140 4856 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/09 23:56:53.0281 4856 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/09 23:56:53.0437 4856 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/06/09 23:56:53.0593 4856 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/06/09 23:56:53.0734 4856 SYMDNS (b0715be7e6acfbb1f8d2a9dbb6fa7c0a) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2011/06/09 23:56:53.0828 4856 SymEvent (3feeb051c94f5005f56423619315273b) C:\Program Files\Symantec\SYMEVENT.SYS
2011/06/09 23:56:53.0984 4856 SYMFW (1625f724cab061f95a843a4102d65757) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2011/06/09 23:56:54.0109 4856 SYMIDS (d7e576e98a4ef5d8393370511205c2aa) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2011/06/09 23:56:54.0296 4856 SYMIDSCO (2133d1f879b280121b0e6a7d34b24a02) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20101230.002\symidsco.sys
2011/06/09 23:56:54.0437 4856 SYMNDIS (b4c16ae203fa815cae4005b0e7ff8b68) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2011/06/09 23:56:54.0578 4856 SYMREDRV (f26e71125da173d57caba3457c5e48cf) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/06/09 23:56:54.0718 4856 SYMTDI (23b6adbaa7026c53b5ef102e56750b13) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/06/09 23:56:54.0874 4856 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/06/09 23:56:55.0015 4856 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/06/09 23:56:55.0171 4856 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/09 23:56:55.0359 4856 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/09 23:56:55.0546 4856 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/09 23:56:55.0765 4856 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/09 23:56:55.0921 4856 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/09 23:56:56.0046 4856 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/06/09 23:56:56.0218 4856 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/06/09 23:56:56.0343 4856 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/06/09 23:56:56.0499 4856 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
2011/06/09 23:56:56.0656 4856 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/06/09 23:56:56.0796 4856 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/06/09 23:56:56.0921 4856 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/06/09 23:56:57.0093 4856 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/06/09 23:56:57.0249 4856 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/06/09 23:56:57.0374 4856 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/06/09 23:56:57.0531 4856 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/09 23:56:57.0687 4856 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/06/09 23:56:57.0828 4856 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/09 23:56:57.0984 4856 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/09 23:56:58.0124 4856 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/09 23:56:58.0265 4856 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/09 23:56:58.0390 4856 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/09 23:56:58.0531 4856 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/09 23:56:58.0765 4856 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/09 23:56:58.0890 4856 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/09 23:56:59.0015 4856 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/09 23:56:59.0156 4856 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/06/09 23:56:59.0296 4856 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/06/09 23:56:59.0421 4856 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/09 23:56:59.0421 4856 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/06/09 23:56:59.0437 4856 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/09 23:56:59.0593 4856 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/09 23:56:59.0718 4856 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/06/09 23:56:59.0874 4856 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/09 23:57:00.0124 4856 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/09 23:57:00.0343 4856 WpdUsb (d7467f619f574ab36286d2903e751deb) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/09 23:57:00.0468 4856 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/09 23:57:00.0640 4856 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/09 23:57:00.0796 4856 WudfPf (1903ffcf876720d9bc3432f0c64559e9) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/09 23:57:00.0937 4856 WudfRd (7fda30836fa3a5e52d16a09c686f9c2b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/09 23:57:01.0124 4856 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/06/09 23:57:01.0265 4856 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/06/09 23:57:01.0312 4856 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/09 23:57:01.0468 4856 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/06/09 23:57:01.0499 4856 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR6
2011/06/09 23:57:01.0562 4856 ================================================================================
2011/06/09 23:57:01.0562 4856 Scan finished
2011/06/09 23:57:01.0562 4856 ================================================================================
2011/06/09 23:57:01.0609 2872 Detected object count: 1
2011/06/09 23:57:01.0609 2872 Actual detected object count: 1
2011/06/09 23:57:04.0890 2872 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/09 23:57:04.0890 2872 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/06/09 23:57:06.0718 2872 Backup copy found, using it..
2011/06/09 23:57:06.0734 2872 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/06/09 23:57:06.0734 2872 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/06/09 23:57:28.0531 4704 Deinitialize success


So far it looks like things are working (yay! You da bomb). I am not experiencing any issues...

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:39 AM

Posted 10 June 2011 - 08:25 AM

Hi!

Looks like TDSSKiller found the main culprit.

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



The main infection that you were infected with is called TDL4.

See the snippet of text below:

2011/06/09 23:57:01.0609 2872 Detected object count: 1
2011/06/09 23:57:01.0609 2872 Actual detected object count: 1
2011/06/09 23:57:04.0890 2872 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/09 23:57:04.0890 2872 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/06/09 23:57:06.0718 2872 Backup copy found, using it..
2011/06/09 23:57:06.0734 2872 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/06/09 23:57:06.0734 2872 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/06/09 23:57:28.0531 4704 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.51.0.1200) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 FunnEGirl

FunnEGirl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 11 June 2011 - 03:23 PM

Malwarebytes' Anti-Malware log:


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6834

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/11/2011 8:36:40 AM
mbam-log-2011-06-11 (08-36-40).txt

Scan type: Quick scan
Objects scanned: 178279
Time elapsed: 10 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 4
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{BFC48A4D-75B9-455B-A4C3-9DC3F940B245} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4040A92C-93F0-49B4-9DD0-93E1887E724A} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CMaidCtlApp.MaidCtrl.1 (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} (Adware.EBates) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ActiveX.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\xjado (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\DOWNLOADED PROGRAM FILES\CMAIDCTL.OCX (Adware.ClosetMaid) -> Value: CMAIDCTL.OCX -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{6685509E-B47B-4F47-8E16-9A5F3A62F683} (Adware.EBates) -> Value: {6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{6685509E-B47B-4f47-8E16-9A5F3A62F683} (Adware.EBates) -> Value: {6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ASduaswhIfbMHgW (Rogue.Agent.SA) -> Value: ASduaswhIfbMHgW -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\downloaded program files\CMAIDCTL.OCX (Adware.ClosetMaid) -> Quarantined and deleted successfully.
c:\downloads\dinerdashsetup-dm[1].exe (Adware.TryMedia) -> Quarantined and deleted successfully.
c:\documents and settings\Kimmie\local settings\Temp\3FC.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Kimmie\local settings\Temp\3FD.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


ESET Scan:

C:\da1c7465.hta VBS/TrojanDownloader.Psyme.gen trojan
C:\Documents and Settings\All Users\Application Data\IEService\v28.exe a variant of Win32/TrojanDropper.VB.CD trojan
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\1\2264f581-156e384c multiple threats
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\21\20d7c155-457118be multiple threats
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\25\3fa803d9-1679b906 Win32/Dialer.AsianRaw application
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\41\d19cee9-7aa3d599 Win32/Dialer.AsianRaw application
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\49\22cc6db1-730cb772 a variant of Java/TrojanDownloader.Agent.NBN trojan
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-1ac02c55-3069ef21.class Win32/Dialer.AsianRaw application
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-305f4c99-58fb7938.class Win32/Dialer.AsianRaw application
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1d22a678-65019ae8.zip multiple threats
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-26f0d915-52f35651.zip multiple threats
C:\Documents and Settings\Kimmie\Desktop\backups\backup-20040927-003229-358.dll probably a variant of Win32/StartPage.BSTRLXU trojan
C:\Documents and Settings\Kimmie\Local Settings\Temp\qjrpgq.sys a variant of Win32/Kolweb trojan
C:\Documents and Settings\Kimmie\Local Settings\Temp\smtmp\1\Programs\Startup\Microsoft Office.hta VBS/TrojanDownloader.Psyme.gen trojan
C:\Program Files\Netscape\Netscape\plugins\npclntax.dll Win32/Adware.180Solutions application
C:\Program Files\Windows Media Player\wmplayer.exe.tmp Win32/TrojanDownloader.Small.APM trojan
C:\SDFix\backups\backups.zip multiple threats
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1900\A0317224.hta VBS/TrojanDownloader.Psyme.gen trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1902\A0318365.exe a variant of Win32/Adware.Trymedia application
C:\temporary\aun_0011.exe Win32/TrojanDownloader.Small.NDH trojan
C:\WINDOWS\cl2.exe Win32/Kolweb.H trojan
C:\WINDOWS\Clearer.exe probably a variant of Win32/Agent.CNOYQFO trojan
C:\WINDOWS\istinstall_si.exe Win32/TrojanDownloader.Small.GL trojan
C:\WINDOWS\SYSTEM32\cl2.exe Win32/Kolweb.H trojan
C:\WINDOWS\SYSTEM32\Clearer.exe probably a variant of Win32/Agent.CNOYQFO trojan
C:\WINDOWS\SYSTEM32\sysupd1003.exe Win32/TrojanClicker.Small.AN trojan
C:\_OTL\MovedFiles\06092011_200154\C_Documents and Settings\All Users\Application Data\18079524.exe a variant of Win32/Kryptik.ONG trojan
C:\_OTL\MovedFiles\06092011_200154\C_Documents and Settings\All Users\Application Data\ASduaswhIfbMHgW.exe a variant of Win32/Kryptik.ONG trojan


and Checkup.txt contents:


Results of screen317's Security Check version 0.99.13
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Norton AntiVirus
Norton Internet Security (Symantec Corporation)
Norton Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
Hijackthis 1.99.1
Java™ 6 Update 20
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2
Out of date Java installed!
Adobe Flash Player 10.3.181.14
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
ESET ESET Online Scanner OnlineScannerApp.exe
``````````End of Log````````````

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:39 AM

Posted 11 June 2011 - 03:32 PM

Hi!

These threats below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\_OTL\MovedFiles\06092011_200154\C_Documents and Settings\All Users\Application Data\18079524.exe a variant of Win32/Kryptik.ONG trojan
C:\_OTL\MovedFiles\06092011_200154\C_Documents and Settings\All Users\Application Data\ASduaswhIfbMHgW.exe a variant of Win32/Kryptik.ONG trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1900\A0317224.hta VBS/TrojanDownloader.Psyme.gen trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1902\A0318365.exe a variant of Win32/Adware.Trymedia application


These threats below will be removed very shortly:

C:\da1c7465.hta
C:\Documents and Settings\All Users\Application Data\IEService\v28.exe
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\1\2264f581-156e384c
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\21\20d7c155-457118be
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\25\3fa803d9-1679b906
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\41\d19cee9-7aa3d599
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\49\22cc6db1-730cb772
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-1ac02c55-3069ef21.class
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-305f4c99-58fb7938.class
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1d22a678-65019ae8.zip
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-26f0d915-52f35651.zip
C:\Documents and Settings\Kimmie\Desktop\backups\backup-20040927-003229-358.dll
C:\Documents and Settings\Kimmie\Local Settings\Temp\qjrpgq.sys
C:\Documents and Settings\Kimmie\Local Settings\Temp\smtmp\1\Programs\Startup\Microsoft Office.hta
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
C:\SDFix\backups\backups.zip
C:\temporary\aun_0011.exe
C:\WINDOWS\cl2.exe
C:\WINDOWS\Clearer.exe
C:\WINDOWS\istinstall_si.exe
C:\WINDOWS\SYSTEM32\cl2.exe
C:\WINDOWS\SYSTEM32\Clearer.exe
C:\WINDOWS\SYSTEM32\sysupd1003.exe


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform.
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Update FireFox
You're currently using an outdated version of Firefox. The latest version of Firefox is 3.6.17.

You can get the latest version of Firefox by accessing the Posted Image menu in Firefox and then selecting Posted Image.

Please make sure that you Posted Image again after updating to the latest version to make sure that you have in fact received the latest version.



NEXT:



Remove Program
We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):
  • HijackThis 1.99.1


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\da1c7465.hta
    C:\Documents and Settings\All Users\Application Data\IEService\v28.exe
    C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\1\2264f581-156e384c
    C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\21\20d7c155-457118be
    C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\25\3fa803d9-1679b906
    C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\41\d19cee9-7aa3d599
    C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\49\22cc6db1-730cb772
    C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-1ac02c55-3069ef21.class
    C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-305f4c99-58fb7938.class
    C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1d22a678-65019ae8.zip
    C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-26f0d915-52f35651.zip
    C:\Documents and Settings\Kimmie\Desktop\backups\backup-20040927-003229-358.dll
    C:\Documents and Settings\Kimmie\Local Settings\Temp\qjrpgq.sys
    C:\Documents and Settings\Kimmie\Local Settings\Temp\smtmp\1\Programs\Startup\Microsoft Office.hta
    C:\Program Files\Windows Media Player\wmplayer.exe.tmp
    C:\SDFix\backups\backups.zip
    C:\temporary\aun_0011.exe
    C:\WINDOWS\cl2.exe
    C:\WINDOWS\Clearer.exe
    C:\WINDOWS\istinstall_si.exe
    C:\WINDOWS\SYSTEM32\cl2.exe
    C:\WINDOWS\SYSTEM32\Clearer.exe
    C:\WINDOWS\SYSTEM32\sysupd1003.exe
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 FunnEGirl

FunnEGirl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 12 June 2011 - 10:26 PM

Hi, fyi I installed Firefox v. 4.0.1 (update wasn't working)...

OTL Fix Report:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\da1c7465.hta moved successfully.
C:\Documents and Settings\All Users\Application Data\IEService\v28.exe moved successfully.
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\1\2264f581-156e384c moved successfully.
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\21\20d7c155-457118be moved successfully.
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\25\3fa803d9-1679b906 moved successfully.
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\41\d19cee9-7aa3d599 moved successfully.
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\6.0\49\22cc6db1-730cb772 moved successfully.
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-1ac02c55-3069ef21.class moved successfully.
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-305f4c99-58fb7938.class moved successfully.
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1d22a678-65019ae8.zip moved successfully.
C:\Documents and Settings\Kimmie\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-26f0d915-52f35651.zip moved successfully.
C:\Documents and Settings\Kimmie\Desktop\backups\backup-20040927-003229-358.dll moved successfully.
C:\Documents and Settings\Kimmie\Local Settings\Temp\qjrpgq.sys moved successfully.
C:\Documents and Settings\Kimmie\Local Settings\Temp\smtmp\1\Programs\Startup\Microsoft Office.hta moved successfully.
C:\Program Files\Windows Media Player\wmplayer.exe.tmp moved successfully.
C:\SDFix\backups\backups.zip moved successfully.
C:\temporary\aun_0011.exe moved successfully.
C:\WINDOWS\cl2.exe moved successfully.
C:\WINDOWS\Clearer.exe moved successfully.
C:\WINDOWS\istinstall_si.exe moved successfully.
C:\WINDOWS\SYSTEM32\cl2.exe moved successfully.
C:\WINDOWS\SYSTEM32\Clearer.exe moved successfully.
C:\WINDOWS\SYSTEM32\sysupd1003.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Kimmie\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kimmie\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56466 bytes

User: DELL

User: Kimbalina

User: Kimmie
->Temp folder emptied: 566412908 bytes
->Temporary Internet Files folder emptied: 112890293 bytes
->Java cache emptied: 81192779 bytes
->FireFox cache emptied: 57731184 bytes
->Flash cache emptied: 219305 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 13165158 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 16099353 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2675729 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54373482 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 90336406 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 528902059 bytes

Total Files Cleaned = 1,454.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: DELL

User: Kimbalina

User: Kimmie
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06122011_230416

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


And OTL Quick Scan report:

OTL logfile created on: 6/12/2011 11:17:10 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Kimmie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 76.30% Memory free
3.10 Gb Paging File | 2.63 Gb Available in Paging File | 84.77% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 2.07 Gb Free Space | 5.55% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 11.48 Gb Free Space | 11.76% Space Free | Partition Type: NTFS
Drive G: | 135.23 Gb Total Space | 112.46 Gb Free Space | 83.16% Space Free | Partition Type: NTFS
Drive I: | 1.86 Gb Total Space | 1.26 Gb Free Space | 67.64% Space Free | Partition Type: FAT

Computer Name: KIM | User Name: Kimmie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/09 07:47:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kimmie\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/29 08:29:04 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/03 16:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/04/26 19:13:48 | 001,003,590 | ---- | M] (Zinio Systems, Inc.) -- C:\Program Files\Zinio\ZinioDeliveryManager.exe
PRC - [2006/01/17 14:03:06 | 000,135,168 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2005/07/15 14:48:34 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
PRC - [2005/01/21 22:32:12 | 000,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004/12/22 17:45:42 | 000,235,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2004/12/22 17:45:22 | 000,255,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2004/12/22 17:45:16 | 000,071,280 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2004/12/22 13:20:44 | 000,218,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
PRC - [2004/04/12 16:25:16 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files\palmOne\HOTSYNC.EXE
PRC - [2004/03/26 08:46:17 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/08/19 14:27:52 | 001,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/08/13 12:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/01/10 19:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2001/09/10 20:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE


========== Modules (SafeList) ==========

MOD - [2011/06/09 07:47:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kimmie\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/09/26 10:20:28 | 000,197,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Antispam\ASOEHOOK.DLL
MOD - [2003/11/21 18:05:02 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcr70.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/03 16:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2009/05/20 14:18:28 | 000,297,472 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 16:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/01/25 21:48:50 | 000,194,272 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan)
SRV - [2005/01/21 22:32:12 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/12/22 17:45:42 | 000,235,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/12/22 17:45:30 | 000,087,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/12/22 17:45:22 | 000,255,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/12/22 13:20:44 | 000,218,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2004/04/23 11:04:18 | 000,158,848 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2003/08/19 14:27:52 | 001,376,360 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/06/24 20:23:10 | 000,066,784 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
SRV - [2003/03/03 15:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/01/10 19:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2001/11/02 10:50:00 | 000,110,651 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
SRV - [2001/09/10 20:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2010/09/15 14:07:08 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20101230.002\SymIDSco.sys -- (SYMIDSCO)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2007/08/15 08:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\n558.sys -- (n558)
DRV - [2007/05/04 18:04:04 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motodrv.sys -- (MotDev)
DRV - [2007/05/04 17:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WG11TND5.sys -- (AR5523)
DRV - [2005/05/13 19:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/01/25 21:48:52 | 000,305,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/01/25 21:48:52 | 000,037,000 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrtpel.sys -- (SAVRTPEL)
DRV - [2005/01/21 22:31:50 | 000,267,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/01/21 22:31:48 | 000,026,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/01/21 22:31:46 | 000,035,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/01/21 22:31:44 | 000,172,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/01/21 22:31:44 | 000,046,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/01/21 22:31:40 | 000,011,544 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/06/19 04:00:00 | 000,600,264 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040619.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2004/06/19 04:00:00 | 000,068,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040619.019\NAVENG.SYS -- (NAVENG)
DRV - [2004/04/12 16:26:02 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/09/15 16:27:04 | 000,022,183 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btserial.sys -- (BTSERIAL)
DRV - [2003/09/15 16:26:40 | 000,222,876 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btslbcsp.sys -- (BTSLBCSP)
DRV - [2003/09/15 16:23:40 | 001,257,418 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2003/09/15 16:22:06 | 000,146,812 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - [2003/09/15 16:17:02 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btport.sys -- (BTDriver)
DRV - [2003/09/15 16:15:28 | 000,021,861 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btaudio.sys -- (BtAudio)
DRV - [2003/09/15 16:14:36 | 000,051,848 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwusb.sys -- (BTWUSB)
DRV - [2003/01/10 19:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2003/01/10 11:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/07/25 13:33:58 | 000,004,633 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - [2001/10/22 10:50:00 | 000,031,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AW_HOST5.sys -- (AW_HOST)
DRV - [2001/10/09 10:50:00 | 000,014,944 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2001/09/10 20:09:46 | 000,057,392 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANT.SYS -- (C-Dilla)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/09/11 10:50:00 | 000,010,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search, = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.103
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/12 23:00:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/12 23:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/12/21 09:10:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/06/12 22:32:04 | 000,000,000 | ---D | M]

[2010/08/30 16:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kimmie\Application Data\Mozilla\Extensions
[2011/06/12 23:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kimmie\Application Data\Mozilla\Firefox\Profiles\nece6ad4.default\extensions
[2010/10/19 07:38:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kimmie\Application Data\Mozilla\Firefox\Profiles\nece6ad4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/12 23:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kimmie\Application Data\Mozilla\Firefox\Profiles\nece6ad4.default\extensions\nostmp
[2011/06/12 23:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/12 22:32:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/12 22:31:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/06/12 22:31:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/12 23:04:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Web assistant) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\URLLSTCK.EXE (Symantec Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe (Zinio Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Kimmie\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\Kimmie\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/56.39/uploader2.cab (UploadListView Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {59878370-5892-4ACB-AF20-2F9AADA79BB4} http://restoration.scancafe.com/ScancafeUploader.cab (Scancafe Uploader Control)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab (Install Class)
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} http://evite.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab (Ofoto Upload Manager Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab (FujifilmUploader Class)
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} http://www.rockefellercenter.com/viewer/wg_webeye.cab (WebEyeControl)
O16 - DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} https://mydesk-pi02.morganstanley.com/prx/000/http/rc.ms.com:8180/md/1.2/common/htdocs/SPX/2.3.0.10/TerminalSvcsTCS.cab (TerminalSvcsTCSX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sosevents.webex.com/client/T27LB/event/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\System32\awgina.dll) - C:\WINDOWS\SYSTEM32\awgina.dll (Symantec Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/05/09 21:36:18 | 000,000,034 | ---- | M] () - I:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 22:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/06/12 22:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/06/12 22:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/06/12 22:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/06/12 22:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/06/12 22:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/06/11 08:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/11 08:49:42 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Kimmie\Desktop\esetsmartinstaller_enu.exe
[2011/06/11 07:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kimmie\Application Data\Malwarebytes
[2011/06/11 07:59:37 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/11 07:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/11 07:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/11 07:59:34 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/11 07:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/11 07:58:09 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kimmie\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/09 23:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kimmie\Desktop\tdsskiller
[2011/06/09 20:01:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/09 07:47:40 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kimmie\Desktop\OTL.exe
[2011/06/06 07:33:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kimmie\Recent
[2011/06/04 12:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kimmie\Desktop\gmer
[2011/06/04 12:41:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kimmie\Start Menu\Programs\Administrative Tools
[2011/06/04 12:40:55 | 000,607,222 | R--- | C] (Swearware) -- C:\Documents and Settings\Kimmie\Desktop\dds.scr
[2011/06/03 08:18:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF
[2011/05/23 08:50:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/05/21 18:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/21 10:06:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/05/21 10:06:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/05/21 10:06:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[6 C:\Documents and Settings\Kimmie\My Documents\*.tmp files -> C:\Documents and Settings\Kimmie\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/12 23:08:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/12 23:08:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/06/12 23:08:39 | 2682,310,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/12 23:04:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/06/12 23:01:00 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Kimmie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/12 23:01:00 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/12 22:49:21 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/12 22:44:14 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/06/12 22:44:14 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/12 22:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/12 22:33:39 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/06/12 22:15:52 | 000,443,573 | ---- | M] () -- C:\WINDOWS\System32\EPSETUP.CAB
[2011/06/12 22:15:52 | 000,288,201 | ---- | M] () -- C:\WINDOWS\System32\EPPRTDRV.CAB
[2011/06/12 22:15:52 | 000,008,284 | ---- | M] () -- C:\WINDOWS\System32\eps_icon.avi
[2011/06/12 22:11:16 | 000,081,384 | ---- | M] () -- C:\WINDOWS\EPSTPLOG.BAK
[2011/06/12 22:02:34 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/06/11 12:17:42 | 000,879,099 | ---- | M] () -- C:\Documents and Settings\Kimmie\Desktop\SecurityCheck.exe
[2011/06/11 08:49:41 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Kimmie\Desktop\esetsmartinstaller_enu.exe
[2011/06/11 07:59:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/11 07:58:17 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kimmie\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/10 00:06:43 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/09 23:55:25 | 001,305,136 | ---- | M] () -- C:\Documents and Settings\Kimmie\Desktop\tdsskiller.zip
[2011/06/09 19:32:25 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Kimmie\Desktop\unhide.exe
[2011/06/09 07:47:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kimmie\Desktop\OTL.exe
[2011/06/09 07:43:15 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Kimmie\Desktop\RKUnhookerLE.EXE
[2011/06/09 07:35:36 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\Kimmie\Desktop\iExplore.exe
[2011/06/06 22:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/04 12:40:31 | 000,607,222 | R--- | M] (Swearware) -- C:\Documents and Settings\Kimmie\Desktop\dds.scr
[2011/06/04 12:39:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kimmie\defogger_reenable
[2011/06/04 12:38:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Kimmie\Desktop\Defogger.exe
[2011/06/04 12:31:16 | 000,000,550 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/24 07:57:42 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/23 09:22:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/23 09:16:59 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/05/23 09:16:59 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/05/21 10:01:21 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[6 C:\Documents and Settings\Kimmie\My Documents\*.tmp files -> C:\Documents and Settings\Kimmie\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/12 23:01:00 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/12 23:01:00 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/12 22:49:21 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/12 22:49:21 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/12 22:44:14 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/06/12 22:44:14 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/12 22:10:42 | 000,008,284 | ---- | C] () -- C:\WINDOWS\System32\eps_icon.avi
[2011/06/12 22:10:41 | 000,443,573 | ---- | C] () -- C:\WINDOWS\System32\EPSETUP.CAB
[2011/06/12 22:10:41 | 000,288,201 | ---- | C] () -- C:\WINDOWS\System32\EPPRTDRV.CAB
[2011/06/11 12:17:46 | 000,879,099 | ---- | C] () -- C:\Documents and Settings\Kimmie\Desktop\SecurityCheck.exe
[2011/06/11 07:59:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/09 23:55:25 | 001,305,136 | ---- | C] () -- C:\Documents and Settings\Kimmie\Desktop\tdsskiller.zip
[2011/06/09 19:36:32 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/06/09 19:36:32 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/06/09 19:36:32 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/09 19:36:31 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\Microsoft\Internet Explorer\Quick Launch\MUSICMATCH Jukebox.lnk
[2011/06/09 19:36:31 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VideoMVP.lnk
[2011/06/09 19:36:31 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PhotoMVP.lnk
[2011/06/09 19:36:31 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Mail & Newsgroups.lnk
[2011/06/09 19:36:31 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Netscape Mail & Newsgroups.lnk
[2011/06/09 19:36:31 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Solution Center.lnk
[2011/06/09 19:36:31 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape 7.1.lnk
[2011/06/09 19:36:31 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2011/06/09 19:36:31 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/09 19:36:31 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Symantec pcAnywhere.LNK
[2011/06/09 19:36:31 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/06/09 19:36:31 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/09 19:36:31 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2011/06/09 19:36:31 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zinio Reader.lnk
[2011/06/09 19:36:31 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2011/06/09 19:36:31 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/06/09 19:36:31 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2011/06/09 19:36:30 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KODAK Gallery Upload Software.lnk
[2011/06/09 19:36:30 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Express.lnk
[2011/06/09 19:36:30 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Picture Studio v2.0.lnk
[2011/06/09 19:36:30 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2011/06/09 19:36:30 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Jukebox by musicmatch.lnk
[2011/06/09 19:36:30 | 000,001,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Media Experience.lnk
[2011/06/09 19:36:30 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Netscape 7.1.lnk
[2011/06/09 19:36:30 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Learn XP.LNK
[2011/06/09 19:36:30 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/09 19:36:30 | 000,001,521 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mMode Sync.lnk
[2011/06/09 19:36:30 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/06/09 19:36:30 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/06/09 19:36:30 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MyPublisher.lnk
[2011/06/09 19:36:30 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[2011/06/09 19:36:30 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DVD X Copy Platinum.lnk
[2011/06/09 19:36:30 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk
[2011/06/09 19:36:30 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/09 19:36:30 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Zinio Library.lnk
[2011/06/09 19:36:29 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Album 2.0 Starter Edition.lnk
[2011/06/09 19:36:29 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Burn CDs & DVDs with RecordNow!.lnk
[2011/06/09 19:36:29 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\01-mp3search.lnk
[2011/06/09 19:36:29 | 000,000,914 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Deluxe.lnk
[2011/06/09 19:36:29 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 2.0.lnk
[2011/06/09 19:36:29 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk
[2011/06/09 19:36:29 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/06/09 19:32:34 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\Kimmie\Desktop\unhide.exe
[2011/06/09 07:43:18 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Kimmie\Desktop\RKUnhookerLE.EXE
[2011/06/09 07:35:43 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Kimmie\Desktop\iExplore.exe
[2011/06/04 12:39:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kimmie\defogger_reenable
[2011/06/04 12:38:46 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Kimmie\Desktop\Defogger.exe
[2009/06/09 19:56:24 | 000,054,548 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/02/24 09:06:21 | 000,006,919 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\PrimoPDFSet.xml
[2009/02/21 10:58:11 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/06/25 08:25:48 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/06/25 08:03:45 | 000,117,404 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/04/28 13:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2007/10/19 21:59:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/10/19 08:46:05 | 000,135,168 | ---- | C] () -- C:\WINDOWS\catchme.exe
[2007/10/19 08:46:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VFind.exe
[2007/08/15 08:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/05/13 23:48:05 | 000,000,015 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/05/13 23:18:00 | 000,000,067 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2007/05/13 23:18:00 | 000,000,019 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2007/04/19 22:42:44 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/01/21 18:44:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/07 14:09:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/10/04 23:27:48 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/10/02 08:54:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/10 00:17:59 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/07/27 21:15:20 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2005/02/26 14:53:14 | 000,293,716 | ---- | C] () -- C:\WINDOWS\Golden Palace Casino PT setup.exe
[2005/02/24 20:43:39 | 000,029,521 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2005/02/24 20:43:39 | 000,020,910 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2005/02/24 20:43:39 | 000,020,869 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2005/02/24 20:43:39 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/02/24 20:38:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4600.ini
[2005/02/19 21:02:29 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/02/19 21:02:25 | 000,000,361 | ---- | C] () -- C:\WINDOWS\videomvp.ini
[2005/02/19 21:01:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005/01/01 05:16:54 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2004/11/09 01:22:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/10/02 10:06:13 | 000,170,484 | ---- | C] () -- C:\WINDOWS\System32\drivers\abvpn2k.sys
[2004/10/02 10:06:12 | 000,010,009 | ---- | C] () -- C:\WINDOWS\agnslang.ini
[2004/09/09 07:36:59 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/07/12 21:11:51 | 000,095,440 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2004/07/12 21:10:38 | 000,095,440 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2004/07/12 21:10:35 | 000,009,357 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/06/14 21:21:03 | 000,238,435 | ---- | C] () -- C:\WINDOWS\mxtarget.ini
[2004/06/14 21:21:02 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/13 10:26:35 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Kimmie\Local Settings\Application Data\fusioncache.dat
[2004/05/27 00:32:35 | 000,115,623 | ---- | C] () -- C:\WINDOWS\System32\datastore.dll
[2004/05/15 18:03:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/20 10:36:02 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\master.dll
[2004/04/09 03:27:23 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Kimmie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/08 18:56:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ump.INI
[2004/04/08 18:55:39 | 000,014,905 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/04/02 21:18:28 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/03/26 08:57:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/26 08:51:25 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/03/26 08:47:28 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/03/26 08:44:39 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/03/26 08:40:14 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/26 08:26:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/03/26 08:25:02 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/26 08:24:56 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/03/26 08:24:56 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/03/26 08:11:52 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/02/03 06:05:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\EPSPTDV.DLL
[2004/01/26 10:28:43 | 000,003,149 | ---- | C] () -- C:\Program Files\Common Files\remove_tools.html
[2003/11/20 15:39:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/09/15 16:41:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2003/09/15 16:41:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2003/09/15 16:36:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/09/15 16:27:04 | 000,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys
[2003/03/10 10:53:56 | 000,000,242 | ---- | C] () -- C:\WINDOWS\System32\sub.dll
[2002/09/03 11:05:08 | 000,249,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 10:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 10:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 10:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 10:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/09/19 08:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2011/06/12 23:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IEService
[2005/03/22 08:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pcsvc
[2010/02/15 11:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2009/09/19 08:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2006/05/12 21:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/13 08:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/22 08:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 08:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/01/21 18:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\acccore
[2006/07/22 18:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Aim
[2009/02/11 06:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\ContentGuard
[2006/06/15 01:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\EPSON
[2005/01/01 05:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\FileMaker
[2011/04/27 20:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\ICAClient
[2011/03/31 17:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Image Zone Express
[2004/04/02 21:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Leadertech
[2004/06/23 22:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Lycos
[2005/07/28 23:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Musicmatch
[2010/02/10 13:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\MyPublisher
[2008/12/23 18:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Netscape
[2005/10/14 22:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\PlayFirst
[2009/07/28 18:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Skinux
[2007/01/04 22:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Snapfish
[2005/11/24 11:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Voxmobili
[2010/10/28 14:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\webex

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2003/08/09 19:36:02 | 000,024,671 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2003/08/09 19:36:02 | 000,024,671 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2003/08/09 19:36:02 | 000,024,671 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2003/08/09 19:36:02 | 000,045,139 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/08/29 07:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape\uninstall\NSUninst.exe" /ua "7.1b1 (en)" /hs browser [2004/07/12 21:11:51 | 000,095,440 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape\Netscp.exe" -silent -nosplash -setDefaultBrowser [2003/06/24 12:09:00 | 000,568,096 | ---- | M] (Mozilla, Netscape)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape\uninstall\NSUninst.exe" /ua "7.1b1 (en)" /ss browser [2004/07/12 21:11:51 | 000,095,440 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Netscp.exe\shell\open\command\\: "C:\Program Files\Netscape\Netscape\Netscp.exe" [2003/06/24 12:09:00 | 000,568,096 | ---- | M] (Mozilla, Netscape)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-23 13:22:21

< End of report >


So far so good with everything (huuuuge thanks to you!)... except an annyoing gmail scrolling problemo but that's all gmail! I just had to vent a little. :)

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:39 AM

Posted 13 June 2011 - 11:15 AM

Hi!

Please go to Add/Remove Programs and remove: McAfee Security Scan


Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 FunnEGirl

FunnEGirl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 14 June 2011 - 05:52 AM

My last report (yay!!!):

========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.23.0 log created on 06142011_063326

Thank you sooooo so so much for all your help ST!!! I am more grateful than you know... I will check out all your suggestions and try to keep virus and malware free. You rock! You really do. Thank you.

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:39 AM

Posted 14 June 2011 - 12:32 PM

You're more than welcome! I'm glad that we were able to work together to solve the issues you were experiencing with your computer.

Please take care!

Kindest Regards,
SweetTech.

____________________________________________________

Since it appears that the issues you were experiencing with your computer have been resolved, I am going to close this thread. If you should need the thread re-opened please send me a Private Message (PM) with a request to re-open the thread, as well as the link to the thread in question, and I'd be happy to re-open the thread.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users