Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe virus and maybe more - Disabled Spybot, DDS and GMER


  • Please log in to reply
31 replies to this topic

#1 Brandon Lubbert

Brandon Lubbert

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 21 September 2011 - 09:45 AM

I have a windows computer that is infected with something and maybe more that one.

Windows XP Media Center Edition
Service Pack 3
Sony 1.83 Ghz - 2 MB of Ram
VIPRE Antivirus installed

It is exhibiting the following symptoms.

On bootup, it says the following messages:
Windows cannot find 'C:\DOCUME~1\Owner\LOCALS~1\Temp\svhost.com' . . . . .
Could not load or run 'C:\DOCUME~1\Owner\LOCALS~1\Temp\svhost.com' specified in the registry. . . . .
Windows cannot find 'C:\DOCUME~1\Owner\LOCALS~1\Temp\svhost.com'. Make sure you
Windows cannot find 'C:\WINDOWS\system32\fdisk.com'. Make sure you typed the name correctly . . .

Google is being redirected
Internet Explorer has pop-up windows come up "You are the winner . . ."
TaskManager would not come up. (Fixed with Disk Healer)
File view types would not come up (Fixed with Disk Healer)
Regedit and msconfig are coming up as scrambled notepad files.

After an hour or two the computer will just freeze and I have to hard power off and restart.

=================================================================

I tried running and installing Spybot - Search and Destroy. It ran the first time, but disappeared after a brief scan. Now when I click on the file to run it, it says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I tried to uninstall and reinstall several times, but it gave me a message "Cannot delete : Access is denied"

I tried running DDS. It would get to the message about the log files, but the log files would never appear. I ran it several times.

I tried running GMER.eve. It ran the first time, but then it says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Then of course I can delete the file.

=================================================================

Not sure where to go next! Thanks so much for your help! This one has me stumped.

Brandon Lubbert
Systems Manager for Small Company
Computer Experience 6 or 7 (1-no computer experience, 10-know everything about computers)

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 26 September 2011 - 09:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419857 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Brandon Lubbert

Brandon Lubbert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 26 September 2011 - 10:27 AM

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.


* See problems listed above
* Same errors happen with DDS and GMER.
* Windows XP Media Center Edition - Service Pack 3 - Sony 1.83 Ghz - 2 MB of Ram - VIPRE Antivirus installed
* I do not have the original Windows CD available

Thanks for your help!

Brandon

Edited by Brandon Lubbert, 26 September 2011 - 10:27 AM.


#4 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 26 September 2011 - 05:02 PM

Hello Brandon,

Let's see if you can get some progress there, then get some scans done so I can have info to work from.

Download System Repair Engineer. Use the Local Download button to download sreng2.zip.

Extract (unzip) it to it's own folder on your Desktop.


Then open Notepad (Start - Run, type notepad and press OK), and paste into it the contents of the Code box below (thanks Mosaic1 for the script):

Dim WshShell 
Set WshShell= Wscript.CreateObject("WScript.Shell")


A = inputBox("What to run?")
WshShell.Exec(A)

Save that to your desktop as run.vbs, then click that to run the tool.

In the open box, you need to type the path to that SREng2 file, like this:

"%userprofile%\desktop\sreng2\SREngLdr.EXE"

When the display opens, click the "System Repair" icon in the left hand column.

Under the first "File Association" tab it will have already placed checkmarks in the boxes next to file associations it sees as incorrect. Don't make any changes, and just click Repair. The display will flicker briefly, and then the results should reflect all are "Normal".

You will see many other options to use this tool for, but unless you truly know what they are indicating and what changes System Repair Engineer might make it is really not something you should try in any way (and a reason why I tend to avoid providing this repair tool).

You can use the run.vbs tool as need to get things moving there, but that step just done should provide you with better access to run most files.

-------------

Then see if you can generate some info to work with here.

To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

------------------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Decline a download of avast itself if offered
  • If avast! antivirus is already installed, go to the dropdown next to AV engine: and select (none)
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.
Ad eundum quo no duck ante iit

#5 Brandon Lubbert

Brandon Lubbert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 28 September 2011 - 07:34 AM

Thanks so much for your help. Here are a few notes about the scans and what happened.

The system repair program had no boxes checked to begin with, but I went ahead and ran the repair.

I am working on my bosses computer and have no idea how long he has had the virus or whatever this is.

GMER Report - It still would not let GMER complete the scan. I was able to copy the log though just before it disappeared. See below.

AswMBR - Started the scan just like you said, but it scanned for 2 to 3 minutes and then just disappeared. There was no chance to save the log. I tried to delete the .exe that I had saved to my desktop thinking I would download it again. I got the same familiar message that "Cannot delete aswMBR: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use. Same error as what the GMER program does.

Ready for the next step and thanks again for your help!

Brandon

=================================================================================

OLT.txt

OTL logfile created on: 9/27/2011 4:25:39 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.17% Memory free
3.84 Gb Paging File | 3.22 Gb Available in Paging File | 83.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 120.99 Gb Free Space | 85.18% Space Free | Partition Type: NTFS
Drive E: | 538.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: 480037D956F7448 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\2051932378:637514117.exe
PRC - [2011/09/27 16:24:00 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/05/11 16:54:06 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/04/13 16:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/04/04 17:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/11/28 16:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 16:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/10 23:23:43 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/08/10 23:23:35 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/08/10 23:23:32 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/06/28 03:07:37 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/25 00:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005/12/22 17:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\unrar.dll
MOD - [2005/11/28 14:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 14:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 14:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/05/20 20:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/11 16:54:28 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/05/11 16:54:06 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2010/03/18 10:57:48 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Stopped] -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe -- (AGCoreService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/08/02 16:12:02 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/06/13 11:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 12:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 13:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 13:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/05/08 07:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 20:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 20:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 20:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/13 16:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/04/04 17:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 16:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 16:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 16:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2004/08/11 03:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/11 00:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)


========== Driver Services (SafeList) ==========

DRV - [2011/05/11 16:26:04 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/05/11 16:26:04 | 000,021,592 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/04/05 17:35:20 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2006/08/02 16:15:30 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/05/26 10:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/06 22:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/02/21 22:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/02/08 20:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/03 02:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/31 21:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/12/29 22:42:00 | 000,234,496 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/12/14 20:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/12/05 03:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/28 15:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/24 16:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/11 18:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/18 20:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 20:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/21 13:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005/09/20 19:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2005/08/01 19:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 21:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 16:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 16:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2002/06/28 21:21:40 | 000,017,251 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001/07/24 13:34:34 | 000,007,520 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :8181

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@webshots.com: C:\Program Files\Webshots\3.1.5.7617\Firefox [2010/07/11 12:11:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/02 21:33:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/02 21:33:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/09/20 08:27:35 | 000,436,871 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15052 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Webshots Toolbar) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7617\WSToolbar4IE.dll (Webshots.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2 - No CLSID value found.
O3 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\..\Toolbar\ShellBrowser: (Webshots Toolbar) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7617\WSToolbar4IE.dll (Webshots.com)
O3 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\..\Toolbar\WebBrowser: (Webshots Toolbar) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7617\WSToolbar4IE.dll (Webshots.com)
O3 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HotKey] C:\Documents and Settings\Owner\Templates\cache\SFCsrvc.pif File not found
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [User Agent] C:\WINDOWS\system32\fdisk.com File not found
O4 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005..\Run: [HotKey] C:\Documents and Settings\Owner\Templates\cache\SFCsrvc.pif File not found
O4 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe ()
O4 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005..\Run: [User Agent] C:\DOCUME~1\Owner\LOCALS~1\Temp\svchost.com File not found
O4 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.americangirl.com/fun/travel/fr/index.php?section=game" File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
F3 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005 WinNT: Load - (C:\DOCUME~1\Owner\LOCALS~1\Temp\svchost.com) - File not found
F3 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005 WinNT: Run - (C:\DOCUME~1\Owner\LOCALS~1\Temp\svchost.com) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 3.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: &Webshots Photo Search - C:\Program Files\Webshots\3.1.5.7617\WSToolbar4IE.dll (Webshots.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-1_4-windows-i586.cab (Java Plug-in 1.4.2_15)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F0C224-FEAA-4E67-89E2-CF5D3828BF08}: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4601F68-7B62-46DD-B197-56CED4ED4D71}: DhcpNameServer = 10.0.1.99
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\WINDOWS\system32\fdisk.com) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\fdisk.com) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O27 - HKLM IFEO\mmc.exe: Debugger - C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\msconfig.exe: Debugger - C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\USBGUARD.EXE: Debugger - C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/24 13:45:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##Bonnie-n5u00c7c#H\Shell - "" = AutoRun
O33 - MountPoints2\##Bonnie-n5u00c7c#H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##Bonnie-n5u00c7c#H\Shell\AutoRun\command - "" = Z:\INTRO.EXE
O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\Autoplay\Command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\AutoRun\command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\explore\command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\open\command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\ws\command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\Autoplay\Command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\AutoRun\command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\explore\command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\open\command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\ws\command - "" = G:\Thumbs.db
O33 - MountPoints2\{d8435c48-225e-11db-b383-806d6172696f}\Shell\AutoRun\command - "" = E:\sony\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 16:23:56 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/27 08:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sreng2
[2011/09/27 08:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/27 08:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/27 08:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\kztechssuite
[2011/09/26 11:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmerc
[2011/09/26 11:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmerb
[2011/09/26 11:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmera
[2011/09/21 10:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2011/09/21 10:05:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/09/21 10:05:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/21 08:36:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/20 16:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Disk Heal
[2011/09/20 16:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\Disk Heal
[2011/09/20 08:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/20 08:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/09/20 08:18:31 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe
[2011/09/19 16:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/19 15:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/19 14:20:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/09/17 12:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/09/17 12:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/16 14:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/09/16 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/16 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/11 18:05:40 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2011/09/07 15:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\The Learning Company
[2011/09/03 06:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/02 21:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/09/02 21:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2011/09/02 21:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/09/02 21:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/09/02 21:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2011/09/02 21:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/09/02 21:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/09/02 21:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HpUpdate
[2011/09/02 21:28:34 | 000,527,208 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPM5412.dll
[2011/09/02 21:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/09/02 21:28:28 | 001,792,872 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanMiniDrv_OJ6500_E710nz.dll
[2011/09/02 21:28:19 | 000,232,296 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412.dll
[2011/09/02 21:28:19 | 000,213,864 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5412.dll
[2011/09/02 21:28:18 | 000,267,112 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412LM.dll
[2011/09/02 21:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/09/02 21:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/09/02 21:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HP
[2011/08/31 15:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Learning Company
[2011/08/31 15:43:11 | 000,274,432 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\WINDOWS\TLCUninstall.exe
[2011/08/31 15:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\The Learning Company
[2011/08/31 15:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\The Learning Company
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/27 16:28:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/27 16:24:00 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/27 16:14:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2051932378
[2011/09/27 16:14:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/27 16:14:11 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/27 16:08:15 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/09/27 11:50:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/27 08:41:05 | 000,000,122 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\run.vbs
[2011/09/27 08:38:51 | 000,676,536 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sreng2.zip
[2011/09/27 08:25:08 | 001,920,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\kztechssuite.zip
[2011/09/21 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/09/21 10:09:01 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/09/21 10:05:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/21 10:04:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/09/21 10:04:01 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/09/20 16:41:50 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Disk Heal.lnk
[2011/09/20 16:40:38 | 000,432,017 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DiskHealSetupv1.48R.exe
[2011/09/20 08:27:35 | 000,436,871 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/20 08:18:31 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe
[2011/09/17 21:31:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/09/17 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/09/17 14:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/09/17 11:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/15 22:28:27 | 000,001,682 | ---- | M] () -- C:\WINDOWS\System32\EmailAVConfig.xml
[2011/09/15 22:25:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/11 18:08:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
[2011/09/11 18:06:50 | 000,000,654 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_CN11Q111F905JW.job
[2011/09/11 18:04:44 | 000,000,690 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_xxxxxxxxxx.job
[2011/09/09 05:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/02 21:28:33 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z.lnk
[2011/09/02 21:28:33 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet 6500 E710n-z.lnk
[2011/09/02 21:28:33 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet 6500 E710n-z.lnk
[2011/09/02 21:28:33 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z Scan.lnk
[2011/08/31 15:40:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SETUP32.INI
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/27 08:41:05 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\run.vbs
[2011/09/27 08:38:38 | 000,676,536 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sreng2.zip
[2011/09/27 08:25:04 | 001,920,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\kztechssuite.zip
[2011/09/21 10:08:57 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/09/21 10:04:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/09/21 10:03:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/09/21 08:33:00 | 2137,182,208 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/20 16:41:50 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Disk Heal.lnk
[2011/09/20 16:40:30 | 000,432,017 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DiskHealSetupv1.48R.exe
[2011/09/16 14:44:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/16 14:24:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2051932378
[2011/09/15 22:28:27 | 000,001,682 | ---- | C] () -- C:\WINDOWS\System32\EmailAVConfig.xml
[2011/09/11 18:06:49 | 000,000,654 | ---- | C] () -- C:\WINDOWS\tasks\hpwebreg_CN11Q111F905JW.job
[2011/09/03 16:23:49 | 000,000,690 | ---- | C] () -- C:\WINDOWS\tasks\hpwebreg_xxxxxxxxxx.job
[2011/09/02 21:33:35 | 000,001,084 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/09/02 21:31:38 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/09/02 21:31:38 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/09/02 21:31:38 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/09/02 21:31:38 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/09/02 21:29:50 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/09/02 21:28:33 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z.lnk
[2011/09/02 21:28:33 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet 6500 E710n-z.lnk
[2011/09/02 21:28:33 | 000,000,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet 6500 E710n-z.lnk
[2011/09/02 21:28:33 | 000,000,927 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710n-z Scan.lnk
[2011/08/31 15:40:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/06/04 08:01:27 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/06 15:15:31 | 000,045,163 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2007/09/06 15:15:31 | 000,045,161 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2007/05/26 10:40:56 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2007/02/07 15:19:07 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/29 21:42:14 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2007/01/29 21:42:14 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2007/01/29 21:37:41 | 000,041,472 | ---- | C] () -- C:\WINDOWS\qvphook.dll
[2006/12/22 15:16:23 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/22 15:16:23 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/12/22 13:50:03 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/08/02 16:15:47 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/08/02 16:07:03 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/08/02 16:04:39 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/02 16:04:10 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/08/02 15:59:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/02 15:50:28 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/07/24 16:45:11 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2006/07/24 16:24:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/24 15:40:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/07/24 15:38:31 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/24 15:30:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/07/24 14:09:38 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2006/07/24 14:03:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2006/07/24 13:52:40 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/07/24 13:48:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/24 13:41:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/24 13:28:35 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/24 13:28:25 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/24 13:27:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/24 13:27:47 | 000,459,970 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/24 13:27:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/24 13:27:47 | 000,079,458 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/24 13:27:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/24 13:27:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/24 13:27:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/24 13:27:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/24 13:27:42 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/24 13:27:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/24 13:27:38 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/24 13:27:34 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/24 06:35:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/24 06:34:48 | 000,204,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 17:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\WINDOWS\2051932378:637514117.exe

< End of report >










===============================================================
Extra.txt


OTL Extras logfile created on: 9/27/2011 4:25:39 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.17% Memory free
3.84 Gb Paging File | 3.22 Gb Available in Paging File | 83.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 120.99 Gb Free Space | 85.18% Space Free | Partition Type: NTFS
Drive E: | 538.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: 480037D956F7448 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5B82682E-C555-45DA-8E2C-CE6525427AC9}" = Click to DVD 2.5.30
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{600AB648-F79B-41EC-B426-A49A7DB121EA}" = HP Officejet 6500 E710n-z Basic Device Software
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{666A81D6-8826-47FA-AF88-67B880A362DB}" = VIPRE Antivirus
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A87EBA79-93DB-4A87-B9BA-62F8FB12D993}" = ImageStation
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c17590d2-ecb4-4b15-8820-f58798dcc118}" = Webshots Toolbar for IE
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Antivirus
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-in 1.0
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E3D278BD-FC97-4F87-BB1F-689AE0CB9122}" = Macromedia Flash Player 8 Plugin
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F73E7B59-F951-11D4-884D-00902761A46D}" = WordPerfect Office 2002 Professional
"{FAABDC10-41B3-4A4C-A76E-C02CB9BE2A5E}" = HP Officejet 6500 E710n-z Product Improvement Study
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{fba28920-8485-3586-980c-54c863eb45e6}" = Webshots Toolbar for Firefox
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Search Enhancement" = Search Enhancement by AOL Search
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon iP1700 User Registration" = Canon iP1700 User Registration
"CanonMyPrinter" = Canon My Printer
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"CSCLIB" = Canon Camera Support Core Library
"Disk Heal" = Disk Heal
"Dreamship Tales" = Dreamship Tales
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"Learn to Read with Phonics 1st and 2nd Grade" = Learn to Read with Phonics 1st and 2nd Grade
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"QVP" = Quick View Plus
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SFlyStudio" = Shutterfly Studio
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/23/2011 7:26:05 AM | Computer Name = 480037D956F7448 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 127731484

Error - 9/23/2011 7:26:05 AM | Computer Name = 480037D956F7448 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 127731484

Error - 9/23/2011 7:26:20 AM | Computer Name = 480037D956F7448 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/23/2011 7:28:56 AM | Computer Name = 480037D956F7448 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/23/2011 7:29:59 AM | Computer Name = 480037D956F7448 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/23/2011 7:29:59 AM | Computer Name = 480037D956F7448 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 127965859

Error - 9/23/2011 7:30:15 AM | Computer Name = 480037D956F7448 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 127981484

Error - 9/27/2011 8:15:15 AM | Computer Name = 480037D956F7448 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.2.0.10752, P3 4ba23f6a,
P4 agicore, P5 4.2.0.10752, P6 4babc246, P7 35c, P8 85, P9 system.nullreferenceexception,
P10 NIL.

Error - 9/27/2011 3:53:21 PM | Computer Name = 480037D956F7448 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.2.0.10752, P3 4ba23f6a,
P4 agicore, P5 4.2.0.10752, P6 4babc246, P7 35c, P8 85, P9 system.nullreferenceexception,
P10 NIL.

Error - 9/27/2011 4:20:10 PM | Computer Name = 480037D956F7448 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 agcoreservice.exe, P2 4.2.0.10752, P3 4ba23f6a,
P4 agicore, P5 4.2.0.10752, P6 4babc246, P7 35c, P8 85, P9 system.nullreferenceexception,
P10 NIL.

[ System Events ]
Error - 9/27/2011 4:18:52 PM | Computer Name = 480037D956F7448 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 9/27/2011 4:18:57 PM | Computer Name = 480037D956F7448 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 9/27/2011 4:19:15 PM | Computer Name = 480037D956F7448 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 9/27/2011 4:19:15 PM | Computer Name = 480037D956F7448 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 9/27/2011 4:20:03 PM | Computer Name = 480037D956F7448 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 9/27/2011 4:20:49 PM | Computer Name = 480037D956F7448 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 9/27/2011 4:21:31 PM | Computer Name = 480037D956F7448 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 9/27/2011 4:22:38 PM | Computer Name = 480037D956F7448 | Source = Service Control Manager | ID = 7034
Description = The AG Core Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/27/2011 4:24:46 PM | Computer Name = 480037D956F7448 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 9/27/2011 4:33:08 PM | Computer Name = 480037D956F7448 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >




==============================================================


GMER Report

It still would not let GMER complete the scan.

Here is as far as it gets before disappearing.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-27 17:11:56
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwwyifoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xA8C124D0]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xA8C12520]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IoReuseIrp + 8B 804EF90D 7 Bytes CALL 88B9B5F5
? C:\WINDOWS\system32\drivers\sbtis.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 013E000A
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 013F000A
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 013D000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)

Device \Driver\00003275 \GLOBAL??\da004e7a 88B98190

#6 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 28 September 2011 - 05:40 PM

Goodness that's busy there, with the wrong stuff. May be a Sunbelt driver is being altered, but we'll see.

Go to Start > Run and type:

cmd.exe

and OK. At the prompt type or copy/paste each of the following, pressing Enter after each:

at /delete

And agree to any warnings. Then just type exit and press Enter to close the window. Remove some malware tasks set there.

--------------

Temp disable security softwares, then open OTL again.

Under the Custom Scans/Fixes box at the bottom, paste in the following (inside the Code box):

IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :8181
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HotKey] C:\Documents and Settings\Owner\Templates\cache\SFCsrvc.pif File not found
O4 - HKLM..\Run: [User Agent] C:\WINDOWS\system32\fdisk.com File not found
O4 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005..\Run: [User Agent] C:\DOCUME~1\Owner\LOCALS~1\Temp\svchost.com File not found
F3 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005 WinNT: Load - (C:\DOCUME~1\Owner\LOCALS~1\Temp\svchost.com) - File not found
F3 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005 WinNT: Run - (C:\DOCUME~1\Owner\LOCALS~1\Temp\svchost.com) - File not found
O20 - HKLM Winlogon: Shell - (C:\WINDOWS\system32\fdisk.com) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\fdisk.com) - File not found
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O27 - HKLM IFEO\mmc.exe: Debugger - C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\msconfig.exe: Debugger - C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
O27 - HKLM IFEO\USBGUARD.EXE: Debugger - C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
O33 - MountPoints2\##Bonnie-n5u00c7c#H\Shell - "" = AutoRun
O33 - MountPoints2\##Bonnie-n5u00c7c#H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##Bonnie-n5u00c7c#H\Shell\AutoRun\command - "" = Z:\INTRO.EXE
O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\Autoplay\Command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\AutoRun\command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\explore\command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\open\command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\ws\command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\Autoplay\Command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\AutoRun\command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\explore\command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\open\command - "" = G:\Thumbs.db
O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\ws\command - "" = G:\Thumbs.db
@Alternate Data Stream - 784 bytes -> C:\WINDOWS\2051932378:637514117.exe

Then click the Run Fix button at the top of the OTL display. When that completes a log will open - post that here in your next reply please. That log will also be saved in the c:\_OTL\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). That all was just to clear out some elbow room there, if it takes.

--------------

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please, along with the OTL log.
Ad eundum quo no duck ante iit

#7 Brandon Lubbert

Brandon Lubbert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 29 September 2011 - 10:32 AM

Notes:

I wasn't quite sure what you meant by "Goodness that's busy there, with the wrong stuff." <grin>

I tried the CMD.exe which I think from your description was supposed to delete all schedule tasks. However, I still have scheduled tasks in the control panel. Not sure if that helps or not.

Disabled Anti-virus

Ran Custom Scan in OTL (It doesn't look like it took to me.)

Downloaded Kaspersky's TDSSKILLER but renamed it larry.com

Clicked it to run it

It ran fine and found two objects, one serious and the other not so serious. I believed it removed the root kit.

Let me know what to do next.

Have I expressed my thanks! I am totally lost on this one and following your instructions exactly.

Brandon


===========================================================

Logs from OTL

Error: Unable to interpret <IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :8181> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HotKey] C:\Documents and Settings\Owner\Templates\cache\SFCsrvc.pif File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [User Agent] C:\WINDOWS\system32\fdisk.com File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005..\Run: [User Agent] C:\DOCUME~1\Owner\LOCALS~1\Temp\svchost.com File not found> in the current context!
Error: Unable to interpret <F3 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005 WinNT: Load - (C:\DOCUME~1\Owner\LOCALS~1\Temp\svchost.com) - File not found> in the current context!
Error: Unable to interpret <F3 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005 WinNT: Run - (C:\DOCUME~1\Owner\LOCALS~1\Temp\svchost.com) - File not found> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (C:\WINDOWS\system32\fdisk.com) - File not found> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\fdisk.com) - File not found> in the current context!
Error: Unable to interpret <O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\mmc.exe: Debugger - C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\msconfig.exe: Debugger - C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\regedit.exe: Debugger - C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O27 - HKLM IFEO\USBGUARD.EXE: Debugger - C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O33 - MountPoints2\##Bonnie-n5u00c7c#H\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\##Bonnie-n5u00c7c#H\Shell\AutoRun - "" = Auto&Play> in the current context!
Error: Unable to interpret <O33 - MountPoints2\##Bonnie-n5u00c7c#H\Shell\AutoRun\command - "" = Z:\INTRO.EXE> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\Autoplay\Command - "" = G:\Thumbs.db> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\AutoRun\command - "" = G:\Thumbs.db> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\explore\command - "" = G:\Thumbs.db> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\open\command - "" = G:\Thumbs.db> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{af2e48c4-0e8f-11df-9c25-0018de09d5d9}\Shell\ws\command - "" = G:\Thumbs.db> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\Autoplay\Command - "" = G:\Thumbs.db> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\AutoRun\command - "" = G:\Thumbs.db> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\explore\command - "" = G:\Thumbs.db> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\open\command - "" = G:\Thumbs.db> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{af2e48ca-0e8f-11df-9c25-0018de09d5d9}\Shell\ws\command - "" = G:\Thumbs.db> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 784 bytes -> C:\WINDOWS\2051932378:637514117.exe> in the current context!

OTL by OldTimer - Version 3.2.29.1 log created on 09292011_105703



================================================================


Log from Kaspersky's TDSSKILLER


11:02:39.0359 3448 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
11:02:40.0562 3448 ============================================================
11:02:40.0562 3448 Current date / time: 2011/09/29 11:02:40.0562
11:02:40.0562 3448 SystemInfo:
11:02:40.0562 3448
11:02:40.0562 3448 OS Version: 5.1.2600 ServicePack: 3.0
11:02:40.0562 3448 Product type: Workstation
11:02:40.0562 3448 ComputerName: 480037D956F7448
11:02:40.0609 3448 UserName: Owner
11:02:40.0609 3448 Windows directory: C:\WINDOWS
11:02:40.0609 3448 System windows directory: C:\WINDOWS
11:02:40.0609 3448 Processor architecture: Intel x86
11:02:40.0609 3448 Number of processors: 2
11:02:40.0609 3448 Page size: 0x1000
11:02:40.0609 3448 Boot type: Normal boot
11:02:40.0609 3448 ============================================================
11:02:48.0373 3448 Initialize success
11:03:40.0501 3128 ============================================================
11:03:40.0501 3128 Scan started
11:03:40.0501 3128 Mode: Manual;
11:03:40.0501 3128 ============================================================
11:03:55.0420 3128 Abiosdsk - ok
11:03:56.0138 3128 abp480n5 - ok
11:03:57.0201 3128 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:03:57.0201 3128 ACPI - ok
11:03:58.0154 3128 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:03:58.0185 3128 ACPIEC - ok
11:03:59.0122 3128 adpu160m - ok
11:04:00.0653 3128 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:04:00.0809 3128 aec - ok
11:04:01.0840 3128 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:04:01.0840 3128 AegisP - ok
11:04:03.0574 3128 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
11:04:03.0574 3128 AFD - ok
11:04:04.0683 3128 Aha154x - ok
11:04:05.0464 3128 aic78u2 - ok
11:04:05.0996 3128 aic78xx - ok
11:04:06.0589 3128 AliIde - ok
11:04:07.0152 3128 amsint - ok
11:04:07.0792 3128 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
11:04:07.0792 3128 ApfiltrService - ok
11:04:08.0464 3128 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:04:08.0511 3128 Arp1394 - ok
11:04:08.0995 3128 asc - ok
11:04:09.0510 3128 asc3350p - ok
11:04:10.0073 3128 asc3550 - ok
11:04:10.0838 3128 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:04:10.0854 3128 AsyncMac - ok
11:04:11.0791 3128 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:04:11.0791 3128 atapi - ok
11:04:12.0400 3128 Atdisk - ok
11:04:13.0056 3128 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:04:13.0088 3128 Atmarpc - ok
11:04:13.0603 3128 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:04:13.0603 3128 audstub - ok
11:04:14.0197 3128 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:04:14.0212 3128 Beep - ok
11:04:14.0790 3128 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:04:14.0790 3128 cbidf2k - ok
11:04:15.0493 3128 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:04:15.0509 3128 CCDECODE - ok
11:04:16.0056 3128 cd20xrnt - ok
11:04:16.0681 3128 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:04:16.0681 3128 Cdaudio - ok
11:04:17.0305 3128 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:04:17.0352 3128 Cdfs - ok
11:04:17.0977 3128 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:04:18.0024 3128 Cdrom - ok
11:04:18.0524 3128 Changer - ok
11:04:19.0102 3128 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:04:19.0118 3128 CmBatt - ok
11:04:19.0711 3128 CmdIde - ok
11:04:20.0398 3128 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:04:20.0398 3128 Compbatt - ok
11:04:20.0867 3128 Cpqarray - ok
11:04:21.0101 3128 da004e7a (3b77e3bf5bf67483bee5df9581a1c8a7) C:\WINDOWS\2051932378:637514117.exe
11:04:24.0351 3128 Suspicious file (Hidden): C:\WINDOWS\2051932378:637514117.exe. md5: 3b77e3bf5bf67483bee5df9581a1c8a7
11:04:24.0351 3128 da004e7a ( HiddenFile.Multi.Generic ) - warning
11:04:24.0351 3128 da004e7a - detected HiddenFile.Multi.Generic (1)
11:04:24.0929 3128 dac2w2k - ok
11:04:25.0507 3128 dac960nt - ok
11:04:26.0085 3128 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:04:26.0100 3128 Disk - ok
11:04:27.0022 3128 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:04:27.0428 3128 dmboot - ok
11:04:27.0975 3128 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
11:04:27.0975 3128 DMICall - ok
11:04:28.0553 3128 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:04:28.0631 3128 dmio - ok
11:04:29.0193 3128 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:04:29.0193 3128 dmload - ok
11:04:29.0693 3128 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:04:29.0724 3128 DMusic - ok
11:04:30.0162 3128 dpti2o - ok
11:04:30.0677 3128 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:04:30.0677 3128 drmkaud - ok
11:04:31.0255 3128 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:04:31.0255 3128 E100B - ok
11:04:31.0833 3128 e1express (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:04:31.0943 3128 e1express - ok
11:04:32.0614 3128 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:04:32.0693 3128 Fastfat - ok
11:04:33.0255 3128 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:04:33.0270 3128 Fdc - ok
11:04:33.0802 3128 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:04:33.0802 3128 Fips - ok
11:04:34.0255 3128 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:04:34.0270 3128 Flpydisk - ok
11:04:34.0786 3128 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:04:34.0880 3128 FltMgr - ok
11:04:35.0379 3128 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:04:35.0379 3128 Fs_Rec - ok
11:04:35.0957 3128 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:04:36.0020 3128 Ftdisk - ok
11:04:36.0535 3128 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:04:36.0535 3128 GEARAspiWDM - ok
11:04:37.0066 3128 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:04:37.0082 3128 Gpc - ok
11:04:37.0644 3128 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:04:37.0644 3128 HDAudBus - ok
11:04:38.0176 3128 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:04:38.0191 3128 HidUsb - ok
11:04:38.0644 3128 hpn - ok
11:04:39.0238 3128 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
11:04:39.0347 3128 HSFHWAZL - ok
11:04:40.0378 3128 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:04:40.0925 3128 HSF_DPV - ok
11:04:41.0628 3128 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:04:41.0628 3128 HTTP - ok
11:04:42.0081 3128 i2omgmt - ok
11:04:42.0518 3128 i2omp - ok
11:04:43.0081 3128 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:04:43.0112 3128 i8042prt - ok
11:04:44.0174 3128 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:04:44.0768 3128 ialm - ok
11:04:45.0268 3128 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:04:45.0283 3128 Imapi - ok
11:04:45.0736 3128 ini910u - ok
11:04:46.0236 3128 IntelIde - ok
11:04:46.0752 3128 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:04:46.0767 3128 intelppm - ok
11:04:47.0252 3128 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:04:47.0283 3128 Ip6Fw - ok
11:04:47.0798 3128 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:04:47.0830 3128 IpFilterDriver - ok
11:04:48.0392 3128 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:04:48.0408 3128 IpInIp - ok
11:04:48.0970 3128 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:04:48.0970 3128 IpNat - ok
11:04:49.0470 3128 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:04:49.0517 3128 IPSec - ok
11:04:50.0017 3128 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:04:50.0017 3128 IRENUM - ok
11:04:50.0563 3128 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:04:50.0595 3128 isapnp - ok
11:04:51.0079 3128 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:04:51.0079 3128 Kbdclass - ok
11:04:51.0641 3128 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:04:51.0641 3128 kbdhid - ok
11:04:52.0266 3128 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:04:52.0360 3128 kmixer - ok
11:04:52.0907 3128 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:04:52.0907 3128 KSecDD - ok
11:04:53.0360 3128 lbrtfdc - ok
11:04:53.0875 3128 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:04:53.0891 3128 mdmxsdk - ok
11:04:54.0453 3128 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
11:04:54.0469 3128 MHNDRV - ok
11:04:54.0984 3128 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:04:54.0984 3128 mnmdd - ok
11:04:55.0500 3128 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:04:55.0515 3128 Modem - ok
11:04:56.0125 3128 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:04:56.0125 3128 Mouclass - ok
11:04:56.0687 3128 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:04:56.0687 3128 mouhid - ok
11:04:57.0187 3128 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:04:57.0202 3128 MountMgr - ok
11:04:57.0656 3128 mraid35x - ok
11:04:58.0218 3128 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:04:58.0312 3128 MRxDAV - ok
11:04:59.0077 3128 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:04:59.0077 3128 MRxSmb - ok
11:04:59.0561 3128 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:04:59.0561 3128 Msfs - ok
11:05:00.0046 3128 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:05:00.0046 3128 MSKSSRV - ok
11:05:00.0577 3128 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:05:00.0592 3128 MSPCLOCK - ok
11:05:01.0077 3128 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:05:01.0077 3128 MSPQM - ok
11:05:01.0592 3128 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:05:01.0592 3128 mssmbios - ok
11:05:02.0076 3128 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:05:02.0076 3128 MSTEE - ok
11:05:02.0654 3128 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:05:02.0654 3128 Mup - ok
11:05:03.0217 3128 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:05:03.0264 3128 NABTSFEC - ok
11:05:03.0826 3128 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:05:03.0920 3128 NDIS - ok
11:05:04.0420 3128 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:05:04.0435 3128 NdisIP - ok
11:05:04.0935 3128 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:05:04.0935 3128 NdisTapi - ok
11:05:05.0654 3128 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:05:05.0654 3128 Ndisuio - ok
11:05:06.0888 3128 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:05:06.0981 3128 NdisWan - ok
11:05:07.0747 3128 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:05:07.0747 3128 NDProxy - ok
11:05:08.0278 3128 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:05:08.0294 3128 NetBIOS - ok
11:05:08.0856 3128 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:05:08.0950 3128 NetBT - ok
11:05:09.0450 3128 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:05:09.0450 3128 NIC1394 - ok
11:05:09.0950 3128 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:05:09.0965 3128 Npfs - ok
11:05:10.0809 3128 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:05:11.0168 3128 Ntfs - ok
11:05:12.0043 3128 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:05:12.0058 3128 Null - ok
11:05:14.0964 3128 nv (4f56e52f7ce6ac737adb1bb2a1854592) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:05:17.0104 3128 nv - ok
11:05:17.0667 3128 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:05:17.0667 3128 NwlnkFlt - ok
11:05:18.0151 3128 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:05:18.0166 3128 NwlnkFwd - ok
11:05:18.0698 3128 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:05:18.0698 3128 ohci1394 - ok
11:05:19.0229 3128 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:05:19.0276 3128 Parport - ok
11:05:19.0854 3128 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:05:19.0854 3128 PartMgr - ok
11:05:20.0353 3128 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:05:20.0353 3128 ParVdm - ok
11:05:20.0900 3128 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:05:20.0931 3128 PCI - ok
11:05:21.0384 3128 PCIDump - ok
11:05:21.0947 3128 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:05:21.0947 3128 PCIIde - ok
11:05:22.0494 3128 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:05:22.0556 3128 Pcmcia - ok
11:05:22.0993 3128 PDCOMP - ok
11:05:23.0446 3128 PDFRAME - ok
11:05:23.0915 3128 PDRELI - ok
11:05:24.0368 3128 PDRFRAME - ok
11:05:24.0899 3128 pelmouse (59b3101f20056104c011e0c68aebb840) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
11:05:24.0915 3128 pelmouse - ok
11:05:25.0399 3128 pelusblf (f1ce775af376faf3ffefb4ff8cbdfbf3) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
11:05:25.0415 3128 pelusblf - ok
11:05:25.0946 3128 perc2 - ok
11:05:26.0415 3128 perc2hib - ok
11:05:27.0055 3128 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:05:27.0086 3128 PptpMiniport - ok
11:05:27.0586 3128 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:05:27.0617 3128 PSched - ok
11:05:28.0117 3128 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:05:28.0133 3128 Ptilink - ok
11:05:28.0586 3128 PxHelp20 - ok
11:05:29.0070 3128 ql1080 - ok
11:05:29.0523 3128 Ql10wnt - ok
11:05:29.0976 3128 ql12160 - ok
11:05:30.0507 3128 ql1240 - ok
11:05:30.0961 3128 ql1280 - ok
11:05:31.0476 3128 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:05:31.0492 3128 RasAcd - ok
11:05:32.0038 3128 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:05:32.0054 3128 Rasl2tp - ok
11:05:32.0601 3128 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:05:32.0632 3128 RasPppoe - ok
11:05:33.0148 3128 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:05:33.0148 3128 Raspti - ok
11:05:33.0757 3128 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:05:33.0851 3128 Rdbss - ok
11:05:34.0382 3128 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:05:34.0397 3128 RDPCDD - ok
11:05:34.0991 3128 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:05:35.0085 3128 rdpdr - ok
11:05:35.0694 3128 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:05:35.0694 3128 RDPWD - ok
11:05:36.0256 3128 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:05:36.0288 3128 redbook - ok
11:05:36.0959 3128 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:05:36.0959 3128 s24trans - ok
11:05:37.0537 3128 sbaphd (65a36563c0207824c8240662043c5304) C:\WINDOWS\system32\drivers\sbaphd.sys
11:05:37.0537 3128 sbaphd - ok
11:05:38.0068 3128 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\WINDOWS\system32\drivers\sbapifs.sys
11:05:38.0068 3128 sbapifs - ok
11:05:38.0615 3128 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\WINDOWS\system32\drivers\SBREDrv.sys
11:05:38.0615 3128 SBRE - ok
11:05:39.0178 3128 SbTis (a493b0d76fe8f034988ea64372cb5bd6) C:\WINDOWS\system32\drivers\sbtis.sys
11:05:39.0178 3128 Suspicious file (Forged): C:\WINDOWS\system32\drivers\sbtis.sys. Real md5: a493b0d76fe8f034988ea64372cb5bd6, Fake md5: 44062a740434b7c3946096d615aaa91c
11:05:39.0178 3128 SbTis ( Rootkit.Win32.ZAccess.e ) - infected
11:05:39.0178 3128 SbTis - detected Rootkit.Win32.ZAccess.e (0)
11:05:39.0740 3128 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:05:39.0756 3128 Secdrv - ok
11:05:40.0318 3128 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
11:05:40.0349 3128 Serial - ok
11:05:40.0880 3128 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:05:40.0896 3128 Sfloppy - ok
11:05:41.0412 3128 SI3132 (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys
11:05:41.0458 3128 SI3132 - ok
11:05:41.0974 3128 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
11:05:41.0974 3128 SiFilter - ok
11:05:42.0474 3128 Simbad - ok
11:05:42.0942 3128 SiRemFil (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
11:05:42.0942 3128 SiRemFil - ok
11:05:43.0442 3128 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:05:43.0442 3128 SLIP - ok
11:05:44.0270 3128 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
11:05:44.0270 3128 SNC - ok
11:05:45.0067 3128 SonyImgF (c483fc0add8b074286600b9620ef2c16) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
11:05:45.0083 3128 SonyImgF - ok
11:05:45.0801 3128 Sparrow - ok
11:05:46.0551 3128 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:05:46.0551 3128 splitter - ok
11:05:47.0379 3128 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:05:47.0426 3128 sr - ok
11:05:48.0410 3128 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:05:48.0426 3128 Srv - ok
11:05:49.0972 3128 STHDA (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\WINDOWS\system32\drivers\sthda.sys
11:05:49.0972 3128 STHDA - ok
11:05:50.0535 3128 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
11:05:50.0535 3128 StillCam - ok
11:05:51.0035 3128 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:05:51.0035 3128 streamip - ok
11:05:51.0550 3128 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:05:51.0550 3128 swenum - ok
11:05:52.0066 3128 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:05:52.0097 3128 swmidi - ok
11:05:52.0659 3128 symc810 - ok
11:05:53.0112 3128 symc8xx - ok
11:05:53.0597 3128 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
11:05:53.0597 3128 symlcbrd - ok
11:05:54.0081 3128 sym_hi - ok
11:05:54.0612 3128 sym_u3 - ok
11:05:55.0143 3128 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:05:55.0174 3128 sysaudio - ok
11:05:55.0862 3128 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:05:55.0862 3128 Tcpip - ok
11:05:56.0377 3128 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:05:56.0377 3128 TDPIPE - ok
11:05:56.0861 3128 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:05:56.0861 3128 TDTCP - ok
11:05:57.0377 3128 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:05:57.0393 3128 TermDD - ok
11:05:58.0064 3128 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
11:05:58.0080 3128 ti21sony - ok
11:05:58.0595 3128 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
11:05:58.0611 3128 toshidpt - ok
11:05:59.0064 3128 TosIde - ok
11:05:59.0548 3128 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
11:05:59.0580 3128 tosporte - ok
11:06:00.0158 3128 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys
11:06:00.0205 3128 Tosrfbd - ok
11:06:00.0736 3128 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
11:06:00.0767 3128 Tosrfbnp - ok
11:06:01.0267 3128 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
11:06:01.0314 3128 Tosrfcom - ok
11:06:01.0814 3128 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
11:06:01.0845 3128 Tosrfhid - ok
11:06:02.0329 3128 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
11:06:02.0329 3128 tosrfnds - ok
11:06:02.0860 3128 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
11:06:02.0891 3128 TosRfSnd - ok
11:06:03.0423 3128 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys
11:06:03.0454 3128 Tosrfusb - ok
11:06:03.0985 3128 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:06:04.0032 3128 Udfs - ok
11:06:04.0501 3128 ultra - ok
11:06:05.0157 3128 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:06:05.0360 3128 Update - ok
11:06:05.0969 3128 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:06:05.0985 3128 USBAAPL - ok
11:06:06.0547 3128 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:06:06.0563 3128 usbehci - ok
11:06:07.0094 3128 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:06:07.0109 3128 usbhub - ok
11:06:07.0625 3128 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:06:07.0641 3128 usbprint - ok
11:06:08.0219 3128 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:06:08.0219 3128 usbscan - ok
11:06:08.0750 3128 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:06:08.0765 3128 usbstor - ok
11:06:09.0234 3128 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:06:09.0234 3128 usbuhci - ok
11:06:09.0921 3128 usbvm321 (c7f4158ea3915f4194aee233ff8d4728) C:\WINDOWS\system32\Drivers\usbvm321.sys
11:06:09.0921 3128 usbvm321 - ok
11:06:10.0452 3128 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:06:10.0468 3128 VgaSave - ok
11:06:10.0921 3128 ViaIde - ok
11:06:11.0421 3128 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:06:11.0452 3128 VolSnap - ok
11:06:12.0889 3128 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
11:06:12.0905 3128 w39n51 - ok
11:06:13.0655 3128 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:06:13.0671 3128 Wanarp - ok
11:06:14.0108 3128 WDICA - ok
11:06:14.0623 3128 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:06:14.0670 3128 wdmaud - ok
11:06:15.0530 3128 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:06:15.0904 3128 winachsf - ok
11:06:16.0545 3128 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:06:16.0545 3128 WSTCODEC - ok
11:06:16.0607 3128 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:06:17.0154 3128 \Device\Harddisk0\DR0 - ok
11:06:17.0154 3128 Boot (0x1200) (6e77851c26fd7b9269382d1a20b8b97d) \Device\Harddisk0\DR0\Partition0
11:06:17.0154 3128 \Device\Harddisk0\DR0\Partition0 - ok
11:06:17.0154 3128 ============================================================
11:06:17.0154 3128 Scan finished
11:06:17.0154 3128 ============================================================
11:06:17.0170 1056 Detected object count: 2
11:06:17.0170 1056 Actual detected object count: 2
11:07:24.0656 1056 da004e7a ( HiddenFile.Multi.Generic ) - skipped by user
11:07:24.0656 1056 da004e7a ( HiddenFile.Multi.Generic ) - User select action: Skip
11:07:25.0531 1056 Backup copy found, using it..
11:07:25.0703 1056 C:\WINDOWS\system32\drivers\sbtis.sys - will be cured on reboot
11:07:25.0703 1056 SbTis ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
11:08:53.0060 2956 Deinitialize success

#8 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 01 October 2011 - 03:35 PM

I am not a frequent visitor here, so have a bad habit of missing thread replies. I apologize, and always hope to improve on that.

The tasks removal steps were just to delete the random-named "at" jobs malware tends to use, and wouldn't effect other tasks.

TDSSKiller apparently did ID that Sunbelt driver as malware-involved. You had it skip curing this though:

Device \Driver\00003275 \GLOBAL??\da004e7a 88B98190

Can you tell me why, before we go on to the next repairs please?
Ad eundum quo no duck ante iit

#9 Brandon Lubbert

Brandon Lubbert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 03 October 2011 - 07:24 AM

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested.

When the scan completes it will create a log file on your C drive.



I guess that I was not aware that I had skipped this. Let me know how to fix this and I would be glad to. I tried to follow the above instructions exactly but to my knowledge I didn't skip anything TDSSKiller said to fix. It even asked to reboot. Do you want me to rerun it?

Brandon

#10 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 03 October 2011 - 07:59 PM

TDSSKiller showed one driver being Skipped, instead of Cured. But in checking the logs further I see I have missed some rootkit indicators, including one that is altering the Winsock (can control net access).

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Click here and download Flash_Disinfector.exe and save it to your desktop.

Doubleclick on Flash_Disinfector.exe to run it and follow the prompts. Wait until it has finished scanning and then exit the program.

The utility may ask you to insert your flash drive and/or other external/removable drives. Please do so and allow the utility to clean up those drives as well.

Then leave any drives installed until all repairs here have been completed.

This will also create autorun.inf folders on all drives there, which serves to block autoloading infection from creating some of their bad files they need to infect other drives and systems.

--------

Click here and download Webroot's ZeroAccess/Max++ rootkit remover, transfer that file to the problem computer and click it to run the scan. Follow all prompts that lead to malware removal, including rebooting if needed. It should also create a log file, AntiZeroAccess_Log.txt, located in the same place as the removal tool. Please post that log here for review.

--------

Run TDSSKiller again, being sure you have it Cure all that it finds.

Then delete any copies of ComboFix, if you have already used it there, and download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Ad eundum quo no duck ante iit

#11 Brandon Lubbert

Brandon Lubbert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 05 October 2011 - 02:28 PM

Notes from Instructions

I downloaded the flash disinfector.exe

I ran it, but it did some strange things.

I brought up a notepad and then said "The system cannot find the path specified." I clicked OK and then closed the notepad file. It did this 5 times. It then said "cannot find "C:\WINDOWS\system32\fdisk.com"

I cleared this box and then it said that it was finished.

It did create an autorun.inf folder on my flash drive.

I downloaded Webroot Zeroaccess with no problems. It said it was not infected.

I ran TDSSKILLER and I think I cured anything it said.

I ran combofix and it ran without any difficulties that I could see.

It did say "You are infected with Rootkit.Zeroaccess! It has inserted itself into the TCP/IP stack. This is a particularly difficult infection. . . ."

Combofix detected the presence of rootkit activity and needs to reboot the machine and rebooted.

From looks and appearances, things are looking up. No initial error message on boot up.

I will await your word though.

Brandon



===========================
===========================
===========================

Zeroaccess rootkit remover log

Webroot AntiZeroAccess 0.8 Log File
Execution time: 05/10/2011 - 11:50
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
11:50:33 - CheckSystem - Begin to check system...
11:50:33 - OpenRootDrive - Opening system root volume and physical drive....
11:50:33 - C Root Drive: Disk number: 0 Start sector: 0x00E00D12 Partition Size: 0x11C17DAF sectors.
11:50:33 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
11:50:34 - InstallAndStartDriver - Main driver was installed and now is running.
11:50:34 - CheckSystem - Disk class driver state is OK.
11:51:00 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
11:51:00 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
11:51:00 - Execution Ended!

===========================
===========================
===========================

TDSSKiller Log


12:00:04.0265 1984 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
12:00:04.0687 1984 ============================================================
12:00:04.0687 1984 Current date / time: 2011/10/05 12:00:04.0687
12:00:04.0687 1984 SystemInfo:
12:00:04.0687 1984
12:00:04.0687 1984 OS Version: 5.1.2600 ServicePack: 3.0
12:00:04.0687 1984 Product type: Workstation
12:00:04.0687 1984 ComputerName: 480037D956F7448
12:00:04.0687 1984 UserName: Owner
12:00:04.0687 1984 Windows directory: C:\WINDOWS
12:00:04.0687 1984 System windows directory: C:\WINDOWS
12:00:04.0687 1984 Processor architecture: Intel x86
12:00:04.0687 1984 Number of processors: 2
12:00:04.0687 1984 Page size: 0x1000
12:00:04.0687 1984 Boot type: Normal boot
12:00:04.0687 1984 ============================================================
12:00:08.0593 1984 Initialize success
12:00:33.0718 2968 ============================================================
12:00:33.0718 2968 Scan started
12:00:33.0718 2968 Mode: Manual;
12:00:33.0718 2968 ============================================================
12:00:34.0859 2968 Abiosdsk - ok
12:00:35.0296 2968 abp480n5 - ok
12:00:35.0890 2968 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:00:35.0906 2968 ACPI - ok
12:00:36.0375 2968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:00:36.0375 2968 ACPIEC - ok
12:00:36.0875 2968 adpu160m - ok
12:00:37.0406 2968 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:00:37.0406 2968 aec - ok
12:00:37.0968 2968 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:00:37.0968 2968 AegisP - ok
12:00:38.0546 2968 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
12:00:38.0546 2968 AFD - ok
12:00:39.0015 2968 Aha154x - ok
12:00:39.0453 2968 aic78u2 - ok
12:00:39.0906 2968 aic78xx - ok
12:00:40.0343 2968 AliIde - ok
12:00:40.0812 2968 amsint - ok
12:00:41.0390 2968 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:00:41.0390 2968 ApfiltrService - ok
12:00:41.0953 2968 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:00:41.0953 2968 Arp1394 - ok
12:00:42.0437 2968 asc - ok
12:00:42.0937 2968 asc3350p - ok
12:00:43.0375 2968 asc3550 - ok
12:00:43.0843 2968 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:00:43.0843 2968 AsyncMac - ok
12:00:44.0421 2968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:00:44.0421 2968 atapi - ok
12:00:44.0859 2968 Atdisk - ok
12:00:45.0375 2968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:00:45.0375 2968 Atmarpc - ok
12:00:45.0859 2968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:00:45.0859 2968 audstub - ok
12:00:46.0375 2968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:00:46.0375 2968 Beep - ok
12:00:46.0921 2968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:00:46.0921 2968 cbidf2k - ok
12:00:47.0437 2968 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:00:47.0437 2968 CCDECODE - ok
12:00:47.0906 2968 cd20xrnt - ok
12:00:48.0406 2968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:00:48.0406 2968 Cdaudio - ok
12:00:48.0921 2968 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:00:48.0921 2968 Cdfs - ok
12:00:49.0500 2968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:00:49.0500 2968 Cdrom - ok
12:00:49.0937 2968 Changer - ok
12:00:50.0390 2968 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:00:50.0390 2968 CmBatt - ok
12:00:50.0859 2968 CmdIde - ok
12:00:51.0375 2968 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:00:51.0375 2968 Compbatt - ok
12:00:51.0843 2968 Cpqarray - ok
12:00:52.0046 2968 da004e7a (3b77e3bf5bf67483bee5df9581a1c8a7) C:\WINDOWS\2051932378:637514117.exe
12:00:55.0140 2968 Suspicious file (Hidden): C:\WINDOWS\2051932378:637514117.exe. md5: 3b77e3bf5bf67483bee5df9581a1c8a7
12:00:55.0140 2968 da004e7a ( HiddenFile.Multi.Generic ) - warning
12:00:55.0140 2968 da004e7a - detected HiddenFile.Multi.Generic (1)
12:00:55.0625 2968 dac2w2k - ok
12:00:56.0062 2968 dac960nt - ok
12:00:56.0578 2968 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:00:56.0578 2968 Disk - ok
12:00:57.0453 2968 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:00:57.0718 2968 dmboot - ok
12:00:58.0281 2968 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
12:00:58.0281 2968 DMICall - ok
12:00:58.0828 2968 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:00:58.0828 2968 dmio - ok
12:00:59.0343 2968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:00:59.0343 2968 dmload - ok
12:00:59.0890 2968 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:00:59.0890 2968 DMusic - ok
12:01:00.0328 2968 dpti2o - ok
12:01:00.0812 2968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:01:00.0812 2968 drmkaud - ok
12:01:01.0421 2968 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:01:01.0421 2968 E100B - ok
12:01:02.0046 2968 e1express (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:01:02.0046 2968 e1express - ok
12:01:02.0593 2968 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:01:02.0593 2968 Fastfat - ok
12:01:03.0125 2968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:01:03.0125 2968 Fdc - ok
12:01:03.0640 2968 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:01:03.0640 2968 Fips - ok
12:01:04.0125 2968 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:01:04.0125 2968 Flpydisk - ok
12:01:04.0640 2968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:01:04.0640 2968 FltMgr - ok
12:01:05.0171 2968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:01:05.0171 2968 Fs_Rec - ok
12:01:05.0796 2968 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:01:05.0796 2968 Ftdisk - ok
12:01:06.0359 2968 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:01:06.0375 2968 GEARAspiWDM - ok
12:01:06.0937 2968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:01:06.0937 2968 Gpc - ok
12:01:07.0500 2968 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:01:07.0500 2968 HDAudBus - ok
12:01:08.0000 2968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:01:08.0000 2968 HidUsb - ok
12:01:08.0500 2968 hpn - ok
12:01:09.0062 2968 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
12:01:09.0078 2968 HSFHWAZL - ok
12:01:10.0093 2968 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:01:10.0328 2968 HSF_DPV - ok
12:01:10.0984 2968 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:01:10.0984 2968 HTTP - ok
12:01:11.0453 2968 i2omgmt - ok
12:01:11.0921 2968 i2omp - ok
12:01:12.0437 2968 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:01:12.0437 2968 i8042prt - ok
12:01:13.0531 2968 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:01:13.0859 2968 ialm - ok
12:01:14.0343 2968 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:01:14.0359 2968 Imapi - ok
12:01:14.0796 2968 ini910u - ok
12:01:15.0234 2968 IntelIde - ok
12:01:15.0765 2968 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:01:15.0765 2968 intelppm - ok
12:01:16.0250 2968 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:01:16.0250 2968 Ip6Fw - ok
12:01:16.0796 2968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:01:16.0796 2968 IpFilterDriver - ok
12:01:17.0312 2968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:01:17.0312 2968 IpInIp - ok
12:01:17.0875 2968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:01:17.0875 2968 IpNat - ok
12:01:18.0390 2968 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:01:18.0390 2968 IPSec - ok
12:01:18.0859 2968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:01:18.0859 2968 IRENUM - ok
12:01:19.0421 2968 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:01:19.0421 2968 isapnp - ok
12:01:20.0015 2968 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:01:20.0015 2968 Kbdclass - ok
12:01:20.0515 2968 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:01:20.0515 2968 kbdhid - ok
12:01:21.0093 2968 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:01:21.0093 2968 kmixer - ok
12:01:21.0687 2968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:01:21.0687 2968 KSecDD - ok
12:01:22.0156 2968 lbrtfdc - ok
12:01:22.0671 2968 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:01:22.0671 2968 mdmxsdk - ok
12:01:23.0156 2968 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:01:23.0156 2968 MHNDRV - ok
12:01:23.0703 2968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:01:23.0703 2968 mnmdd - ok
12:01:24.0218 2968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:01:24.0218 2968 Modem - ok
12:01:24.0750 2968 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:01:24.0750 2968 Mouclass - ok
12:01:25.0250 2968 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:01:25.0250 2968 mouhid - ok
12:01:25.0796 2968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:01:25.0796 2968 MountMgr - ok
12:01:26.0250 2968 mraid35x - ok
12:01:26.0828 2968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:01:26.0828 2968 MRxDAV - ok
12:01:27.0562 2968 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:01:27.0656 2968 MRxSmb - ok
12:01:28.0250 2968 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:01:28.0250 2968 Msfs - ok
12:01:28.0734 2968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:01:28.0734 2968 MSKSSRV - ok
12:01:29.0187 2968 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:01:29.0187 2968 MSPCLOCK - ok
12:01:29.0656 2968 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:01:29.0656 2968 MSPQM - ok
12:01:30.0156 2968 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:01:30.0156 2968 mssmbios - ok
12:01:30.0671 2968 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:01:30.0687 2968 MSTEE - ok
12:01:31.0218 2968 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:01:31.0218 2968 Mup - ok
12:01:31.0734 2968 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:01:31.0750 2968 NABTSFEC - ok
12:01:32.0359 2968 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:01:32.0359 2968 NDIS - ok
12:01:32.0843 2968 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:01:32.0843 2968 NdisIP - ok
12:01:33.0343 2968 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:01:33.0343 2968 NdisTapi - ok
12:01:33.0828 2968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:01:33.0828 2968 Ndisuio - ok
12:01:34.0406 2968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:01:34.0406 2968 NdisWan - ok
12:01:35.0156 2968 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:01:35.0156 2968 NDProxy - ok
12:01:35.0765 2968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:01:35.0765 2968 NetBIOS - ok
12:01:36.0343 2968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:01:36.0343 2968 NetBT - ok
12:01:36.0890 2968 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:01:36.0890 2968 NIC1394 - ok
12:01:37.0359 2968 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:01:37.0359 2968 Npfs - ok
12:01:38.0140 2968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:01:38.0265 2968 Ntfs - ok
12:01:38.0843 2968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:01:38.0843 2968 Null - ok
12:01:41.0187 2968 nv (4f56e52f7ce6ac737adb1bb2a1854592) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:01:42.0781 2968 nv - ok
12:01:43.0296 2968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:01:43.0296 2968 NwlnkFlt - ok
12:01:43.0796 2968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:01:43.0796 2968 NwlnkFwd - ok
12:01:44.0296 2968 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:01:44.0296 2968 ohci1394 - ok
12:01:44.0828 2968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:01:44.0828 2968 Parport - ok
12:01:45.0312 2968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:01:45.0312 2968 PartMgr - ok
12:01:45.0781 2968 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:01:45.0781 2968 ParVdm - ok
12:01:46.0343 2968 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:01:46.0343 2968 PCI - ok
12:01:46.0812 2968 PCIDump - ok
12:01:47.0312 2968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:01:47.0312 2968 PCIIde - ok
12:01:47.0828 2968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:01:47.0828 2968 Pcmcia - ok
12:01:48.0312 2968 PDCOMP - ok
12:01:48.0781 2968 PDFRAME - ok
12:01:49.0234 2968 PDRELI - ok
12:01:49.0671 2968 PDRFRAME - ok
12:01:50.0156 2968 pelmouse (59b3101f20056104c011e0c68aebb840) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
12:01:50.0156 2968 pelmouse - ok
12:01:50.0703 2968 pelusblf (f1ce775af376faf3ffefb4ff8cbdfbf3) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
12:01:50.0703 2968 pelusblf - ok
12:01:51.0171 2968 perc2 - ok
12:01:51.0703 2968 perc2hib - ok
12:01:52.0250 2968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:01:52.0250 2968 PptpMiniport - ok
12:01:52.0734 2968 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:01:52.0734 2968 PSched - ok
12:01:53.0234 2968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:01:53.0250 2968 Ptilink - ok
12:01:53.0703 2968 PxHelp20 - ok
12:01:54.0140 2968 ql1080 - ok
12:01:54.0578 2968 Ql10wnt - ok
12:01:55.0015 2968 ql12160 - ok
12:01:55.0484 2968 ql1240 - ok
12:01:55.0953 2968 ql1280 - ok
12:01:56.0421 2968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:01:56.0437 2968 RasAcd - ok
12:01:56.0968 2968 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:01:56.0968 2968 Rasl2tp - ok
12:01:57.0500 2968 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:01:57.0500 2968 RasPppoe - ok
12:01:57.0968 2968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:01:57.0968 2968 Raspti - ok
12:01:58.0531 2968 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:01:58.0531 2968 Rdbss - ok
12:01:59.0031 2968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:01:59.0031 2968 RDPCDD - ok
12:01:59.0593 2968 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:01:59.0609 2968 rdpdr - ok
12:02:00.0203 2968 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:02:00.0203 2968 RDPWD - ok
12:02:00.0734 2968 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:02:00.0734 2968 redbook - ok
12:02:01.0234 2968 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:02:01.0234 2968 s24trans - ok
12:02:01.0765 2968 sbaphd (6627325e92595a1854cc0dead61c25b2) C:\WINDOWS\system32\drivers\sbaphd.sys
12:02:01.0765 2968 sbaphd - ok
12:02:02.0281 2968 sbapifs (6b650ed23a6677e197cdfc8a99cfcd8c) C:\WINDOWS\system32\drivers\sbapifs.sys
12:02:02.0281 2968 sbapifs - ok
12:02:02.0875 2968 SBRE (16b11c7940182163d680284ebd0b5342) C:\WINDOWS\system32\drivers\SBREDrv.sys
12:02:02.0875 2968 SBRE - ok
12:02:03.0484 2968 SbTis (44062a740434b7c3946096d615aaa91c) C:\WINDOWS\system32\drivers\sbtis.sys
12:02:03.0484 2968 SbTis - ok
12:02:04.0031 2968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:02:04.0031 2968 Secdrv - ok
12:02:04.0562 2968 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:02:04.0562 2968 Serial - ok
12:02:05.0031 2968 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
12:02:05.0046 2968 Sfloppy - ok
12:02:05.0656 2968 SI3132 (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys
12:02:05.0656 2968 SI3132 - ok
12:02:06.0328 2968 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
12:02:06.0328 2968 SiFilter - ok
12:02:06.0781 2968 Simbad - ok
12:02:07.0218 2968 SiRemFil (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
12:02:07.0218 2968 SiRemFil - ok
12:02:07.0796 2968 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:02:07.0796 2968 SLIP - ok
12:02:08.0312 2968 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
12:02:08.0312 2968 SNC - ok
12:02:08.0796 2968 SonyImgF (c483fc0add8b074286600b9620ef2c16) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
12:02:08.0796 2968 SonyImgF - ok
12:02:09.0218 2968 Sparrow - ok
12:02:09.0750 2968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:02:09.0750 2968 splitter - ok
12:02:10.0281 2968 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:02:10.0281 2968 sr - ok
12:02:10.0953 2968 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:02:11.0000 2968 Srv - ok
12:02:12.0078 2968 STHDA (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\WINDOWS\system32\drivers\sthda.sys
12:02:12.0093 2968 STHDA - ok
12:02:12.0765 2968 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:02:12.0765 2968 StillCam - ok
12:02:13.0265 2968 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:02:13.0265 2968 streamip - ok
12:02:13.0734 2968 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:02:13.0734 2968 swenum - ok
12:02:14.0265 2968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:02:14.0265 2968 swmidi - ok
12:02:14.0718 2968 symc810 - ok
12:02:15.0156 2968 symc8xx - ok
12:02:15.0640 2968 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
12:02:15.0640 2968 symlcbrd - ok
12:02:16.0093 2968 sym_hi - ok
12:02:16.0562 2968 sym_u3 - ok
12:02:17.0125 2968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:02:17.0125 2968 sysaudio - ok
12:02:17.0828 2968 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:02:17.0875 2968 Tcpip - ok
12:02:18.0328 2968 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:02:18.0328 2968 TDPIPE - ok
12:02:18.0843 2968 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:02:18.0859 2968 TDTCP - ok
12:02:19.0343 2968 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:02:19.0343 2968 TermDD - ok
12:02:19.0953 2968 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
12:02:19.0953 2968 ti21sony - ok
12:02:20.0453 2968 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
12:02:20.0453 2968 toshidpt - ok
12:02:20.0953 2968 TosIde - ok
12:02:21.0437 2968 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
12:02:21.0437 2968 tosporte - ok
12:02:21.0968 2968 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys
12:02:21.0968 2968 Tosrfbd - ok
12:02:22.0531 2968 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
12:02:22.0531 2968 Tosrfbnp - ok
12:02:23.0078 2968 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
12:02:23.0078 2968 Tosrfcom - ok
12:02:23.0562 2968 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
12:02:23.0562 2968 Tosrfhid - ok
12:02:24.0031 2968 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
12:02:24.0031 2968 tosrfnds - ok
12:02:24.0531 2968 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
12:02:24.0531 2968 TosRfSnd - ok
12:02:25.0000 2968 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys
12:02:25.0000 2968 Tosrfusb - ok
12:02:25.0578 2968 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:02:25.0578 2968 Udfs - ok
12:02:26.0015 2968 ultra - ok
12:02:26.0656 2968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:02:26.0718 2968 Update - ok
12:02:27.0234 2968 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:02:27.0234 2968 USBAAPL - ok
12:02:27.0859 2968 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:02:27.0859 2968 usbehci - ok
12:02:28.0421 2968 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:02:28.0421 2968 usbhub - ok
12:02:28.0906 2968 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:02:28.0906 2968 usbprint - ok
12:02:29.0437 2968 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:02:29.0437 2968 usbscan - ok
12:02:29.0937 2968 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:02:29.0937 2968 usbstor - ok
12:02:30.0453 2968 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:02:30.0453 2968 usbuhci - ok
12:02:31.0093 2968 usbvm321 (c7f4158ea3915f4194aee233ff8d4728) C:\WINDOWS\system32\Drivers\usbvm321.sys
12:02:31.0093 2968 usbvm321 - ok
12:02:31.0625 2968 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:02:31.0625 2968 VgaSave - ok
12:02:32.0093 2968 ViaIde - ok
12:02:32.0609 2968 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:02:32.0625 2968 VolSnap - ok
12:02:33.0812 2968 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
12:02:33.0812 2968 w39n51 - ok
12:02:34.0328 2968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:02:34.0328 2968 Wanarp - ok
12:02:34.0937 2968 WDICA - ok
12:02:35.0796 2968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:02:35.0812 2968 wdmaud - ok
12:02:36.0671 2968 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:02:36.0812 2968 winachsf - ok
12:02:37.0437 2968 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:02:37.0437 2968 WSTCODEC - ok
12:02:37.0484 2968 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:02:38.0031 2968 \Device\Harddisk0\DR0 - ok
12:02:38.0031 2968 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk2\DR5
12:02:38.0046 2968 \Device\Harddisk2\DR5 - ok
12:02:38.0046 2968 Boot (0x1200) (6e77851c26fd7b9269382d1a20b8b97d) \Device\Harddisk0\DR0\Partition0
12:02:38.0046 2968 \Device\Harddisk0\DR0\Partition0 - ok
12:02:38.0046 2968 Boot (0x1200) (d02f7d6e25b469406fca413da3887955) \Device\Harddisk2\DR5\Partition0
12:02:38.0046 2968 \Device\Harddisk2\DR5\Partition0 - ok
12:02:38.0062 2968 ============================================================
12:02:38.0062 2968 Scan finished
12:02:38.0062 2968 ============================================================
12:02:38.0062 3108 Detected object count: 1
12:02:38.0062 3108 Actual detected object count: 1
12:04:10.0906 3108 HKLM\SYSTEM\ControlSet001\services\da004e7a - will be deleted on reboot
12:04:11.0265 3108 HKLM\SYSTEM\ControlSet002\services\da004e7a - will be deleted on reboot
12:04:11.0343 3108 C:\WINDOWS\2051932378:637514117.exe - will be deleted on reboot
12:04:11.0343 3108 da004e7a ( HiddenFile.Multi.Generic ) - User select action: Delete
12:04:51.0390 2260 Deinitialize success


==================================
==================================
==================================


Combofix Log

ComboFix 11-10-05.01 - Owner 10/05/2011 12:48:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1570 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\{5F229C11-5039-40E4-8537-6950BB1C9ECC}
c:\documents and settings\Owner\Recent\Thumbs.db
c:\documents and settings\Owner\Templates\cache
c:\documents and settings\Owner\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\desktop.ini
c:\documents and settings\Owner\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\temp.db
c:\documents and settings\Owner\Templates\cache\desktop.ini
c:\documents and settings\Owner\WINDOWS
c:\windows\$NtUninstallKB27525$
c:\windows\$NtUninstallKB27525$\2836389796
c:\windows\$NtUninstallKB27525$\3657453178\@
c:\windows\$NtUninstallKB27525$\3657453178\bckfg.tmp
c:\windows\$NtUninstallKB27525$\3657453178\cfg.ini
c:\windows\$NtUninstallKB27525$\3657453178\Desktop.ini
c:\windows\$NtUninstallKB27525$\3657453178\keywords
c:\windows\$NtUninstallKB27525$\3657453178\kwrd.dll
c:\windows\$NtUninstallKB27525$\3657453178\L\kigndqek
c:\windows\$NtUninstallKB27525$\3657453178\lsflt7.ver
c:\windows\$NtUninstallKB27525$\3657453178\U\00000001.@
c:\windows\$NtUninstallKB27525$\3657453178\U\00000002.@
c:\windows\$NtUninstallKB27525$\3657453178\U\80000000.@
c:\windows\$NtUninstallKB27525$\3657453178\U\80000032.@
c:\windows\kb835221.exe
c:\windows\kb913800.exe
c:\windows\setupapi.log
c:\windows\windows-kb870669-x86-enu.exe
c:\windows\windowsinstaller-kb893803-v2-x86.exe
c:\windows\windowsmedia10-kb917734-x86-enu.exe
c:\windows\windowsxp-kb307154-x86-enu.exe
c:\windows\windowsxp-kb873339-x86-enu.exe
c:\windows\windowsxp-kb884018-x86-enu.exe
c:\windows\windowsxp-kb884575-x86-enu.exe
c:\windows\windowsxp-kb885250-x86-enu.exe
c:\windows\windowsxp-kb885835-x86-enu.exe
c:\windows\windowsxp-kb885836-x86-enu.exe
c:\windows\windowsxp-kb886185-x86-enu.exe
c:\windows\windowsxp-kb887472-x86-enu.exe
c:\windows\windowsxp-kb887742-x86-enu.exe
c:\windows\windowsxp-kb888113-x86-enu.exe
c:\windows\windowsxp-kb888239-x86-enu.exe
c:\windows\windowsxp-kb888302-x86-enu.exe
c:\windows\windowsxp-kb888321-x86-enu.exe
c:\windows\windowsxp-kb890046-x86-enu.exe
c:\windows\windowsxp-kb890859-x86-enu.exe
c:\windows\windowsxp-kb891781-x86-enu.exe
c:\windows\windowsxp-kb892130-enu-x86.exe
c:\windows\WindowsXP-KB893056-x86-ENU.exe
c:\windows\windowsxp-kb893066-v2-x86-enu.exe
c:\windows\windowsxp-kb893357-v2-x86-enu.exe
c:\windows\windowsxp-kb893756-x86-enu.exe
c:\windows\windowsxp-kb894391-x86-enu.exe
c:\windows\windowsxp-kb896358-x86-enu.exe
c:\windows\windowsxp-kb896422-x86-enu.exe
c:\windows\windowsxp-kb896423-x86-enu.exe
c:\windows\windowsxp-kb896424-x86-enu.exe
c:\windows\windowsxp-kb896428-x86-enu.exe
c:\windows\windowsxp-kb896688-x86-enu.exe
c:\windows\windowsxp-kb896727-x86-enu.exe
c:\windows\windowsxp-kb899587-x86-enu.exe
c:\windows\windowsxp-kb899588-x86-enu.exe
c:\windows\windowsxp-kb899589-x86-enu.exe
c:\windows\windowsxp-kb899591-x86-enu.exe
c:\windows\windowsxp-kb900466-x86-enu.exe
c:\windows\windowsxp-kb900485-v2-x86-enu.exe
c:\windows\windowsxp-kb900725-x86-enu.exe
c:\windows\windowsxp-kb901017-x86-enu.exe
c:\windows\windowsxp-kb901214-x86-enu.exe
c:\windows\windowsxp-kb902400-x86-enu.exe
c:\windows\windowsxp-kb903235-x86-enu.exe
c:\windows\windowsxp-kb905414-x86-enu.exe
c:\windows\windowsxp-kb905749-x86-enu.exe
c:\windows\windowsxp-kb905915-x86-enu.exe
c:\windows\windowsxp-kb908519-x86-enu.exe
c:\windows\windowsxp-kb908531-x86-enu.exe
c:\windows\windowsxp-kb909667-x86-enu.exe
c:\windows\windowsxp-kb910437-x86-enu.exe
c:\windows\windowsxp-kb910728-x86-enu.exe
c:\windows\windowsxp-kb911280-x86-enu.exe
c:\windows\windowsxp-kb911562-x86-enu.exe
c:\windows\windowsxp-kb911567-x86-enu.exe
c:\windows\windowsxp-kb911927-x86-enu.exe
c:\windows\windowsxp-kb912919-x86-enu.exe
c:\windows\windowsxp-kb912945-x86-enu.exe
c:\windows\windowsxp-kb914389-x86-enu.exe
c:\windows\windowsxp-kb916281-x86-enu.exe
c:\windows\windowsxp-kb917344-x86-enu.exe
c:\windows\windowsxp-kb917953-x86-enu.exe
c:\windows\windowsxp-kb918439-x86-enu.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-05 to 2011-10-05 )))))))))))))))))))))))))))))))
.
.
2011-10-05 15:39 . 2011-10-05 15:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 14:57 . 2011-09-29 14:57 -------- d-----w- C:\_OTL
2011-09-21 14:16 . 2011-09-21 14:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-09-21 12:36 . 2011-09-21 12:36 -------- d--h--w- c:\windows\PIF
2011-09-20 20:41 . 2011-09-20 20:41 -------- d-----w- c:\program files\Disk Heal
2011-09-20 12:20 . 2011-09-21 12:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-20 12:20 . 2011-09-21 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-09-19 19:55 . 2011-09-19 19:55 -------- d-----w- c:\program files\ESET
2011-09-17 16:58 . 2011-09-17 16:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-09-11 22:05 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-09-11 22:05 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-09-06 16:30 . 2011-09-06 16:30 42832 ----a-w- c:\windows\system32\sbbd.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 15:09 . 2010-08-26 21:55 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
2011-09-09 09:12 . 2006-07-24 17:27 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-29 21:36 . 2011-08-29 21:36 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-29 21:36 . 2010-08-26 22:22 74456 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-08-29 21:36 . 2010-08-26 22:22 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2011-07-15 13:29 . 2006-07-24 17:27 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-07-24 17:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShutterflyStudio"="c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe" [2008-05-07 2500096]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-24 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-06 1357136]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-7-11 157088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableInstallerDetection"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 10.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 10.lnk
backup=c:\windows\pss\CorelCENTRAL 10.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-03-22 01:30 1191936 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 -c--a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-09-03 16:42 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-04-05 18:21 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-04-05 18:21 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-04-05 18:21 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-05-08 17:50 7561216 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2002-08-15 09:54 77887 -c--a-w- c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2006-06-28 01:24 217088 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-05-22 21:39 32881 -c--a-w- c:\program files\Java\j2re1.4.2_15\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2006-02-14 19:11 176128 ----a-w- c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-02-07 19:17 185896 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 -c--a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 04:08 28672 -c--a-w- c:\windows\SONYSYS\VAIO Recovery\Partseal.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [8/26/2010 6:22 PM 21592]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/29/2011 5:36 PM 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [8/26/2010 5:55 PM 212568]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [9/6/2011 12:29 PM 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [8/26/2010 6:22 PM 74456]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [9/6/2011 12:29 PM 181584]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/24/2006 1:28 PM 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/24/2006 1:28 PM 226304]
S2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10753\AGCoreService.exe [7/11/2010 12:11 PM 20480]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/7/2007 3:18 PM 29744]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-09-11 c:\windows\Tasks\hpwebreg_CN11Q111F905JW.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\hpwebreg.exe [2010-11-17 01:16]
.
2011-09-11 c:\windows\Tasks\hpwebreg_xxxxxxxxxx.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\hpwebreg.exe [2010-11-17 01:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: &Webshots Photo Search - c:\program files\Webshots\3.1.5.7617\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2 - (no file)
SafeBoot-62729285.sys
SafeBoot-83898107.sys
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-pccguide - c:\program files\Trend Micro\Antivirus\pccguide.exe
MSConfigStartUp-PCClient - c:\program files\Trend Micro\Antivirus\PCClient.exe
MSConfigStartUp-TM Outbreak Agent - c:\program files\Trend Micro\Antivirus\TMOAgent.exe
MSConfigStartUp-VAIOUninstall - E:\RmOldApp.exe
MSConfigStartUp-Weather - c:\progra~1\AWS\WEATHE~1\Weather.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-05 13:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(2764)
c:\windows\system32\WININET.dll
c:\program files\Sunbelt Software\VIPRE\oehook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\progra~1\Webshots\315~1.761\webshots.scr
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-10-05 13:55:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-05 17:55
.
Pre-Run: 129,493,700,608 bytes free
Post-Run: 130,686,722,048 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 229AF9BA5815B11AA0278DAFDB570515

#12 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 05 October 2011 - 05:42 PM

I agree, definite progress being made there. Please run new OTL and Gmer scans, and post those logs (just the OTL OTL.Txt log).
Ad eundum quo no duck ante iit

#13 Brandon Lubbert

Brandon Lubbert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 07 October 2011 - 07:13 AM

Notes from instructions:

I ran OTL with no problems. Log is below:


I ran GMER the first time and it seemed to disappear. Not sure what happened.

I ran it a second and third time and everything seemed to work fine.

How can I say how much I appreciate your help!

Brandon



===============================
===============================
===============================


OTL.txt

OTL logfile created on: 10/6/2011 12:46:55 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.51% Memory free
3.84 Gb Paging File | 3.51 Gb Available in Paging File | 91.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 121.61 Gb Free Space | 85.61% Space Free | Partition Type: NTFS
Drive E: | 538.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.91 Gb Total Space | 1.03 Gb Free Space | 26.46% Space Free | Partition Type: FAT32

Computer Name: 480037D956F7448 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/27 16:24:00 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/09/06 12:29:38 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/04/13 16:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/04/04 17:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/11/28 16:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 16:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/25 00:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005/12/22 17:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\unrar.dll
MOD - [2005/11/28 14:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 14:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 14:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/05/20 20:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/06 12:29:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/09/06 12:29:38 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2010/03/18 10:57:48 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Stopped] -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe -- (AGCoreService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/08/02 16:12:02 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/06/13 11:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 12:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 13:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 13:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/05/08 07:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 20:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 20:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 20:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/13 16:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/04/04 17:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 16:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 16:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 16:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2004/08/11 03:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/11 00:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)


========== Driver Services (SafeList) ==========

DRV - [2011/09/29 11:09:39 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/08/29 17:36:34 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/08/29 17:36:34 | 000,074,456 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/08/29 17:36:34 | 000,021,592 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2006/08/02 16:15:30 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/05/26 10:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/06 22:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/02/21 22:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/02/08 20:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/03 02:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/31 21:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/12/29 22:42:00 | 000,234,496 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/12/14 20:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/12/05 03:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/28 15:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/24 16:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/11 18:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/18 20:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 20:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/21 13:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005/09/20 19:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2005/08/01 19:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 21:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 16:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 16:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2002/06/28 21:21:40 | 000,017,251 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001/07/24 13:34:34 | 000,007,520 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :8181

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@webshots.com: C:\Program Files\Webshots\3.1.5.7617\Firefox [2010/07/11 12:11:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/02 21:33:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/02 21:33:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/10/05 13:41:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Webshots Toolbar) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7617\WSToolbar4IE.dll (Webshots.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O3 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\..\Toolbar\ShellBrowser: (Webshots Toolbar) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7617\WSToolbar4IE.dll (Webshots.com)
O3 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\..\Toolbar\WebBrowser: (Webshots Toolbar) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7617\WSToolbar4IE.dll (Webshots.com)
O3 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1288125523-4092121907-514204174-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 3.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: &Webshots Photo Search - C:\Program Files\Webshots\3.1.5.7617\WSToolbar4IE.dll (Webshots.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1317843809984 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-1_4-windows-i586.cab (Java Plug-in 1.4.2_15)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F0C224-FEAA-4E67-89E2-CF5D3828BF08}: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4601F68-7B62-46DD-B197-56CED4ED4D71}: DhcpNameServer = 10.0.1.99
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/24 13:45:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/10/05 11:38:31 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/10/05 11:38:32 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/05 15:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/10/05 15:42:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\UserData
[2011/10/05 12:30:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/05 12:26:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/05 12:26:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/05 12:26:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/05 12:26:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/05 12:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/05 12:25:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/05 11:53:46 | 004,243,642 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/10/05 11:49:54 | 000,187,464 | ---- | C] (Webroot) -- C:\Documents and Settings\Owner\Desktop\antizeroaccess.exe
[2011/10/05 11:39:50 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/05 11:38:31 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/10/05 11:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sunbelt Software
[2011/09/29 11:01:29 | 001,548,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\larry.com
[2011/09/29 10:57:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/27 17:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmery
[2011/09/27 16:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/09/27 16:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmerz
[2011/09/27 16:23:56 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/27 08:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\sreng2
[2011/09/27 08:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/27 08:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/27 08:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\kztechssuite
[2011/09/26 11:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmerc
[2011/09/26 11:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmerb
[2011/09/26 11:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmera
[2011/09/21 10:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2011/09/21 10:05:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/09/21 10:05:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/21 08:36:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/20 16:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Disk Heal
[2011/09/20 16:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\Disk Heal
[2011/09/20 08:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/20 08:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/09/20 08:18:31 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe
[2011/09/19 16:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/19 15:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/19 14:20:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/09/17 12:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/09/17 12:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/16 14:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/09/16 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/16 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/11 18:05:40 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2011/09/07 15:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\The Learning Company
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/05 15:33:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/05 15:33:44 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/05 13:41:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/05 12:30:55 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/10/05 11:58:45 | 001,529,369 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/10/05 11:53:46 | 004,243,642 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/10/05 11:49:55 | 000,187,464 | ---- | M] (Webroot) -- C:\Documents and Settings\Owner\Desktop\antizeroaccess.exe
[2011/10/05 11:39:50 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/05 11:36:35 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Flash_Disinfector.exe
[2011/10/05 11:04:46 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2011/10/03 17:38:00 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\larry.com
[2011/09/29 11:09:39 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2011/09/29 11:02:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/29 10:36:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/29 10:36:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2051932378
[2011/09/28 08:42:29 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/09/28 08:38:43 | 001,916,416 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\aswMBR1.exe
[2011/09/28 08:14:27 | 001,916,416 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/09/27 16:24:00 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/27 16:08:15 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/09/27 08:41:05 | 000,000,122 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\run.vbs
[2011/09/27 08:38:51 | 000,676,536 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sreng2.zip
[2011/09/27 08:25:08 | 001,920,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\kztechssuite.zip
[2011/09/21 10:09:01 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/09/21 10:05:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/21 10:04:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/09/21 10:04:01 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/09/20 16:41:50 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Disk Heal.lnk
[2011/09/20 16:40:38 | 000,432,017 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DiskHealSetupv1.48R.exe
[2011/09/20 08:18:31 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe
[2011/09/17 11:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/15 22:28:27 | 000,001,682 | ---- | M] () -- C:\WINDOWS\System32\EmailAVConfig.xml
[2011/09/15 22:25:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/11 18:08:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
[2011/09/11 18:06:50 | 000,000,654 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_CN11Q111F905JW.job
[2011/09/11 18:04:44 | 000,000,690 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_xxxxxxxxxx.job
[2011/09/09 05:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/05 12:30:55 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/10/05 12:30:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/05 12:26:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/05 12:26:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/05 12:26:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/05 12:26:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/05 12:26:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/05 11:58:45 | 001,529,369 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/10/05 11:36:34 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Flash_Disinfector.exe
[2011/10/05 11:04:46 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2011/09/28 08:42:00 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/09/28 08:38:43 | 001,916,416 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\aswMBR1.exe
[2011/09/28 08:14:27 | 001,916,416 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/09/27 08:41:05 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\run.vbs
[2011/09/27 08:38:38 | 000,676,536 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sreng2.zip
[2011/09/27 08:25:04 | 001,920,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\kztechssuite.zip
[2011/09/21 10:08:57 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/09/21 10:04:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/09/21 10:03:53 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/09/21 08:33:00 | 2137,182,208 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/20 16:41:50 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Disk Heal.lnk
[2011/09/20 16:40:30 | 000,432,017 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DiskHealSetupv1.48R.exe
[2011/09/16 14:44:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/16 14:24:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2051932378
[2011/09/15 22:28:27 | 000,001,682 | ---- | C] () -- C:\WINDOWS\System32\EmailAVConfig.xml
[2011/09/11 18:06:49 | 000,000,654 | ---- | C] () -- C:\WINDOWS\tasks\hpwebreg_CN11Q111F905JW.job
[2011/08/31 15:40:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/06/04 08:01:27 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/06 15:15:31 | 000,045,163 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2007/09/06 15:15:31 | 000,045,161 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2007/05/26 10:40:56 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2007/02/07 15:19:07 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/29 21:42:14 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2007/01/29 21:42:14 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2007/01/29 21:37:41 | 000,041,472 | ---- | C] () -- C:\WINDOWS\qvphook.dll
[2006/12/22 15:16:23 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/22 15:16:23 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/12/22 13:50:03 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/08/02 16:15:47 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/08/02 16:07:03 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/08/02 16:04:39 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/02 16:04:10 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/08/02 15:59:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/02 15:50:28 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/07/24 16:45:11 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2006/07/24 16:24:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/24 15:40:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/07/24 15:38:31 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/24 15:30:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/07/24 14:09:38 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2006/07/24 14:03:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2006/07/24 13:52:40 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/07/24 13:48:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/24 13:41:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/24 13:28:35 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/24 13:28:25 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/24 13:27:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/24 13:27:47 | 000,459,970 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/24 13:27:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/24 13:27:47 | 000,079,458 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/24 13:27:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/24 13:27:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/24 13:27:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/24 13:27:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/24 13:27:42 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/24 13:27:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/24 13:27:38 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/24 13:27:34 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/24 06:35:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/24 06:34:48 | 000,204,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 17:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

< End of report >



===============================
===============================
===============================

GMER Log



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-07 08:02:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e FUJITSU_MHV2160BT rev.00000014
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwwyifoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xB8F914D0]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xB8F91520]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#14 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 07 October 2011 - 05:01 PM

That looks good Brandon. You have some installs you want to consider removing. Some are toolbars. These reduce the viewing area of your browsers (IE and Firefox), and even if hidden from view, tend to maintain regular contact with their servers. If you do not actually use these for the "handy" buttons they provide, I suggest just uninstalling them (Firefox - Tools - Add-ons).

Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel. All your choice on this.

Google Toolbar for Internet Explorer - Includes a resource using "Updater".
Webshots Toolbar for IE
AOL Toolbar
Search Enhancement by AOL Search - "Enhance" usually means search redirect $$ for whoever provides the software.
Bing Rewards Client Installer - Rewards for search redirecting, so again $$.
Bing Bar Platform

--------------

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
Open Notepad (Start - Run, type Notepad then press OK), and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry. Just removing a SpySweeper remnant it always leaves behind.

-----------

Navigate to the following hilighted folder, and delete it:

C:\WINDOWS\2051932378

Be sure to let me know if you run into problems doing this.

---------

The logs show you have slightly outdated versions of vulnerable programs, so Go to each of these sites and update to the latest version (keep your eyes open - they often slide in "opportunities" for things like Google, or McAfee's scanner):

http://www.adobe.com/downloads/
(For Adobe Reader and Flash Player)

http://java.com/en/download/manual.jsp
(For Java 6 Update 27)

Once you have done that, be sure to go to Add/Remove Programs and uninstall any older, more vulnerable Java versions.

Java 2 Runtime Environment, SE v1.4.2_15


Do those changes, then before we just wrap things up here by cleaning up what our work added there (the desktop looks pretty cluttered with our stuff), post back how that all went please.
Ad eundum quo no duck ante iit

#15 Brandon Lubbert

Brandon Lubbert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 AM

Posted 11 October 2011 - 03:00 PM

Notes:

I uninstalled many of the toolbars. I also uninstalled the Disk Fix Program as well as webshots.

I ran the registry fixer.reg with no problems.

I didn't find any folder with 2051932378. I did find a file called this as well as another file like this in the prefetch directory. Was it the file you wanted deleted?

I updated each of the programs you mentioned, Acrobat, Flash and Java. No problems

I did run into a small problem though and not sure how to solve this one. Upon rebooting there is an error that comes up "This application has failed to start because FRN.dll wasn not found. Re-installing the application may fix the problem." I am not sure what to do with this or how to fix it.

Thanks again for your help! How in the world did you learn all this stuff. Just curious, where are you from?

Brandon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users