Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected computer


  • This topic is locked This topic is locked
10 replies to this topic

#1 jwhite73

jwhite73

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 14 July 2011 - 03:07 PM

Here are the files that I was instructed to post, I hope this is what you need...



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-07-14.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/16/2008 4:54:55 PM
System Uptime: 7/14/2011 11:58:25 AM (1 hours ago)
.
Motherboard: Intel Corporation | | DQ965GF
Processor: Intel® Core™2 Duo CPU E4700 @ 2.60GHz | LGA 775 | 2597/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 4.437 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP831: 3/27/2011 5:01:58 AM - System Checkpoint
RP832: 3/28/2011 4:07:12 PM - System Checkpoint
RP833: 3/30/2011 1:49:27 PM - System Checkpoint
RP834: 4/1/2011 11:15:28 PM - Restore Operation
RP835: 4/3/2011 5:01:00 PM - System Checkpoint
RP836: 4/4/2011 5:10:13 PM - System Checkpoint
RP837: 4/10/2011 4:55:27 PM - Installed Philips Device Manager
RP838: 4/18/2011 11:01:58 PM - Restore Operation
RP839: 4/20/2011 11:11:25 PM - System Checkpoint
RP840: 4/22/2011 4:50:53 PM - System Checkpoint
RP841: 4/23/2011 5:04:41 PM - System Checkpoint
RP842: 4/24/2011 5:56:10 PM - System Checkpoint
RP843: 4/26/2011 11:31:25 PM - System Checkpoint
RP844: 4/28/2011 9:25:11 AM - System Checkpoint
RP845: 4/29/2011 11:03:18 AM - System Checkpoint
RP846: 4/30/2011 2:44:03 PM - System Checkpoint
RP847: 5/3/2011 5:41:54 PM - System Checkpoint
RP848: 5/4/2011 11:48:35 PM - System Checkpoint
RP849: 5/10/2011 3:26:29 PM - System Checkpoint
RP850: 5/13/2011 5:39:26 PM - System Checkpoint
RP851: 5/16/2011 12:42:58 PM - System Checkpoint
RP852: 5/17/2011 2:03:40 PM - System Checkpoint
RP853: 5/19/2011 2:23:20 AM - System Checkpoint
RP854: 6/24/2011 6:54:16 AM - System Checkpoint
RP855: 5/24/2011 12:15:42 PM - System Checkpoint
RP856: 5/25/2011 7:59:58 PM - System Checkpoint
RP857: 5/27/2011 7:09:06 AM - System Checkpoint
RP858: 6/1/2011 12:36:06 PM - System Checkpoint
RP859: 6/11/2011 8:35:57 PM - System Checkpoint
RP860: 6/13/2011 1:39:43 PM - System Checkpoint
RP861: 6/18/2011 3:55:41 AM - Restore Operation
RP862: 7/14/2011 6:42:23 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
2Wire Wireless Client
3100_3200_3300_Help
3100_3200_3300trb
3200
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
AiO_Scan_CDA
AiOSoftwareNPI
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Browser Defender 3.0
BufferChm
ccCommon
Component Framework
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DivX Setup
DocProc
DocumentViewer
DocumentViewerQFolder
DVD Suite
DynamicMedia
eSupportQFolder
Facebook Plug-In
Fax_CDA
ffdshow [rev 2844] [2009-03-30]
FIXIO PC Cleaner
FullDPAppQFolder
Google Chrome
Google Earth Plug-in
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
hp instant support
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 5.3.A
hp psc 1200 series
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
InstantShareDevices
Intel Audio Studio 2.0
Intel® Active Management Technology LMS Service and SOL Driver
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® PRO Network Connections 11.2.0.69
Intertech DVD Converter v2.1 - Trial Version
iTunes
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 3
Linksys EasyLink Advisor
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 10
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Pro 10
Microsoft Digital Image Suite 10
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox 4.0.1 (x86 en-US)
MSN Toolbar
Nero 7 Essentials
NewCopy_CDA
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton Protection Center
Norton Security Scan
PanoStandAlone
Philips Device Manager
PhotoGallery
PowerDVD
ProductContextNPI
Pure Networks Platform
QuickTime
RandMap
Readme
Reimage Repair
Roxio Drag-to-Disc
Roxio Easy CD and DVD Burning
Safari
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
SkinsHP1
SolutionCenter
Sonic_PrimoSDK
SPBBC 32bit
Spybot - Search & Destroy
Spyware Doctor 8.0
Status
Symantec Real Time Storage Protection Component
SymNet
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
VLC media player 1.0.1
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
7/9/2011 5:49:06 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
7/9/2011 5:48:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
7/9/2011 5:48:22 PM, error: Service Control Manager [7023] - The iPod Service service terminated with the following error: The class is configured to run as a security id different from the caller
7/9/2011 5:47:53 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/9/2011 5:47:53 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/9/2011 5:47:48 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
7/9/2011 5:37:08 PM, error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
7/9/2011 5:37:08 PM, error: Service Control Manager [7022] - The Pure Networks Platform Service service hung on starting.
7/9/2011 5:10:50 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.605.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/9/2011 10:09:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
7/9/2011 10:09:46 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/9/2011 10:09:15 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
7/9/2011 1:33:01 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
7/9/2011 1:26:46 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
7/9/2011 1:26:46 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Browser Defender Update Service service.
7/8/2011 5:07:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb eeCtrl Fips intelppm MpFilter SPBBCDrv SRTSP SRTSPX ssmdrv SYMTDI
7/8/2011 3:05:05 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.605.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/7/2011 11:36:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/7/2011 11:15:29 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.998.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/14/2011 6:09:00 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.1407.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/14/2011 6:08:04 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001CC04E30EC. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
7/14/2011 5:46:05 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.1407.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/14/2011 11:49:49 AM, error: atapi [9] - The device, \Device\Ide\IdePort7, did not respond within the timeout period.
7/14/2011 10:28:19 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Linksys Updater service to connect.
7/14/2011 10:28:19 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
7/14/2011 10:28:19 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
7/14/2011 10:28:19 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/14/2011 10:28:19 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/13/2011 9:26:38 AM, error: Service Control Manager [7034] - The Help and Support service terminated unexpectedly. It has done this 3 time(s).
7/13/2011 5:23:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb eeCtrl Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT pctgntdi RasAcd Rdbss SPBBCDrv SRTSP SRTSPX ssmdrv SYMTDI Tcpip WS2IFSL
7/13/2011 5:12:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb eeCtrl Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT ohci1394 pctgntdi RasAcd Rdbss SPBBCDrv SRTSP SRTSPX ssmdrv SYMTDI Tcpip WS2IFSL
7/13/2011 5:12:49 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/13/2011 5:12:49 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/13/2011 5:12:49 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/13/2011 5:12:49 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/13/2011 5:12:49 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/13/2011 5:08:20 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 5:08:01 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
7/13/2011 2:44:07 PM, error: Service Control Manager [7034] - The Help and Support service terminated unexpectedly. It has done this 4 time(s).
7/12/2011 9:02:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
7/12/2011 9:00:58 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Pml Driver HPZ12 service.
7/12/2011 5:41:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
7/12/2011 5:41:13 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/12/2011 5:35:30 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.1407.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/12/2011 5:32:30 PM, error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
7/12/2011 5:32:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
7/12/2011 5:32:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service to connect.
7/12/2011 5:32:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pure Networks Platform Service service to connect.
7/12/2011 5:32:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
7/12/2011 5:32:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Bluetooth Services service to connect.
7/12/2011 5:32:30 PM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/12/2011 5:32:30 PM, error: Service Control Manager [7000] - The Pure Networks Platform Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/12/2011 5:32:30 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/12/2011 5:32:30 PM, error: Service Control Manager [7000] - The Bluetooth Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/11/2011 8:28:17 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
7/11/2011 6:28:56 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.1407.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/11/2011 12:57:45 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/11/2011 12:57:41 PM, error: Service Control Manager [7023] - The Cryptographic Services service terminated with the following error: Not enough storage is available to process this command.
7/10/2011 8:05:23 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
7/10/2011 8:05:23 PM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
7/10/2011 7:34:48 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
7/10/2011 6:33:57 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.1407.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/10/2011 6:25:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb eeCtrl Fips intelppm MpFilter SPBBCDrv SRTSP SRTSPX ssmdrv SYMTDI TfFsMon TFSysMon
7/10/2011 6:25:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/10/2011 4:53:28 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/10/2011 2:18:06 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
7/10/2011 10:32:15 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================


DDS (Ver_2011-07-14.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Jerry at 12:00:39 on 2011-07-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2022.1648 [GMT -5:00]
.
AV: Norton AntiVirus *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://www.live.com/
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
dURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\common files\symantec shared\ids\IPSBHO.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\jerry\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [atchk] <no file>
dRun: [YDZ1QVAGOJ] c:\windows\temp\Tky.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
dRunOnce: [qrsniam] c:\docume~1\locals~1\locals~1\applic~1\qrsniam.exe
StartupFolder: c:\docume~1\jerry\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - ?s=100000341&p=GRfox000&si=&a=hyJ7kh9LNjMeRqG.f04ecw&n=2010071102
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B234E3AF-DDCC-4BE8-B83F-09955E8F25D0} : DHCPNameServer = 192.168.1.254
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
IFEO: Your Image File Name Here without a path - ntsd -d
Hosts: 184.95.59.212 search.yahoo.com
Hosts: 184.95.59.212 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jerry\application data\mozilla\firefox\profiles\eimcvl2z.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jerry\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\jerry\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\jerry\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-21 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-21 338880]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-4-21 251560]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-7-9 51984]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-7-9 69392]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-7 11608]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
S1 MpKsl2094a53a;MpKsl2094a53a;\??\c:\windows\system32\mpenginestore\mpksl2094a53a.sys --> c:\windows\system32\mpenginestore\MpKsl2094a53a.sys [?]
S1 MpKsl4460ca93;MpKsl4460ca93;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7eb53f5b-c1b1-4cfc-9f49-6364012a17db}\mpksl4460ca93.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7eb53f5b-c1b1-4cfc-9f49-6364012a17db}\MpKsl4460ca93.sys [?]
S1 MpKsl80f2e352;MpKsl80f2e352;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\MpKsl80f2e352.sys [2011-7-14 28752]
S1 MpKsl8439245f;MpKsl8439245f;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\MpKsl8439245f.sys [2011-7-14 28752]
S1 MpKsl8b873873;MpKsl8b873873;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\MpKsl8b873873.sys [2011-7-14 28752]
S1 MpKslafbf4801;MpKslafbf4801;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\MpKslafbf4801.sys [2011-7-9 28752]
S1 MpKslb35ce639;MpKslb35ce639;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\MpKslb35ce639.sys [2011-7-9 28752]
S1 MpKslc47885b6;MpKslc47885b6;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\MpKslc47885b6.sys [2011-7-12 28752]
S1 MpKslf099fe23;MpKslf099fe23;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\mpkslf099fe23.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\MpKslf099fe23.sys [?]
S1 MpKslf2281433;MpKslf2281433;\??\c:\windows\system32\mpenginestore\mpkslf2281433.sys --> c:\windows\system32\mpenginestore\MpKslf2281433.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-7 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-7 269480]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-7 61960]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-7-9 247760]
S2 btwdlns;Bluetooth Services;c:\windows\system32\svchost.exe -k bthsvc [2008-4-14 14336]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
S2 FIXIO PC Cleaner Service;FIXIO PC Cleaner Service;c:\program files\fixio pc utilities\fixio pc cleaner\FIXIO PC Cleaner Service.exe [2010-12-8 191600]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-25 136176]
S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-4-21 366840]
S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-4-21 1150936]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-15 101936]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-25 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090315.020\NAVENG.SYS [2009-3-15 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090315.020\NAVEX15.SYS [2009-3-15 876144]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-4-21 70536]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-9-17 1251720]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-7-9 33552]
S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2011-07-14 15:35:50 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\MpKsl80f2e352.sys
2011-07-14 15:14:09 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\MpKsl8b873873.sys
2011-07-14 11:43:02 388096 ----a-r- c:\documents and settings\jerry\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-14 11:42:26 -------- d-----w- c:\program files\Trend Micro
2011-07-14 11:33:41 -------- d-----w- C:\rei
2011-07-14 11:32:54 -------- d-----w- c:\program files\Reimage
2011-07-14 10:58:55 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\MpKsl8439245f.sys
2011-07-12 22:25:08 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\MpKslc47885b6.sys
2011-07-10 02:59:40 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\MpKslafbf4801.sys
2011-07-09 22:29:57 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\MpKslb35ce639.sys
2011-07-09 15:35:00 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-07-09 15:34:58 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-07-09 15:34:58 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-07-09 15:11:52 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-09 15:11:52 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-07-09 15:11:52 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-07-09 15:11:52 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-09 10:11:23 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2cd57206-9eb6-41a6-a85d-91a48f19fa26}\mpengine.dll
2011-07-04 16:16:12 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-06-26 05:03:16 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-26 05:03:16 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-25 09:23:28 34816 ----a-w- c:\windows\system32\btwdiw32.dll
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800AAJS-00PSA0 rev.05.06H05 -> Harddisk0\DR0 -> \Device\Ide\IdePort7 P7T0L0-1a
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8A68A439]<<
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a6907d0]; MOV EAX, [0x8a69084c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A65DAB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A6D0AC0]
5 PCTCore[0xF7462099] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000087[0x8A6F8498]
7 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A71A338]
\Driver\atapi[0x8A6C54A8] -> IRP_MJ_CREATE -> 0x8A68A439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP7T0L0-1a -> \??\IDE#DiskWDC_WD800AAJS-00PSA0____________________05.06H05#5&2f05dd58&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A68A27F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:02:20.10 ===============


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-14 14:46:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort7 WDC_WD800AAJS-00PSA0 rev.05.06H05
Running: gmer.exe; Driver: C:\DOCUME~1\Jerry\LOCALS~1\Temp\kfrdafow.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF74806E6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF745EF68]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF745F230]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF74810A0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF748142A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF747F924]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF748196E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF7480AA4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF745E9D8]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 47A 804E4CD4 4 Bytes JMP C9B5441E

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[364] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[364] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[364] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00ED000A
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EE000A
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00EC000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A68A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A68A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A68A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A68A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-7 8A68A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8A68A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8A68A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort6 8A68A27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort7 8A68A27F

AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Device\Ide\IdeDeviceP7T0L0-1a -> \??\IDE#DiskWDC_WD800AAJS-00PSA0____________________05.06H05#5&2f05dd58&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\system@fastclick[3].txt 984 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA5Z18R8.txt 1076 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAYQEDGV.txt 166 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@xmladfeed[7].txt 1506 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[3].txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA86YF7Y.txt 2134 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA88BLN1.txt 585 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAOP6YOG.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAC9GLF9.txt 482 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAQ17KH3.txt 266 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA77UC94.txt 346 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CATM33BZ.txt 891 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAEPV0WX.txt 111 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@194.11.16[8].txt 70 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@redz[4].txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAK4U8XZ.txt 2126 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA2CLJBV.txt 106 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAUDUCPT.txt 205 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAIP66B4.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAPB3EPC.txt 2948 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAZCBKY2.txt 96 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CABWZT9F.txt 1744 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA22R8MQ.txt 100 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt 896 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA9DMZCO.txt 2321 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA8MEQDI.txt 2119 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAEHIFJK.txt 217 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CALO73SO.txt 99 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA7EF7X9.txt 692 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA7H7VQG.txt 272 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@miva.cinomedia[5].txt 523 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CATG110J.txt 211 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@rightsearch[1].txt 130 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAKJEVJD.txt 400 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAKJMHUP.txt 2171 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAPUQ1PV.txt 558 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA09J0IB.txt 111 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[3].txt 248 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAYTY0RC.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA67CDOL.txt 563 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAV4UL3A.txt 1209 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAV6SFXE.txt 460 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAVAXY2C.txt 236 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA4UBZ9I.txt 1632 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA4UWXC5.txt 1258 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA0NY265.txt 98 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA0QDYM0.txt 262 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[3].txt 451 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA404M70.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@phoenix[1].txt 792 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA3N1Y6Y.txt 968 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA3N60Y3.txt 102 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CARTD62R.txt 2051 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA6TMQSN.txt 2104 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA9MENIG.txt 2457 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAGCZINE.txt 131 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAGGMFVN.txt 260 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAR8OF6R.txt 714 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA5FPJOF.txt 209 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAU5M1HR.txt 83 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAIK4A0D.txt 155 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAHYEDZN.txt 106 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAQORDH2.txt 6371 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA5VN20X.txt 305 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAVMOZZQ.txt 1533 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAYJ3NQF.txt 2125 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAMX1T4J.txt 103 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA15D6UU.txt 1751 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA17VZP1.txt 126 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAZ2LHO9.txt 325 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@allstate[2].txt 111 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@d.psa-ads.openx[5].txt 112 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAOLTG0D.txt 655 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAIYUW8L.txt 101 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@ziffdavis.demdex[8].txt 363 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAQ9KT50.txt 589 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAPHGWFA.txt 1533 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAPINAF0.txt 6371 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CANWH0S9.txt 348 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAXWR8CN.txt 88 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@burstbeacon[1].txt 89 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA6F2M14.txt 113 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@acuityplatform[9].txt 86 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@www.metacafe[2].txt 94 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CA0EZO1J.txt 201 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAX8TJVQ.txt 397 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAEWPFNU.txt 2243 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAE1KNH3.txt 672 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAE23S45.txt 248 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@CAAAYKXJ.txt 87 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\look-you-you-have-baby-bar[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\103-180x130[1].jpg 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\1051941247001[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\aamsz=160x600[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\aamsz=728x90[5] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\1967171762@Top1[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\sharethis[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\smartmomstylelogo1[1].png 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\uat_5851[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\WFApi[1].swf 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\widget[1].png 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\layout[1].css 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\071411_an_budget2_640[1].jpg 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\66285778[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\ewtrack_onload[2].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\EWTRACK_TIME[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5EHCRE2N\dcl_teens[1].jpg 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ASMHNP2O\tpas1[1].aspx 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ASMHNP2O\logCATEKQ27.txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ASMHNP2O\logCAU0UT3F.txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ASMHNP2O\no[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ASMHNP2O\159_152_crop_resize[2].jpg 4779 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ASMHNP2O\159_152_crop_resize[3].jpg 4507 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ASMHNP2O\1625954366[1] 326 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ASMHNP2O\contest_searchlight_mike_05_full[1].jpg 13848 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ASMHNP2O\contest_searchlight_pitch_04_full[1].jpg 12300 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ASMHNP2O\tntwo[1].php 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ASMHNP2O\player[1].adcall 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BUUJJ94A\TC633_Pet_Projects_Banner_160_V5[1].swf 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BUUJJ94A\xd_receiver[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BUUJJ94A\logCA4Z3ZVO.txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BUUJJ94A\adservercontinuation[1].aspx 12608 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BUUJJ94A\nl_survey_070611_feature[1].jpg 10204 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BUUJJ94A\ajs[5].php 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BUUJJ94A\click[3].act 8306 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BUUJJ94A\click[4].here 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BUUJJ94A\1625954366[1] 326 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BUUJJ94A\ttj[1] 13 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BUUJJ94A\adsCADJAG1S 660 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BUUJJ94A\thumb[10].png 9061 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXWA9W0G\click[4].htm 5929 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXWA9W0G\ttj[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXWA9W0G\like[1].php 5968 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXWA9W0G\like[2].php 6072 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXWA9W0G\pixel!t=650![1].gif 43 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BXWA9W0G\p_25971_128_72[1].jpg 3793 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TVNPR9LC\rss[1].txt 3330 bytes

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by jwhite73, 14 July 2011 - 07:35 PM.


BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:06:58 PM

Posted 21 July 2011 - 12:29 PM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Next, please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs and the RKU log. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#3 jwhite73

jwhite73
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 25 July 2011 - 08:09 PM

OTL Extras logfile created on: 7/25/2011 7:00:30 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Jerry\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 68.12% Memory free
3.83 Gb Paging File | 3.02 Gb Available in Paging File | 78.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 3.87 Gb Free Space | 5.20% Space Free | Partition Type: NTFS
Drive D: | 182.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.89 Gb Total Space | 1.16 Gb Free Space | 61.29% Space Free | Partition Type: FAT

Computer Name: JERRY-D6F6AD9CA | User Name: Jerry | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1708537768-436374069-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{1330F885-F8E4-4c36-9B88-E19F82042C06}" = 3100_3200_3300trb
"{15009743-820D-45BB-8EE8-142C927FAED1}" = SymNet
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.0.69
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{2B65C841-EC48-4087-8021-6DBB9C1DE5E6}" = 3200
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{34ACF0AB-D649-47DC-A90C-6DF34C270D78}" = Intel Audio Studio 2.0
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}" = Philips Device Manager
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3F262ADC-5AD2-48E5-A586-44315E04A9E9}" = Microsoft Digital Image Library 10
"{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Digital Image Pro 10
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6599091B-D42D-4765-ABC3-8B25E844C746}" = Roxio Easy CD and DVD Burning
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6710FE30-27F7-492B-A660-D31D4A898A43}" = MSN Toolbar
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-46



RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF1AE000 C:\WINDOWS\System32\igxpdx32.DLL 2306048 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04D000 C:\WINDOWS\System32\igxpdv32.DLL 1445888 bytes (Intel Corporation, Component GHAL Driver)
0xB6E04000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 1183744 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA2749000 C:\WINDOWS\system32\drivers\sthda.sys 1130496 bytes (SigmaTel, Inc., NDRC)
0x993D1000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090315.020\NAVEX15.SYS 872448 bytes (Symantec Corporation, AV Engine)
0xB9D79000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x990F6000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x99191000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 458752 bytes (Symantec Corporation, SPBBC Driver)
0x99098000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB6C84000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0x99330000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x97FD0000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB9E6B000 pctDS.sys 356352 bytes (PC Tools, PC Tools Data Store)
0x9CA4E000 C:\WINDOWS\System32\Drivers\SRTSP.SYS 299008 bytes (Symantec Corporation, Symantec AutoProtect)
0xBF3E1000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9924B000 C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20090310.004\SymIDSCo.sys 270336 bytes (Symantec Corporation, IDS Core Driver)
0x951B7000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB6DB0000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 262144 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xB9EC2000 PCTCore.sys 249856 bytes (PC Tools, PC Tools KDS Core Driver)
0x992F4000 C:\WINDOWS\system32\drivers\pctgntdi.sys 245760 bytes (PC Tools, PC Tools Generic TDI Driver)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x98CB1000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D4C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x992C8000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 180224 bytes (Symantec Corporation, Network Dispatch Driver)
0x97ACC000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x99166000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 167936 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB6D64000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x99223000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA1245000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x99055000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x992A3000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x99031000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA2725000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB6D8C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB6D41000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB6D0A000 C:\WINDOWS\system32\drivers\windrvr6.sys 143360 bytes (Jungo, WinDriver Device Driver 6.03)
0x99201000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9F48000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F29000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0x9907B000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB9D32000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F11000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0x98FDB000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0x99008000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0x98FAE000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0xB9E54000 DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver)
0xB9E19000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB6CF3000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x98FC5000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0x9928D000 C:\WINDOWS\System32\Drivers\SYMFW.SYS 90112 bytes (Symantec Corporation, Firewall Filter Driver)
0x98FF3000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0x993BC000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090315.020\NAVENG.SYS 86016 bytes (Symantec Corporation, AV Engine)
0x98C24000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB6D2D000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB6DF0000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x99389000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9E41000 TfSysMon.sys 77824 bytes (PC Tools, ThreatFire System Monitor)
0xB9E06000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9EFF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB6CE2000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB9E30000 TfFsMon.sys 69632 bytes (PC Tools, ThreatFire Filesystem Monitor)
0x99020000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x94D8E000 C:\WINDOWS\system32\drivers\pctplsg.sys 65536 bytes (PC Tools, PC Tools SG Plugin Driver)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0x99883000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xA56D8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB7425000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA5758000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA308000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x97E71000 C:\WINDOWS\system32\drivers\TfNetMon.sys 49152 bytes (PC Tools, ThreatFire Network Monitor)
0x99D47000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0x9D391000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA298000 C:\WINDOWS\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel® Management Engine Interface)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA318000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xA5537000 C:\WINDOWS\system32\drivers\sfng32.sys 45056 bytes (Sonic Focus, Inc, SFNG32.SYS)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA168000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA5A8B000 C:\WINDOWS\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xBA158000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x9510F000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0x9D401000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA288000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0x99813000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x950DF000 C:\Program Files\PC Tools Security\PCTSDInj32.sys 36864 bytes (PC Tools, UM Injection Driver)
0x99D07000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x996F5000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0x9DB24000 C:\WINDOWS\System32\Drivers\SYMIDS.SYS 32768 bytes (Symantec Corporation, IDS Filter Driver)
0xA4F72000 C:\WINDOWS\System32\Drivers\SYMNDIS.SYS 32768 bytes (Symantec Corporation, NDIS Filter Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA465A000 C:\WINDOWS\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xA4652000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xA140D000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xA4F4A000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA1455000 C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB758C000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0x9CCA3000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{823691C0-F32F-4DB2-9428-FFB7120A62E6}\MpKsl9126ec5c.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xA467A000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{823691C0-F32F-4DB2-9428-FFB7120A62E6}\MpKsl9865500e.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x9DB04000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xB7584000 C:\WINDOWS\system32\DRIVERS\SymIM.sys 24576 bytes (Symantec Corporation, NDIS Intermediate Driver)
0xBA338000 symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA143D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA4662000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0x996FD000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xA1445000 C:\WINDOWS\system32\DRIVERS\pnarp.sys 20480 bytes (Pure Networks, Inc., Address Resolution Protocol Driver)
0xB759C000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA480000 C:\WINDOWS\system32\DRIVERS\purendis.sys 20480 bytes (Pure Networks, Inc., NDIS Relay Driver)
0xB7594000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB75A4000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA408000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0x98F2A000 C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xBA580000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x98F1E000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA574000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0x999F3000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 16384 bytes (Symantec Corporation, Redirector Filter Driver)
0xBA4BC000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA5422000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA0C87000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8A5FD000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xA0C83000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA57C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9A7BC000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x999EB000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA5AA000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xBA640000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA622000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0xBA666000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0xBA5E6000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA63C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA642000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5C6000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA644000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA624000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA65A000 C:\WINDOWS\System32\Drivers\SYMDNS.SYS 8192 bytes (Symantec Corporation, DNS Filter Driver)
0xBA646000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5A8000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6C9000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6EC000 C:\WINDOWS\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
0xBA73C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7BF000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8A68F27F ?_empty_? 3457 bytes



OTL logfile created on: 7/25/2011 7:00:30 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Jerry\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 68.12% Memory free
3.83 Gb Paging File | 3.02 Gb Available in Paging File | 78.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 3.87 Gb Free Space | 5.20% Space Free | Partition Type: NTFS
Drive D: | 182.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.89 Gb Total Space | 1.16 Gb Free Space | 61.29% Space Free | Partition Type: FAT

Computer Name: JERRY-D6F6AD9CA | User Name: Jerry | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/25 18:53:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\My Documents\Downloads\OTL.exe
PRC - [2011/06/26 00:03:16 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/07/25 18:53:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (btwdlns)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/12/08 18:35:22 | 000,191,600 | ---- | M] (LULU software) [Auto | Stopped] -- C:\Program Files\FIXIO PC Utilities\FIXIO PC Cleaner\FIXIO PC Cleaner Service.exe -- (FIXIO PC Cleaner Service)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/17 16:33:53 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/04/18 04:30:42 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/08/23 15:35:30 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 15:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/05 07:20:46 | 000,179,016 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®
SRV - [2007/01/05 07:20:46 | 000,098,304 | R--- | M] (Intel) [Auto | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/29 11:50:00 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/12/31 09:36:40 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2010/12/31 09:36:38 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 09:36:36 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/25 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/25 04:00:00 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 12:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/02/19 04:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090315.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/02/19 04:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090315.020\NAVENG.SYS -- (NAVENG)
DRV - [2009/01/15 18:22:07 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/12 02:33:21 | 000,250,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090310.004\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2008/09/05 14:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/09 01:14:04 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/09 01:14:00 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/01/05 07:20:45 | 000,044,416 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/01/05 07:20:25 | 001,178,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/05 07:20:24 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2006/12/02 13:19:30 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/11/01 09:59:36 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/11/01 09:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/11/01 09:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/11/01 09:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/11/01 09:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/11/01 09:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/11/01 09:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/11/01 09:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/09/15 10:45:24 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/09/15 10:45:22 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/08/10 01:17:58 | 000,256,568 | R--- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2002/09/10 20:42:00 | 000,024,808 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1708537768-436374069-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-1708537768-436374069-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com/
IE - HKU\S-1-5-21-1708537768-436374069-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-1708537768-436374069-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-1708537768-436374069-682003330-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-1708537768-436374069-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.netassistant.keyword.enabled: false
FF - prefs.js..extensions.netassistant.keyword.original: "http://search.myheritage.com/?orig=ds&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Jerry\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Jerry\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{fce8417d-ef18-11dd-845c-000c6e211f50}: C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\eimcvl2z.default\extensions\ [2011/07/02 06:01:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/22 16:21:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/22 16:21:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/07/09 10:11:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/26 00:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/14 07:01:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{fce8417d-ef18-11dd-845c-000c6e211f50}: C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\eimcvl2z.default\extensions\ [2011/07/02 06:01:18 | 000,000,000 | ---D | M]

[2010/03/27 21:57:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerry\Application Data\Mozilla\Extensions
[2010/03/27 21:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerry\Application Data\Mozilla\Extensions\{fce8417d-ef18-11dd-845c-000c6e211f50}
[2011/07/02 06:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\eimcvl2z.default\extensions
[2010/08/02 05:33:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\eimcvl2z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/24 21:27:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\eimcvl2z.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/13 06:09:45 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\eimcvl2z.default\searchplugins\askcom.xml
[2010/07/31 20:52:12 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\eimcvl2z.default\searchplugins\mywebsearch.xml
[2011/05/14 07:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 19:27:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIMCVL2Z.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2008/12/03 17:10:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/26 00:03:16 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/02/02 22:45:32 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2011/06/30 17:50:52 | 000,000,888 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 184.95.59.212 search.yahoo.com
O1 - Hosts: 184.95.59.212 www.bing.com
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1708537768-436374069-682003330-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1708537768-436374069-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O3 - HKU\S-1-5-21-1708537768-436374069-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1708537768-436374069-682003330-1004\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [atchk] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton AntiVirus\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PhilipsDM] C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe (Koninklijke Philips Electronics N.V.)
O4 - HKLM..\Run: [PRISMSVR.EXE] File not found
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SigmatelSysTrayApp] File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [YDZ1QVAGOJ] File not found
O4 - HKU\S-1-5-18..\Run: [YDZ1QVAGOJ] File not found
O4 - HKU\S-1-5-21-1708537768-436374069-682003330-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1708537768-436374069-682003330-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [qrsniam] File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [qrsniam] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-436374069-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-1708537768-436374069-682003330-1004\..Trusted Domains: att.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-436374069-682003330-1004\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-436374069-682003330-1004\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-436374069-682003330-1004\..Trusted Domains: sbcglobal.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-436374069-682003330-1004\..Trusted Domains: sbcglobal.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-436374069-682003330-1004\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-436374069-682003330-1004\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-436374069-682003330-1004\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1708537768-436374069-682003330-1004\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mpix.com/customer/uploading/activex/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.mpix.com/customer/uploading/activex/ImageUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/16 16:53:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1708537768-436374069-682003330-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 02:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/07/14 06:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry\Start Menu\Programs\HiJackThis
[2011/07/14 06:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/14 06:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair
[2011/07/14 06:33:41 | 000,000,000 | ---D | C] -- C:\rei
[2011/07/14 06:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/07/09 10:35:00 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/07/09 10:34:58 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/07/09 10:34:58 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/07/09 10:11:52 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/07/09 10:11:52 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/07/09 10:11:52 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/24 23:16:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/24 22:07:23 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Jerry\Desktop\Microsoft Calculator Plus (2).lnk
[2011/07/24 02:26:17 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/21 11:27:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/21 08:17:26 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-436374069-682003330-1004UA.job
[2011/07/21 07:24:22 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Jerry\Desktop\Google Chrome.lnk
[2011/07/21 07:24:22 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/21 06:41:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc23c4d5206159.job
[2011/07/21 06:40:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/15 16:03:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/14 11:36:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jerry\defogger_reenable
[2011/07/14 10:01:32 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Jerry\Desktop\HiJackThis.lnk
[2011/07/14 06:36:02 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/07/14 06:35:50 | 000,000,232 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/07/14 06:33:47 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
[2011/07/09 23:17:28 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-436374069-682003330-1004Core.job
[2011/07/09 17:22:52 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Jerry.job
[2011/07/09 15:26:02 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Jessica.job
[2011/07/07 11:37:49 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jerry\Desktop\Microsoft Office Word 2007.lnk
[2011/07/07 04:49:11 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Jerry\Desktop\Microsoft Calculator Plus.lnk
[2011/06/30 17:50:52 | 000,000,888 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/27 21:23:35 | 000,230,695 | ---- | M] () -- C:\Documents and Settings\Jerry\My Documents\bipolar pamplet.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/14 11:36:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jerry\defogger_reenable
[2011/07/14 08:20:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/14 06:42:58 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Jerry\Desktop\HiJackThis.lnk
[2011/07/14 06:35:57 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/07/14 06:35:48 | 000,000,232 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/07/14 06:33:47 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
[2011/07/09 10:11:52 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/07/09 10:11:52 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/07/09 10:11:52 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/07/09 10:11:52 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/07/09 10:11:52 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/06/27 21:23:35 | 000,230,695 | ---- | C] () -- C:\Documents and Settings\Jerry\My Documents\bipolar pamplet.pdf
[2011/06/25 04:23:28 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\btwdiw32.dll
[2011/05/03 22:58:10 | 000,001,308 | -HS- | C] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\418mf7m854b2555tx5l364qmr36ndl0y4jq6
[2011/05/03 22:58:10 | 000,001,308 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\418mf7m854b2555tx5l364qmr36ndl0y4jq6
[2011/04/18 20:45:46 | 000,012,668 | -HS- | C] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\4o8dd5y80jo00c4a2tdod0i741466er6s8n6h8pv7n
[2011/04/18 20:45:46 | 000,012,668 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4o8dd5y80jo00c4a2tdod0i741466er6s8n6h8pv7n
[2010/12/31 13:24:16 | 000,060,812 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/26 18:24:26 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/26 21:40:51 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/12/26 21:40:51 | 000,000,721 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/24 18:19:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/17 00:13:01 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/13 11:51:36 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/21 06:54:51 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/10/21 06:54:39 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/10/21 06:50:27 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2008/10/21 06:50:09 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2008/10/21 06:27:20 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2008/10/21 06:26:22 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/09/19 22:03:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Jerry\Local Settings\Application Data\fusioncache.dat
[2008/09/19 21:38:42 | 000,088,450 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
[2008/09/19 21:38:42 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
[2008/09/19 21:38:33 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/09/19 21:23:23 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2008/09/19 21:23:23 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2008/09/19 17:35:59 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2008/09/19 17:35:59 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2008/09/19 16:43:48 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/09/17 09:04:39 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2008/09/17 09:04:38 | 000,447,120 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/09/16 23:46:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/16 23:44:58 | 000,283,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/16 16:54:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/16 16:51:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,441,014 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,071,206 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/01/17 12:57:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/12/14 00:01:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/12/14 00:01:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >

Edited by jwhite73, 26 July 2011 - 12:25 PM.


#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:06:58 PM

Posted 26 July 2011 - 07:17 AM

Hi-

Don't forget the other OTL report - OTL.txt and the RKU report.
Shannon

#5 jwhite73

jwhite73
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 26 July 2011 - 12:28 PM

Sorry, Shannon. I edited my post to include them, I thought I had put them on there before. Since I wasn't in "safe mode" my computer was slow and sometimes unresponsive. That made it difficult to know what I actually accomplished. I should have checked it. Thanks for your help!

#6 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:06:58 PM

Posted 26 July 2011 - 01:28 PM

Hi-

Thank you for the logs. They did show some problems and one was a backdoor trojan. A backdoor trojan allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to continue with the cleanup -

First, please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.8.0) from Kaspersky's website.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.

    To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.

  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. C:\TDSSKiller.2.5.0_23.07.2010_15.31.43_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Next, download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your reply, copy in the contents of the TDSSKiller report and the ComboFix report. How is your computer running now?
Shannon

#7 jwhite73

jwhite73
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 26 July 2011 - 09:01 PM

2011/07/26 19:01:46.0546 1524 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/26 19:01:46.0968 1524 ================================================================================
2011/07/26 19:01:46.0968 1524 SystemInfo:
2011/07/26 19:01:46.0968 1524
2011/07/26 19:01:46.0968 1524 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/26 19:01:46.0968 1524 Product type: Workstation
2011/07/26 19:01:46.0968 1524 ComputerName: JERRY-D6F6AD9CA
2011/07/26 19:01:46.0968 1524 UserName: Jerry
2011/07/26 19:01:46.0968 1524 Windows directory: C:\WINDOWS
2011/07/26 19:01:46.0968 1524 System windows directory: C:\WINDOWS
2011/07/26 19:01:46.0968 1524 Processor architecture: Intel x86
2011/07/26 19:01:46.0968 1524 Number of processors: 2
2011/07/26 19:01:46.0968 1524 Page size: 0x1000
2011/07/26 19:01:46.0968 1524 Boot type: Safe boot with network
2011/07/26 19:01:46.0968 1524 ================================================================================
2011/07/26 19:01:49.0265 1524 Initialize success
2011/07/26 19:01:53.0187 0616 ================================================================================
2011/07/26 19:01:53.0187 0616 Scan started
2011/07/26 19:01:53.0187 0616 Mode: Manual;
2011/07/26 19:01:53.0187 0616 ================================================================================
2011/07/26 19:01:54.0093 0616 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/26 19:01:54.0140 0616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/26 19:01:54.0203 0616 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/26 19:01:54.0250 0616 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/07/26 19:01:54.0500 0616 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/26 19:01:54.0640 0616 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/26 19:01:54.0687 0616 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/26 19:01:54.0765 0616 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/26 19:01:54.0796 0616 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/26 19:01:54.0937 0616 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/07/26 19:01:54.0984 0616 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/07/26 19:01:55.0031 0616 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/07/26 19:01:55.0062 0616 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/26 19:01:55.0140 0616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/26 19:01:55.0187 0616 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/26 19:01:55.0265 0616 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/26 19:01:55.0312 0616 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/26 19:01:55.0343 0616 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/26 19:01:55.0484 0616 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2011/07/26 19:01:55.0656 0616 DCamUSBSQTECH (12e0a4134d5fd9914b965aa5aaa49e8f) C:\WINDOWS\system32\Drivers\SQcaptur.sys
2011/07/26 19:01:55.0734 0616 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/26 19:01:55.0781 0616 DLABMFSM (ace95725b7d9e12227590f4c2e47707f) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/07/26 19:01:55.0812 0616 DLABOIOM (f872cf678b07a7a415bc78c309c433a8) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/07/26 19:01:55.0828 0616 DLACDBHM (81e0ef6c693da1a98bd863a9fb6ab223) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/07/26 19:01:55.0875 0616 DLADResM (0049cb1260d08b4e28ae28073ab6d6bf) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/07/26 19:01:55.0890 0616 DLAIFS_M (8d74e30d25a962485c4620fbc795c576) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/07/26 19:01:55.0921 0616 DLAOPIOM (d4523b4284191c5824e79a4959cf8103) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/07/26 19:01:55.0953 0616 DLAPoolM (8330839e47287595545d4d4abdea2b18) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/07/26 19:01:55.0984 0616 DLARTL_M (ccd46b2e9de7dde28055008e52d19e62) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/07/26 19:01:56.0000 0616 DLAUDFAM (c1574997b02ed1c1fdde8ef66106ad90) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/07/26 19:01:56.0046 0616 DLAUDF_M (4bbb14b293a9ec274361b0a543c78f80) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/07/26 19:01:56.0109 0616 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/26 19:01:56.0171 0616 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/26 19:01:56.0218 0616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/26 19:01:56.0265 0616 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/26 19:01:56.0375 0616 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/26 19:01:56.0421 0616 DRVMCDB (55f25c7eb606f923fa317ae29a8bd72a) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/07/26 19:01:56.0437 0616 DRVNDDM (8a491bd3f9137ba6aecabb93ff849fcc) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/07/26 19:01:56.0484 0616 e1express (d0e8dd3f56bd8488995f67b80ff51461) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/07/26 19:01:56.0671 0616 eeCtrl (70aeac5d481b2904b40f2173e280b1b5) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/07/26 19:01:56.0703 0616 EraserUtilRebootDrv (00bd6fc4a873d3341dcf9aef2d3c841e) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/07/26 19:01:56.0765 0616 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/26 19:01:56.0812 0616 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/26 19:01:56.0843 0616 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/26 19:01:56.0875 0616 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/26 19:01:56.0921 0616 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/26 19:01:56.0968 0616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/26 19:01:56.0984 0616 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/26 19:01:57.0031 0616 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/26 19:01:57.0062 0616 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/26 19:01:57.0109 0616 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/26 19:01:57.0140 0616 HECI (d0fc694df051bc65946db616f20d1168) C:\WINDOWS\system32\DRIVERS\HECI.sys
2011/07/26 19:01:57.0203 0616 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/26 19:01:57.0281 0616 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/26 19:01:57.0296 0616 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/26 19:01:57.0343 0616 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/26 19:01:57.0390 0616 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/26 19:01:57.0484 0616 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/26 19:01:57.0562 0616 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/07/26 19:01:57.0671 0616 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/26 19:01:57.0781 0616 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/26 19:01:57.0812 0616 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/26 19:01:57.0843 0616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/26 19:01:57.0875 0616 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/26 19:01:57.0921 0616 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/26 19:01:57.0968 0616 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/26 19:01:58.0000 0616 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/26 19:01:58.0046 0616 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/26 19:01:58.0078 0616 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/26 19:01:58.0125 0616 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/26 19:01:58.0156 0616 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/26 19:01:58.0328 0616 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/07/26 19:01:58.0375 0616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/26 19:01:58.0406 0616 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/26 19:01:58.0437 0616 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/26 19:01:58.0484 0616 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/26 19:01:58.0515 0616 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/26 19:01:58.0562 0616 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/07/26 19:01:58.0812 0616 MpKsl9126ec5c (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{823691C0-F32F-4DB2-9428-FFB7120A62E6}\MpKsl9126ec5c.sys
2011/07/26 19:01:58.0859 0616 MpKsl9865500e (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{823691C0-F32F-4DB2-9428-FFB7120A62E6}\MpKsl9865500e.sys
2011/07/26 19:01:59.0015 0616 MpKsld2967d63 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{823691C0-F32F-4DB2-9428-FFB7120A62E6}\MpKsld2967d63.sys
2011/07/26 19:01:59.0156 0616 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/26 19:01:59.0218 0616 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/26 19:01:59.0265 0616 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/26 19:01:59.0312 0616 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/26 19:01:59.0343 0616 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/26 19:01:59.0375 0616 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/26 19:01:59.0421 0616 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/26 19:01:59.0453 0616 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/26 19:01:59.0484 0616 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/26 19:01:59.0515 0616 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/26 19:01:59.0671 0616 NAVENG (494c4ebfee40baaff49492b97abaf18c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090315.020\NAVENG.SYS
2011/07/26 19:01:59.0718 0616 NAVEX15 (f4a95d6d20767a5f1f2b2fed261a1b23) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090315.020\NAVEX15.SYS
2011/07/26 19:01:59.0781 0616 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/26 19:01:59.0828 0616 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/26 19:01:59.0843 0616 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/26 19:01:59.0875 0616 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/26 19:01:59.0906 0616 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/26 19:01:59.0937 0616 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/26 19:01:59.0968 0616 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/26 19:02:00.0000 0616 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/26 19:02:00.0093 0616 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/26 19:02:00.0140 0616 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/26 19:02:00.0187 0616 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/26 19:02:00.0250 0616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/26 19:02:00.0296 0616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/26 19:02:00.0328 0616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/26 19:02:00.0359 0616 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/26 19:02:00.0421 0616 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/26 19:02:00.0437 0616 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/26 19:02:00.0468 0616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/26 19:02:00.0500 0616 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/26 19:02:00.0562 0616 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/26 19:02:00.0609 0616 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/26 19:02:00.0656 0616 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/07/26 19:02:00.0718 0616 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
2011/07/26 19:02:00.0750 0616 pctgntdi (5be722c8c9bba995693c8cd524d83b27) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/07/26 19:02:00.0796 0616 pctplsg (1ea4b41d30f28ff5e186a49b4a1d36d9) C:\WINDOWS\system32\drivers\pctplsg.sys
2011/07/26 19:02:01.0078 0616 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys
2011/07/26 19:02:01.0125 0616 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/26 19:02:01.0156 0616 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/26 19:02:01.0203 0616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/26 19:02:01.0234 0616 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys
2011/07/26 19:02:01.0265 0616 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/26 19:02:01.0437 0616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/26 19:02:01.0484 0616 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/26 19:02:01.0515 0616 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/26 19:02:01.0546 0616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/26 19:02:01.0593 0616 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/26 19:02:01.0640 0616 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/26 19:02:01.0703 0616 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/26 19:02:01.0750 0616 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/26 19:02:01.0875 0616 RxFilter (30aed4a37e8f8bbf41983d4ae3a15df9) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
2011/07/26 19:02:01.0953 0616 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/26 19:02:02.0000 0616 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/26 19:02:02.0046 0616 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/26 19:02:02.0093 0616 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/26 19:02:02.0140 0616 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys
2011/07/26 19:02:02.0218 0616 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/26 19:02:02.0375 0616 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/07/26 19:02:02.0406 0616 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/26 19:02:02.0468 0616 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/26 19:02:02.0500 0616 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2011/07/26 19:02:02.0546 0616 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2011/07/26 19:02:02.0578 0616 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2011/07/26 19:02:02.0640 0616 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/26 19:02:02.0703 0616 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/07/26 19:02:02.0765 0616 STHDA (237ccbfc82b4c98435461972597f29d5) C:\WINDOWS\system32\drivers\sthda.sys
2011/07/26 19:02:02.0859 0616 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/26 19:02:02.0875 0616 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/26 19:02:02.0921 0616 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/26 19:02:03.0031 0616 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2011/07/26 19:02:03.0062 0616 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/07/26 19:02:03.0093 0616 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2011/07/26 19:02:03.0125 0616 SYMIDS (23527b9cd4f7b9e31160e98d340e7e85) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2011/07/26 19:02:03.0234 0616 SYMIDSCO (c87748b4a7541b81c9564ed5b3cf8697) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20090310.004\SymIDSCo.sys
2011/07/26 19:02:03.0265 0616 SymIM (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/07/26 19:02:03.0296 0616 SymIMMP (b54f7959afb4aaf1a8c589b0aa7fde02) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/07/26 19:02:03.0375 0616 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/07/26 19:02:03.0437 0616 SYMNDIS (d605af3a380a83f4a562f1ad3ee19ecd) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2011/07/26 19:02:03.0500 0616 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/07/26 19:02:03.0531 0616 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/07/26 19:02:03.0625 0616 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/26 19:02:03.0687 0616 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/26 19:02:03.0718 0616 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/26 19:02:03.0750 0616 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/26 19:02:03.0796 0616 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/26 19:02:03.0859 0616 TfFsMon (1c7be4e77d42a93e6cd82ef742a50524) C:\WINDOWS\system32\drivers\TfFsMon.sys
2011/07/26 19:02:03.0890 0616 TfNetMon (40d1ad5741204ea83661e1b4d3d0d0c5) C:\WINDOWS\system32\drivers\TfNetMon.sys
2011/07/26 19:02:03.0937 0616 TFSysMon (5d30e224ac2183357cb478b5cb73bd31) C:\WINDOWS\system32\drivers\TfSysMon.sys
2011/07/26 19:02:04.0046 0616 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/26 19:02:04.0125 0616 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/26 19:02:04.0171 0616 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/26 19:02:04.0218 0616 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/26 19:02:04.0250 0616 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/26 19:02:04.0281 0616 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/26 19:02:04.0296 0616 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/26 19:02:04.0437 0616 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/26 19:02:04.0500 0616 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/26 19:02:04.0546 0616 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/26 19:02:04.0562 0616 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/26 19:02:04.0687 0616 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/26 19:02:04.0750 0616 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/26 19:02:04.0843 0616 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/26 19:02:04.0906 0616 WinDriver6 (2c7d830e86b378771af5dafeae428a09) C:\WINDOWS\system32\drivers\windrvr6.sys
2011/07/26 19:02:05.0000 0616 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/26 19:02:05.0078 0616 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/26 19:02:05.0093 0616 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/26 19:02:05.0140 0616 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/26 19:02:05.0234 0616 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/07/26 19:02:05.0234 0616 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/26 19:02:05.0250 0616 Boot (0x1200) (b600cff6ff8773997fd5d7a85b59f3fe) \Device\Harddisk0\DR0\Partition0
2011/07/26 19:02:05.0281 0616 ================================================================================
2011/07/26 19:02:05.0281 0616 Scan finished
2011/07/26 19:02:05.0281 0616 ================================================================================
2011/07/26 19:02:05.0312 0608 Detected object count: 1
2011/07/26 19:02:05.0312 0608 Actual detected object count: 1
2011/07/26 19:02:18.0546 0608 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/26 19:02:18.0562 0608 \Device\Harddisk0\DR0 - ok
2011/07/26 19:02:18.0562 0608 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/26 19:02:24.0421 1448 Deinitialize success





ComboFix 11-07-26.03 - Jerry 07/26/2011 20:10:29.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2022.1662 [GMT -5:00]
Running from: c:\documents and settings\Jerry\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Jerry\Application Data\Adobe\plugs
c:\documents and settings\Jerry\Application Data\Adobe\shed
c:\documents and settings\Jerry\Application Data\Local
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(2).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(10).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(11).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(12).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(13).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(14).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(15).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(16).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(17).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(18).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(19).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(2).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(20).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(21).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(22).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(23).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(24).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(25).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(26).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(27).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(28).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(29).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(3).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(30).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(31).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(32).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(33).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(34).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(35).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(36).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(37).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(38).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(39).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(4).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(40).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(41).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(42).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(43).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(44).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(45).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(46).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(47).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(48).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(49).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(5).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(50).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(51).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(52).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(53).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(54).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(55).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(56).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(57).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(58).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(59).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(6).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(60).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(61).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(62).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(63).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(64).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(65).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(66).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(67).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(68).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(69).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(7).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(70).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(71).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(72).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(73).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(74).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(75).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(76).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(77).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(78).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(79).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(8).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(80).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(81).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(82).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(83).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(84).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(85).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(86).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3)(9).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2)(3).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\(2).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\.ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(2).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(10).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(11).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(12).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(13).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(14).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(15).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(16).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(17).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(18).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(19).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(2).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(20).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(21).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(22).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(23).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(24).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(25).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(26).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(27).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(28).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(29).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(3).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(30).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(31).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(32).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(33).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(34).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(35).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(36).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(37).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(38).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(39).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(4).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(40).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(41).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(42).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(43).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(44).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(45).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(46).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(47).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(48).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(49).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(5).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(50).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(51).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(52).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(53).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(54).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(55).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(56).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(57).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(58).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(59).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(6).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(60).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(61).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(62).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(63).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(64).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(65).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(66).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(67).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(68).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(69).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(7).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(70).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(71).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(72).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(73).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(74).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(75).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(76).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(77).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(78).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(79).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(8).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(80).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(81).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(82).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(83).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(84).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(85).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(86).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(87).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(88).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(89).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3)(9).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2)(3).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4(2).ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\jamison520_11.mp4.ddr
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(10).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(11).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(12).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(13).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(14).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(15).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(16).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(17).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(18).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(19).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(20).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(21).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(22).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(23).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(24).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(25).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(26).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(27).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(28).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(29).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(30).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(31).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(32).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(33).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(34).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(35).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(36).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(37).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(38).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(39).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(40).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(41).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(42).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(43).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(44).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(45).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(46).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(47).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(48).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(49).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(50).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(51).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(52).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(53).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(54).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(55).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(56).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(57).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(58).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(59).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(60).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(61).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(62).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(63).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(64).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(65).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(66).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(67).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(68).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(69).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(7).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(70).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(71).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(72).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(73).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(74).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(75).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(76).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(77).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(78).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(79).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(8).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(80).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(81).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(82).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(83).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(84).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(85).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(9).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx.ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(10).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(11).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(12).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(13).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(14).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(15).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(16).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(17).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(18).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(19).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(2).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(20).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(21).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(22).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(23).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(24).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(25).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(26).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(27).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(28).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(29).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(3).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(30).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(31).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(32).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(33).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(34).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(35).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(36).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(37).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(38).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(39).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(4).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(40).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(41).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(42).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(43).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(44).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(45).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(46).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(47).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(48).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(49).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(5).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(50).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(51).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(52).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(53).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(54).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(55).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(56).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(57).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(58).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(59).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(6).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(60).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(61).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(62).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(63).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(64).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(65).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(66).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(67).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(68).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(69).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(7).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(70).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(71).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(72).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(73).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(74).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(75).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(76).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(77).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(78).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(79).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(8).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(80).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(81).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(82).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(83).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(84).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(85).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(86).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11(9).mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11.mp4
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11.mp4(2).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11.mp4(3).ddp
c:\documents and settings\Jerry\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\jamison520_11.mp4.ddp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
.
.
((((((((((((((((((((((((( Files Created from 2011-06-27 to 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-22 16:35 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{823691C0-F32F-4DB2-9428-FFB7120A62E6}\mpengine.dll
2011-07-14 11:43 . 2011-07-14 11:43 388096 ----a-r- c:\documents and settings\Jerry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-14 11:42 . 2011-07-14 11:42 -------- d-----w- c:\program files\Trend Micro
2011-07-14 11:33 . 2011-07-14 11:36 -------- d-----w- C:\rei
2011-07-14 11:32 . 2011-07-14 11:32 -------- d-----w- c:\program files\Reimage
2011-07-09 15:35 . 2010-12-31 14:36 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-07-09 15:34 . 2010-12-31 14:36 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-07-09 15:34 . 2010-12-31 14:36 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-07-09 15:11 . 2011-01-07 19:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-09 15:11 . 2011-01-07 19:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-07-09 15:11 . 2011-01-07 19:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-07-09 15:11 . 2011-01-07 19:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-04 16:16 . 2011-06-20 13:57 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-25 09:23 . 2011-06-25 09:23 34816 ----a-w- c:\windows\system32\btwdiw32.dll
2011-06-26 05:03 . 2011-05-14 12:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 9138176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-05 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-05 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-05 94208]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-15 1121016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 663552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2011-01-01 233936]
.
c:\documents and settings\Jerry\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Jerry\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/21/2011 7:26 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [4/21/2011 7:26 PM 338880]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [4/21/2011 7:26 PM 251560]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [7/9/2011 10:34 AM 51984]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [7/9/2011 10:35 AM 69392]
S1 MpKsl2094a53a;MpKsl2094a53a;\??\c:\windows\system32\MpEngineStore\MpKsl2094a53a.sys --> c:\windows\system32\MpEngineStore\MpKsl2094a53a.sys [?]
S1 MpKsl4460ca93;MpKsl4460ca93;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EB53F5B-C1B1-4CFC-9F49-6364012A17DB}\MpKsl4460ca93.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EB53F5B-C1B1-4CFC-9F49-6364012A17DB}\MpKsl4460ca93.sys [?]
S1 MpKsl80f2e352;MpKsl80f2e352;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CD57206-9EB6-41A6-A85D-91A48F19FA26}\MpKsl80f2e352.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CD57206-9EB6-41A6-A85D-91A48F19FA26}\MpKsl80f2e352.sys [?]
S1 MpKsl8439245f;MpKsl8439245f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CD57206-9EB6-41A6-A85D-91A48F19FA26}\MpKsl8439245f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CD57206-9EB6-41A6-A85D-91A48F19FA26}\MpKsl8439245f.sys [?]
S1 MpKsl8b873873;MpKsl8b873873;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CD57206-9EB6-41A6-A85D-91A48F19FA26}\MpKsl8b873873.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CD57206-9EB6-41A6-A85D-91A48F19FA26}\MpKsl8b873873.sys [?]
S1 MpKslafbf4801;MpKslafbf4801;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CD57206-9EB6-41A6-A85D-91A48F19FA26}\MpKslafbf4801.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CD57206-9EB6-41A6-A85D-91A48F19FA26}\MpKslafbf4801.sys [?]
S1 MpKslb35ce639;MpKslb35ce639;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CD57206-9EB6-41A6-A85D-91A48F19FA26}\MpKslb35ce639.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CD57206-9EB6-41A6-A85D-91A48F19FA26}\MpKslb35ce639.sys [?]
S1 MpKslb731863b;MpKslb731863b;\??\c:\windows\system32\MpEngineStore\MpKslb731863b.sys --> c:\windows\system32\MpEngineStore\MpKslb731863b.sys [?]
S1 MpKslc47885b6;MpKslc47885b6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CD57206-9EB6-41A6-A85D-91A48F19FA26}\MpKslc47885b6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CD57206-9EB6-41A6-A85D-91A48F19FA26}\MpKslc47885b6.sys [?]
S1 MpKslf099fe23;MpKslf099fe23;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CD57206-9EB6-41A6-A85D-91A48F19FA26}\MpKslf099fe23.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CD57206-9EB6-41A6-A85D-91A48F19FA26}\MpKslf099fe23.sys [?]
S1 MpKslf1257557;MpKslf1257557;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7CEA8E1-16AD-4B5B-AC1A-89057055D57C}\MpKslf1257557.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7CEA8E1-16AD-4B5B-AC1A-89057055D57C}\MpKslf1257557.sys [?]
S1 MpKslf2281433;MpKslf2281433;\??\c:\windows\system32\MpEngineStore\MpKslf2281433.sys --> c:\windows\system32\MpEngineStore\MpKslf2281433.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [7/9/2011 10:11 AM 247760]
S2 btwdlns;Bluetooth Services;c:\windows\System32\svchost.exe -k bthsvc [4/14/2008 7:00 AM 14336]
S2 FIXIO PC Cleaner Service;FIXIO PC Cleaner Service;c:\program files\FIXIO PC Utilities\FIXIO PC Cleaner\FIXIO PC Cleaner Service.exe [12/8/2010 6:35 PM 191600]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/25/2011 4:25 PM 136176]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 4:30 AM 204800]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/25/2007 12:07 AM 149352]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [4/21/2011 7:26 PM 366840]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 3:55 PM 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/15/2009 6:47 PM 101936]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/25/2011 4:25 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [4/21/2011 7:26 PM 70536]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [7/9/2011 10:34 AM 33552]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2008-10-13 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4221863932.job
- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqfrucl.exe [2003-04-09 22:56]
.
2011-06-18 c:\windows\Tasks\FRU Task $ContextID$.job
- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqfrucl.exe [2003-04-09 22:56]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc23c4d5206159.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-25 19:02]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-436374069-682003330-1004Core.job
- c:\documents and settings\Jerry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-09 10:52]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-436374069-682003330-1004UA.job
- c:\documents and settings\Jerry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-09 10:52]
.
2011-07-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-07-26 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Jerry.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
.
2011-07-26 c:\windows\Tasks\Norton Security Scan for Jerry.job
- c:\progra~1\NORTON~3\Engine\301~1.8\Nss.exe [2011-01-23 08:23]
.
2011-07-26 c:\windows\Tasks\Norton Security Scan for Jessica.job
- c:\program files\Norton Security Scan\Engine\3.0.1.8\Nss.exe [2011-01-23 08:23]
.
2011-07-14 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2011-07-10 08:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: att.net
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader6.cab
FF - ProfilePath - c:\documents and settings\Jerry\Application Data\Mozilla\Firefox\Profiles\eimcvl2z.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SigmatelSysTrayApp - sttray.exe
HKLM-Run-atchk - (no file)
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
HKU-Default-RunOnce-qrsniam - c:\docume~1\LOCALS~1\LOCALS~1\APPLIC~1\qrsniam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 20:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,08,b4,c5,75,fd,91,4a,94,9e,76,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,08,b4,c5,75,fd,91,4a,94,9e,76,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(752)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
.
**************************************************************************
.
Completion time: 2011-07-26 20:56:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-27 01:56
.
Pre-Run: 7,107,923,968 bytes free
Post-Run: 8,373,747,712 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 44C774027C22EC58417C3341BBC3160A

#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:06:58 PM

Posted 27 July 2011 - 07:33 AM

How is your computer doing now?
Shannon

#9 jwhite73

jwhite73
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 27 July 2011 - 11:34 AM

Everything seems to be in order, Shannon. Thank you so much for your help. Is there anything else that I need to do?

#10 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:06:58 PM

Posted 27 July 2011 - 01:27 PM

Hi-

Great news! There are a few more things to do.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Select your Platform: Windows x86 Offline.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java™ 6 Update in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

You should not have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as products fight for access to files which are being opened since they need to be checked for viruses. In general terms, the programs may conflict and cause:
False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to multiple products attempting to access the same file at the same time.
Please go to add/remove programs in the control panel and remove all anti-virus programs but one. If you want to remove your Norton Anti-Virus, you will probably need the Norton Removal Tool .
  • Save the file to the Windows desktop.
  • On the Windows desktop, double-click the Norton Removal Tool icon.
  • Follow the on-screen instructions.
  • Restart your computer
Delete the jre-6u26-windows-i586.exe icon and the Norton Removal Tool icon from your desktop.

When you have completed the above, please run a new OTL scan.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it into your reply:
  • OTL.txt <-- Will be the opened report

Shannon

#11 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:06:58 PM

Posted 04 August 2011 - 07:59 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users