Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDL4@MBR infection: can only run Win/xp in Safe Mode


  • This topic is locked This topic is locked
19 replies to this topic

#1 zestyaz

zestyaz

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 23 October 2011 - 11:34 AM

Unable to run PC Win/XP SP3 except in safe mode with networking. Cannot do anything in normal mode because of errors: *dll not a valid Windows image;*exe not a valid Win32 App.
== dds.txt ==
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Mom at 8:21:14 on 2011-10-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.717 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: ZoneAlarm Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - c:\program files\zonealarm_extreme_security\prxtbZone.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - c:\program files\zonealarm_extreme_security\prxtbZone.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - c:\program files\zonealarm_extreme_security\prxtbZone.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BrowserProtect]
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: musicmatch.com\online
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4DEFD374-4448-4671-B2AC-94457207A28B} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mom\application data\mozilla\firefox\profiles\al8a24s4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - plugin: c:\documents and settings\mom\application data\mozilla\firefox\profiles\al8a24s4.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
.
---- FIREFOX POLICIES ----

.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-10-14 132184]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-3 64288]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-7-22 525840]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-21 327256]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
S2 bprot;BrowserProtect Service;c:\program files\browserprotect\BpSvc.exe [2011-10-22 945664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 135664]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 493184]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\secunia\psi\sua.exe" --start-service --> c:\program files\secunia\psi\sua.exe [?]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
S2 wscsvc32;Security Center ;c:\windows\system32\mmcex32.exe --> c:\windows\system32\mmcex32.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 135664]
S3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2011-7-25 36744]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2152152]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-11 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Schedule32;Task Scheduler ;c:\windows\system32\msprivs32.exe --> c:\windows\system32\msprivs32.exe [?]
.
=============== Created Last 30 ================
.
2011-10-22 17:52:17 -------- d-----w- c:\program files\BrowserProtect
2011-10-22 14:50:25 -------- d-----w- c:\program files\PC Tune-Up
2011-09-26 18:41:20 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2011-09-26 18:41:14 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll
.
==================== Find3M ====================
.
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 23:24:41 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-25 03:32:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 8:23:26.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 AM

Posted 28 October 2011 - 11:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424674 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 zestyaz

zestyaz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 28 October 2011 - 01:39 PM

- Ran full scans from Zonealarm and Malware. Became obvious that these were not working because when boot done in normal received error messages that *dll not a valid Windows image;*exe not a valid Win32 App.
The pc will only operate in Safe Mode.

- Original Windows CD/DVD are NOT available. Came preloaded.
== dds.txt ==
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Mom at 10:26:16 on 2011-10-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.534 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: ZoneAlarm Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - c:\program files\zonealarm_extreme_security\prxtbZone.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - c:\program files\zonealarm_extreme_security\prxtbZone.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - c:\program files\zonealarm_extreme_security\prxtbZone.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BrowserProtect]
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_Plugin.exe -update plugin
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: musicmatch.com\online
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4DEFD374-4448-4671-B2AC-94457207A28B} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mom\application data\mozilla\firefox\profiles\al8a24s4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - plugin: c:\documents and settings\mom\application data\mozilla\firefox\profiles\al8a24s4.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
.
---- FIREFOX POLICIES ----

.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-10-14 132184]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-3 64288]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-7-22 525840]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-21 327256]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
S2 bprot;BrowserProtect Service;c:\program files\browserprotect\BpSvc.exe [2011-10-22 945664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 135664]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 493184]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\secunia\psi\sua.exe" --start-service --> c:\program files\secunia\psi\sua.exe [?]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
S2 wscsvc32;Security Center ;c:\windows\system32\mmcex32.exe --> c:\windows\system32\mmcex32.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 135664]
S3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2011-7-25 36744]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2152152]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-11 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Schedule32;Task Scheduler ;c:\windows\system32\msprivs32.exe --> c:\windows\system32\msprivs32.exe [?]
.
=============== Created Last 30 ================
.
2011-10-22 17:52:17 -------- d-----w- c:\program files\BrowserProtect
2011-10-22 14:50:25 -------- d-----w- c:\program files\PC Tune-Up
.
==================== Find3M ====================
.
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sysAttached File  attach.zip   4.82KB   0 downloads
2011-08-25 23:24:41 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-25 03:32:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 10:34:17.68 ===============

Attached Files

  • Attached File  ark.txt   10.86KB   2 downloads


#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:01 PM

Posted 28 October 2011 - 02:03 PM

Hello and welcome to BleepingComputer! :)



I am Blind Faith and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are destined to idetifying the possible threats present on your system so I will analyze the results they produce.
If you will encounter a delay of over 2 days from me, please don't hesitate and private message me.
Do not forget to check your topic periodically and subscribe to the topic so that you can receive notifications regarding my replies.


For now, as you can see, I am a trainee that means my answers are supervised by a coach so it might happen that my replies will have a short delay between them but not more than 2 days from your last post.
Thank you very much for your patience.


Regards,

Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 zestyaz

zestyaz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 28 October 2011 - 03:28 PM

Dear Blind Faith - trying to reach you. I sent a message via "contact us".
Kindly contact me ASAP. Thanks.

Edited by zestyaz, 28 October 2011 - 05:40 PM.


#6 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:01 PM

Posted 28 October 2011 - 05:38 PM

Hi there,



As you opened a topic in the Virus, Trojan, Spyware, and Malware Removal Logs subforum, you will be assisted here, no need to try to contact me privately. Here you will get your instructions, this way others can see what we are doing hoping it might help them. :)


Just wait patiently for my reply,



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#7 zestyaz

zestyaz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 30 October 2011 - 11:06 AM

:-(

#8 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:01 PM

Posted 30 October 2011 - 02:47 PM

[/color]



Hi there,


Firstly I need to tell you about the risks your computer is exposed to.
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


================================================================================



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#9 zestyaz

zestyaz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 30 October 2011 - 03:23 PM

Downloaded TDSSKiller version 2.6.14.0

12:58:55.0859 1716 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
12:58:56.0156 1716 ============================================================
12:58:56.0156 1716 Current date / time: 2011/10/30 12:58:56.0156
12:58:56.0156 1716 SystemInfo:
12:58:56.0156 1716
12:58:56.0156 1716 OS Version: 5.1.2600 ServicePack: 3.0
12:58:56.0156 1716 Product type: Workstation
12:58:56.0156 1716 ComputerName: D6G2C291
12:58:56.0156 1716 UserName: Mom
12:58:56.0156 1716 Windows directory: C:\WINDOWS
12:58:56.0156 1716 System windows directory: C:\WINDOWS
12:58:56.0156 1716 Processor architecture: Intel x86
12:58:56.0156 1716 Number of processors: 2
12:58:56.0156 1716 Page size: 0x1000
12:58:56.0156 1716 Boot type: Safe boot with network
12:58:56.0156 1716 ============================================================
12:58:59.0234 1716 Initialize success
13:01:12.0703 0328 ============================================================
13:01:12.0703 0328 Scan started
13:01:12.0703 0328 Mode: Manual;
13:01:12.0703 0328 ============================================================
13:01:20.0343 0328 Abiosdsk - ok
13:01:20.0562 0328 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:01:20.0562 0328 abp480n5 - ok
13:01:20.0734 0328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:01:20.0750 0328 ACPI - ok
13:01:20.0968 0328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:01:20.0968 0328 ACPIEC - ok
13:01:21.0109 0328 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:01:21.0125 0328 adpu160m - ok
13:01:21.0171 0328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:01:21.0171 0328 aec - ok
13:01:21.0250 0328 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:01:21.0281 0328 AFD - ok
13:01:21.0296 0328 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:01:21.0312 0328 agp440 - ok
13:01:21.0328 0328 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:01:21.0328 0328 agpCPQ - ok
13:01:21.0359 0328 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:01:21.0359 0328 Aha154x - ok
13:01:21.0406 0328 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:01:21.0406 0328 aic78u2 - ok
13:01:21.0484 0328 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:01:21.0484 0328 aic78xx - ok
13:01:21.0593 0328 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:01:21.0593 0328 AliIde - ok
13:01:21.0671 0328 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:01:21.0671 0328 alim1541 - ok
13:01:21.0718 0328 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:01:21.0718 0328 amdagp - ok
13:01:21.0812 0328 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:01:21.0812 0328 amsint - ok
13:01:21.0875 0328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:01:21.0875 0328 Arp1394 - ok
13:01:21.0921 0328 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:01:21.0921 0328 asc - ok
13:01:21.0968 0328 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:01:21.0968 0328 asc3350p - ok
13:01:22.0015 0328 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:01:22.0015 0328 asc3550 - ok
13:01:22.0062 0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:01:22.0062 0328 AsyncMac - ok
13:01:22.0093 0328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:01:22.0093 0328 atapi - ok
13:01:22.0109 0328 Atdisk - ok
13:01:22.0140 0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:01:22.0156 0328 Atmarpc - ok
13:01:22.0187 0328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:01:22.0187 0328 audstub - ok
13:01:22.0218 0328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:01:22.0218 0328 Beep - ok
13:01:22.0453 0328 catchme - ok
13:01:22.0578 0328 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:01:22.0578 0328 cbidf - ok
13:01:22.0640 0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:01:22.0640 0328 cbidf2k - ok
13:01:22.0671 0328 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:01:22.0671 0328 cd20xrnt - ok
13:01:22.0703 0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:01:22.0703 0328 Cdaudio - ok
13:01:22.0765 0328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:01:22.0765 0328 Cdfs - ok
13:01:22.0812 0328 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
13:01:22.0812 0328 Cdr4_xp - ok
13:01:22.0843 0328 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
13:01:22.0843 0328 Cdralw2k - ok
13:01:22.0875 0328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:01:22.0875 0328 Cdrom - ok
13:01:22.0906 0328 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
13:01:22.0906 0328 cdudf_xp - ok
13:01:22.0921 0328 Changer - ok
13:01:23.0000 0328 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:01:23.0000 0328 CmdIde - ok
13:01:23.0062 0328 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:01:23.0062 0328 Cpqarray - ok
13:01:23.0109 0328 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
13:01:23.0109 0328 CVirtA - ok
13:01:23.0187 0328 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:01:23.0234 0328 dac2w2k - ok
13:01:23.0281 0328 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:01:23.0281 0328 dac960nt - ok
13:01:23.0328 0328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:01:23.0328 0328 Disk - ok
13:01:23.0421 0328 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
13:01:23.0421 0328 DLABOIOM - ok
13:01:23.0453 0328 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
13:01:23.0453 0328 DLACDBHM - ok
13:01:23.0468 0328 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS
13:01:23.0468 0328 DLADResN - ok
13:01:23.0484 0328 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
13:01:23.0500 0328 DLAIFS_M - ok
13:01:23.0515 0328 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
13:01:23.0515 0328 DLAOPIOM - ok
13:01:23.0531 0328 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
13:01:23.0531 0328 DLAPoolM - ok
13:01:23.0593 0328 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
13:01:23.0593 0328 DLARTL_N - ok
13:01:23.0781 0328 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
13:01:23.0828 0328 DLAUDFAM - ok
13:01:23.0859 0328 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
13:01:23.0859 0328 DLAUDF_M - ok
13:01:23.0968 0328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:01:24.0000 0328 dmboot - ok
13:01:24.0031 0328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:01:24.0031 0328 dmio - ok
13:01:24.0078 0328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:01:24.0078 0328 dmload - ok
13:01:24.0109 0328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:01:24.0109 0328 DMusic - ok
13:01:24.0156 0328 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:01:24.0156 0328 dpti2o - ok
13:01:24.0218 0328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:01:24.0218 0328 drmkaud - ok
13:01:24.0265 0328 drvmcdb (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
13:01:24.0281 0328 drvmcdb - ok
13:01:24.0328 0328 drvnddm (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
13:01:24.0328 0328 drvnddm - ok
13:01:24.0500 0328 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
13:01:24.0500 0328 DSproct - ok
13:01:24.0578 0328 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
13:01:24.0578 0328 dsunidrv - ok
13:01:24.0625 0328 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
13:01:24.0625 0328 dvd_2K - ok
13:01:24.0656 0328 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:01:24.0656 0328 E100B - ok
13:01:24.0828 0328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:01:24.0843 0328 Fastfat - ok
13:01:24.0906 0328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:01:24.0906 0328 Fdc - ok
13:01:24.0968 0328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:01:24.0968 0328 Fips - ok
13:01:24.0984 0328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:01:24.0984 0328 Flpydisk - ok
13:01:25.0031 0328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:01:25.0046 0328 FltMgr - ok
13:01:25.0125 0328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:01:25.0125 0328 Fs_Rec - ok
13:01:25.0156 0328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:01:25.0156 0328 Ftdisk - ok
13:01:25.0203 0328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:01:25.0203 0328 GEARAspiWDM - ok
13:01:25.0296 0328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:01:25.0296 0328 Gpc - ok
13:01:25.0421 0328 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:01:25.0421 0328 HDAudBus - ok
13:01:25.0437 0328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:01:25.0437 0328 HidUsb - ok
13:01:25.0468 0328 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:01:25.0468 0328 hpn - ok
13:01:25.0531 0328 HSFHWAZL (14b15d0d803ef4ab9b525b7e2da303ef) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
13:01:25.0546 0328 HSFHWAZL - ok
13:01:25.0718 0328 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
13:01:26.0171 0328 HSF_DPV - ok
13:01:26.0234 0328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:01:26.0234 0328 HTTP - ok
13:01:26.0281 0328 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:01:26.0281 0328 i2omgmt - ok
13:01:26.0312 0328 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:01:26.0312 0328 i2omp - ok
13:01:26.0390 0328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:01:26.0390 0328 i8042prt - ok
13:01:26.0609 0328 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:01:26.0781 0328 ialm - ok
13:01:27.0093 0328 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
13:01:27.0093 0328 iastor - ok
13:01:27.0406 0328 icsak (7d38902d8f29e6ef25cbb81baa4a9210) C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
13:01:27.0406 0328 icsak - ok
13:01:27.0531 0328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:01:27.0531 0328 Imapi - ok
13:01:27.0625 0328 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:01:27.0625 0328 ini910u - ok
13:01:27.0703 0328 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:01:27.0703 0328 IntelIde - ok
13:01:27.0765 0328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:01:27.0765 0328 intelppm - ok
13:01:27.0812 0328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:01:27.0812 0328 Ip6Fw - ok
13:01:27.0859 0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:01:27.0859 0328 IpFilterDriver - ok
13:01:27.0890 0328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:01:27.0890 0328 IpInIp - ok
13:01:28.0015 0328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:01:28.0031 0328 IpNat - ok
13:01:28.0171 0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:01:28.0187 0328 IPSec - ok
13:01:28.0203 0328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:01:28.0203 0328 IRENUM - ok
13:01:28.0250 0328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:01:28.0250 0328 isapnp - ok
13:01:28.0468 0328 ISWKL (c76357e42ff11a00b3fe0a7b341e3f5f) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
13:01:28.0468 0328 ISWKL - ok
13:01:28.0531 0328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:01:28.0531 0328 Kbdclass - ok
13:01:28.0609 0328 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:01:28.0609 0328 kbdhid - ok
13:01:28.0687 0328 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
13:01:28.0687 0328 KL1 - ok
13:01:28.0734 0328 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
13:01:28.0734 0328 kl2 - ok
13:01:28.0875 0328 KLIF (f934de04ac53b08457b92db6e4dee2e5) C:\WINDOWS\system32\DRIVERS\klif.sys
13:01:28.0906 0328 KLIF - ok
13:01:29.0000 0328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:01:29.0000 0328 kmixer - ok
13:01:29.0062 0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:01:29.0062 0328 KSecDD - ok
13:01:29.0125 0328 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
13:01:29.0125 0328 Lbd - ok
13:01:29.0140 0328 lbrtfdc - ok
13:01:29.0234 0328 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:01:29.0234 0328 mdmxsdk - ok
13:01:29.0296 0328 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
13:01:29.0296 0328 mmc_2K - ok
13:01:29.0343 0328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:01:29.0343 0328 mnmdd - ok
13:01:29.0390 0328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:01:29.0390 0328 Modem - ok
13:01:29.0421 0328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:01:29.0421 0328 Mouclass - ok
13:01:29.0468 0328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:01:29.0468 0328 mouhid - ok
13:01:29.0500 0328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:01:29.0500 0328 MountMgr - ok
13:01:29.0546 0328 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:01:29.0546 0328 mraid35x - ok
13:01:29.0562 0328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:01:29.0562 0328 MRxDAV - ok
13:01:29.0671 0328 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:01:29.0703 0328 MRxSmb - ok
13:01:29.0812 0328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:01:29.0812 0328 Msfs - ok
13:01:29.0843 0328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:01:29.0843 0328 MSKSSRV - ok
13:01:29.0890 0328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:01:29.0890 0328 MSPCLOCK - ok
13:01:29.0984 0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:01:29.0984 0328 MSPQM - ok
13:01:30.0062 0328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:01:30.0062 0328 mssmbios - ok
13:01:30.0140 0328 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:01:30.0140 0328 Mup - ok
13:01:30.0296 0328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:01:30.0312 0328 NDIS - ok
13:01:30.0359 0328 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:01:30.0359 0328 NdisTapi - ok
13:01:30.0375 0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:01:30.0375 0328 Ndisuio - ok
13:01:30.0390 0328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:01:30.0390 0328 NdisWan - ok
13:01:30.0437 0328 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:01:30.0437 0328 NDProxy - ok
13:01:30.0515 0328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:01:30.0531 0328 NetBIOS - ok
13:01:30.0625 0328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:01:30.0640 0328 NetBT - ok
13:01:30.0718 0328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:01:30.0718 0328 NIC1394 - ok
13:01:30.0765 0328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:01:30.0765 0328 Npfs - ok
13:01:30.0937 0328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:01:31.0156 0328 Ntfs - ok
13:01:31.0171 0328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:01:31.0171 0328 Null - ok
13:01:31.0250 0328 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:01:31.0484 0328 nv - ok
13:01:31.0562 0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:01:31.0562 0328 NwlnkFlt - ok
13:01:31.0593 0328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:01:31.0593 0328 NwlnkFwd - ok
13:01:31.0687 0328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:01:31.0687 0328 ohci1394 - ok
13:01:31.0734 0328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:01:31.0734 0328 Parport - ok
13:01:31.0750 0328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:01:31.0750 0328 PartMgr - ok
13:01:31.0765 0328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:01:31.0765 0328 ParVdm - ok
13:01:31.0796 0328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:01:31.0796 0328 PCI - ok
13:01:31.0812 0328 PCIDump - ok
13:01:31.0828 0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:01:31.0828 0328 PCIIde - ok
13:01:31.0859 0328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:01:31.0859 0328 Pcmcia - ok
13:01:31.0890 0328 PDCOMP - ok
13:01:31.0921 0328 PDFRAME - ok
13:01:32.0015 0328 PDRELI - ok
13:01:32.0031 0328 PDRFRAME - ok
13:01:32.0062 0328 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:01:32.0062 0328 perc2 - ok
13:01:32.0078 0328 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:01:32.0078 0328 perc2hib - ok
13:01:32.0265 0328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:01:32.0265 0328 PptpMiniport - ok
13:01:32.0375 0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:01:32.0375 0328 PSched - ok
13:01:32.0406 0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:01:32.0406 0328 Ptilink - ok
13:01:32.0531 0328 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
13:01:32.0531 0328 pwd_2k - ok
13:01:32.0609 0328 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:01:32.0609 0328 PxHelp20 - ok
13:01:32.0687 0328 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:01:32.0687 0328 ql1080 - ok
13:01:32.0703 0328 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:01:32.0703 0328 Ql10wnt - ok
13:01:32.0750 0328 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:01:32.0750 0328 ql12160 - ok
13:01:32.0750 0328 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:01:32.0765 0328 ql1240 - ok
13:01:32.0765 0328 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:01:32.0765 0328 ql1280 - ok
13:01:32.0812 0328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:01:32.0812 0328 RasAcd - ok
13:01:32.0937 0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:01:32.0937 0328 Rasl2tp - ok
13:01:32.0984 0328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:01:32.0984 0328 RasPppoe - ok
13:01:33.0062 0328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:01:33.0062 0328 Raspti - ok
13:01:33.0187 0328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:01:33.0281 0328 Rdbss - ok
13:01:33.0343 0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:01:33.0343 0328 RDPCDD - ok
13:01:33.0421 0328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:01:33.0500 0328 rdpdr - ok
13:01:33.0671 0328 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:01:33.0687 0328 RDPWD - ok
13:01:33.0750 0328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:01:33.0750 0328 redbook - ok
13:01:33.0984 0328 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:01:33.0984 0328 SASDIFSV - ok
13:01:34.0046 0328 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:01:34.0046 0328 SASKUTIL - ok
13:01:34.0109 0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:01:34.0125 0328 Secdrv - ok
13:01:34.0171 0328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:01:34.0171 0328 serenum - ok
13:01:34.0281 0328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:01:34.0281 0328 Serial - ok
13:01:34.0390 0328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:01:34.0390 0328 Sfloppy - ok
13:01:34.0453 0328 Simbad - ok
13:01:34.0562 0328 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:01:34.0562 0328 sisagp - ok
13:01:34.0609 0328 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:01:34.0609 0328 Sparrow - ok
13:01:34.0671 0328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:01:34.0671 0328 splitter - ok
13:01:34.0718 0328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:01:34.0718 0328 sr - ok
13:01:34.0750 0328 srescan - ok
13:01:34.0828 0328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:01:34.0843 0328 Srv - ok
13:01:34.0953 0328 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
13:01:35.0140 0328 STHDA - ok
13:01:35.0203 0328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:01:35.0218 0328 swenum - ok
13:01:35.0281 0328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:01:35.0281 0328 swmidi - ok
13:01:35.0312 0328 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:01:35.0312 0328 symc810 - ok
13:01:35.0328 0328 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:01:35.0328 0328 symc8xx - ok
13:01:35.0375 0328 SymIM - ok
13:01:35.0390 0328 SymIMMP - ok
13:01:35.0406 0328 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:01:35.0406 0328 sym_hi - ok
13:01:35.0421 0328 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:01:35.0421 0328 sym_u3 - ok
13:01:35.0484 0328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:01:35.0484 0328 sysaudio - ok
13:01:35.0562 0328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:01:35.0609 0328 Tcpip - ok
13:01:35.0640 0328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:01:35.0640 0328 TDPIPE - ok
13:01:35.0687 0328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:01:35.0687 0328 TDTCP - ok
13:01:35.0734 0328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:01:35.0734 0328 TermDD - ok
13:01:35.0812 0328 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:01:35.0812 0328 TosIde - ok
13:01:35.0906 0328 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
13:01:35.0921 0328 UdfReadr_xp - ok
13:01:35.0937 0328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:01:35.0937 0328 Udfs - ok
13:01:35.0968 0328 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:01:35.0968 0328 ultra - ok
13:01:36.0140 0328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:01:36.0203 0328 Update - ok
13:01:36.0250 0328 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:01:36.0250 0328 USBAAPL - ok
13:01:36.0328 0328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:01:36.0328 0328 usbccgp - ok
13:01:36.0375 0328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:01:36.0375 0328 usbehci - ok
13:01:36.0406 0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:01:36.0406 0328 usbhub - ok
13:01:36.0484 0328 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:01:36.0484 0328 usbprint - ok
13:01:36.0531 0328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:01:36.0531 0328 usbscan - ok
13:01:36.0578 0328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:01:36.0578 0328 USBSTOR - ok
13:01:36.0625 0328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:01:36.0625 0328 usbuhci - ok
13:01:36.0687 0328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:01:36.0687 0328 VgaSave - ok
13:01:36.0734 0328 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:01:36.0734 0328 viaagp - ok
13:01:36.0765 0328 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:01:36.0765 0328 ViaIde - ok
13:01:36.0781 0328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:01:36.0781 0328 VolSnap - ok
13:01:36.0906 0328 Vsdatant (01fada5896b3d75decb2196435060251) C:\WINDOWS\system32\vsdatant.sys
13:01:36.0906 0328 Vsdatant - ok
13:01:36.0968 0328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:01:36.0968 0328 Wanarp - ok
13:01:37.0000 0328 wanatw - ok
13:01:37.0031 0328 WDICA - ok
13:01:37.0140 0328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:01:37.0156 0328 wdmaud - ok
13:01:37.0234 0328 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:01:37.0343 0328 winachsf - ok
13:01:37.0421 0328 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
13:01:37.0421 0328 WpdUsb - ok
13:01:37.0468 0328 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:01:37.0468 0328 WS2IFSL - ok
13:01:37.0531 0328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:01:37.0546 0328 WudfPf - ok
13:01:37.0578 0328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:01:37.0593 0328 WudfRd - ok
13:01:37.0640 0328 MBR (0x1B8) (928373674867a2875576c335333e620f) \Device\Harddisk0\DR0
13:01:37.0656 0328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:01:37.0656 0328 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:01:37.0671 0328 Boot (0x1200) (33dfbe6dd7c36ebf9a7f23e2a687c6c3) \Device\Harddisk0\DR0\Partition0
13:01:37.0671 0328 \Device\Harddisk0\DR0\Partition0 - ok
13:01:37.0671 0328 ============================================================
13:01:37.0671 0328 Scan finished
13:01:37.0671 0328 ============================================================
13:01:37.0687 1608 Detected object count: 1
13:01:37.0687 1608 Actual detected object count: 1
13:03:29.0937 1608 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
13:03:29.0937 1608 \Device\Harddisk0\DR0 - ok
13:03:29.0937 1608 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
13:03:39.0218 1704 Deinitialize success

#10 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:01 PM

Posted 31 October 2011 - 07:05 AM

Hi there,



Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.







Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#11 zestyaz

zestyaz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 22 November 2011 - 11:56 AM

Combofix.txt Results

ComboFix 11-11-22.01 - Mom 11/22/2011 8:59.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1552 [GMT -7:00]
Running from: c:\documents and settings\Mom\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DirectCDUserNameD.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}\chrome.manifest
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}\chrome\xulcache.jar
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}\defaults\preferences\xulcache.js
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}\install.rdf
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}\chrome.manifest
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}\chrome\xulcache.jar
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}\defaults\preferences\xulcache.js
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}\install.rdf
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{94af87fe-2668-4459-8104-651e37720cb7}
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{94af87fe-2668-4459-8104-651e37720cb7}\chrome.manifest
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{94af87fe-2668-4459-8104-651e37720cb7}\chrome\xulcache.jar
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{94af87fe-2668-4459-8104-651e37720cb7}\defaults\preferences\xulcache.js
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{94af87fe-2668-4459-8104-651e37720cb7}\install.rdf
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}\chrome.manifest
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}\chrome\xulcache.jar
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}\defaults\preferences\xulcache.js
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fq6zuje3.default\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}\install.rdf
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}\chrome.manifest
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}\chrome\xulcache.jar
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}\defaults\preferences\xulcache.js
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}\install.rdf
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}\chrome.manifest
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}\chrome\xulcache.jar
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}\defaults\preferences\xulcache.js
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}\install.rdf
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{94af87fe-2668-4459-8104-651e37720cb7}
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{94af87fe-2668-4459-8104-651e37720cb7}\chrome.manifest
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{94af87fe-2668-4459-8104-651e37720cb7}\chrome\xulcache.jar
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{94af87fe-2668-4459-8104-651e37720cb7}\defaults\preferences\xulcache.js
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{94af87fe-2668-4459-8104-651e37720cb7}\install.rdf
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}\chrome.manifest
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}\chrome\xulcache.jar
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}\defaults\preferences\xulcache.js
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}\install.rdf
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}\chrome.manifest
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}\chrome\xulcache.jar
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}\defaults\preferences\xulcache.js
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{1c8c1cce-fb63-48c8-9ae4-d5391ac140b9}\install.rdf
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}\chrome.manifest
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}\chrome\xulcache.jar
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}\defaults\preferences\xulcache.js
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{80875e17-6dff-4f54-8a59-2914720b8082}\install.rdf
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{94af87fe-2668-4459-8104-651e37720cb7}
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{94af87fe-2668-4459-8104-651e37720cb7}\chrome.manifest
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{94af87fe-2668-4459-8104-651e37720cb7}\chrome\xulcache.jar
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{94af87fe-2668-4459-8104-651e37720cb7}\defaults\preferences\xulcache.js
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{94af87fe-2668-4459-8104-651e37720cb7}\install.rdf
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}\chrome.manifest
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}\chrome\xulcache.jar
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}\defaults\preferences\xulcache.js
c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{c4b7d7b4-450d-4a2e-b292-cc6555b55d7a}\install.rdf
c:\windows\CSC\d6
c:\windows\dasetup.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SCHEDULE32
-------\Service_Schedule32
.
.
((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-10-30 20:15 . 2011-10-30 20:15 -------- dc----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-08-11 23:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2010-03-18 17:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-11 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-11 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-11 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00 . 2010-12-10 19:22 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 23:24 . 2011-07-30 14:44 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-25 03:32 . 2011-07-27 14:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-02 14:46 . 2011-05-12 14:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}"= "c:\program files\ZoneAlarm_Extreme_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
2011-03-28 16:22 176936 ----a-w- c:\program files\zonealarm_extreme_security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}"= "c:\program files\ZoneAlarm_Extreme_Security\prxtbZone.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-07-22 72336]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-07-25 738944]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-22 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 19:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2008-10-31 19:22 50480 ----a-w- c:\program files\AIM6\aim6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 07:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 16:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-07-20 05:06 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-07-20 05:10 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-07-20 05:09 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 22:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 01:20 110592 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 19:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-09-26 18:10 222728 ----a-w- c:\program files\Real\realplayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 00:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-07 02:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-26 18:10 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-03-09 12:30 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 07:58 15360 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/3/2011 3:19 PM 64288]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [10/14/2010 5:08 PM 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 11:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 10:48 AM 116608]
R2 bprot;BrowserProtect Service;c:\program files\BrowserProtect\BpSvc.exe [10/22/2011 10:52 AM 945664]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [7/25/2011 5:57 AM 27016]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/25/2011 5:57 AM 493184]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/9/2011 5:30 AM 92592]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [7/25/2011 5:57 AM 36744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2010 10:25 AM 135664]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\Secunia\PSI\sua.exe" --start-service --> c:\program files\Secunia\PSI\sua.exe [?]
S2 wscsvc32;Security Center ;c:\windows\system32\mmcex32.exe --> c:\windows\system32\mmcex32.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2010 10:25 AM 135664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 2:05 AM 2152152]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/11/2004 4:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 07:40]
.
2010-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-11-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-03 16:21]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 17:23]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 17:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=

.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-BrowserProtect - (no file)
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-22 09:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
- - - - - - - > 'lsass.exe'(856)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
- - - - - - - > 'explorer.exe'(1636)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
c:\program files\CheckPoint\ZoneAlarm\MailFrontier\mlfhook.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\dfshim.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(776)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
.
**************************************************************************
.
Completion time: 2011-11-22 09:39:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-22 16:39
ComboFix2.txt 2011-02-06 19:49
.
Pre-Run: 31,729,479,680 bytes free
Post-Run: 34,381,037,568 bytes free
.
- - End Of File - - F2C02A949BA2BC72A7E8ACECEE8491D0

#12 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:01 PM

Posted 24 November 2011 - 07:30 AM

Hi there,


Please give us some feedback upon the current state of your machine. Which are the remaining problems you are confronting with?



We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#13 zestyaz

zestyaz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 24 November 2011 - 09:55 AM

Am now able to run in normal mode.
This pc has been off but will start using again after running OTL to double check its behavior.
========================================================================================
OTL.txt
OTL logfile created on: 11/24/2011 7:35:49 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.18% Memory free
3.83 Gb Paging File | 3.07 Gb Available in Paging File | 80.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.79 Gb Total Space | 31.90 Gb Free Space | 45.06% Space Free | Partition Type: NTFS

Computer Name: D6G2C291 | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/24 07:32:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
PRC - [2011/11/22 10:09:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/22 15:57:30 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/17 11:36:38 | 000,945,664 | ---- | M] (Web Eight LLC.) -- C:\Program Files\BrowserProtect\BpSvc.exe
PRC - [2011/07/25 05:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/07/25 05:57:14 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/07/22 09:43:08 | 000,072,336 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/04/19 16:39:30 | 000,935,744 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2010/11/17 11:22:57 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/22 10:09:20 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/07 11:57:28 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\components\RadioWMPCoreGecko8.dll
MOD - [2011/10/14 05:38:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 05:35:51 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 21:54:01 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/08/24 20:32:17 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/22 09:42:50 | 000,074,896 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\fde\fde_api.dll
MOD - [2011/04/19 16:40:06 | 000,088,896 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\crsrpt.dll
MOD - [2011/04/19 16:39:34 | 000,013,120 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2011/04/19 16:39:32 | 000,290,112 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk.dll
MOD - [2011/04/19 16:39:24 | 000,222,016 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu.dll
MOD - [2010/03/29 13:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wscsvc32)
SRV - File not found [Auto | Stopped] -- -- (Secunia Update Agent)
SRV - [2011/10/22 15:57:30 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/17 11:36:38 | 000,945,664 | ---- | M] (Web Eight LLC.) [Auto | Running] -- C:\Program Files\BrowserProtect\BpSvc.exe -- (bprot)
SRV - [2011/09/02 06:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/07/25 05:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/03/09 05:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/11/29 10:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/08/29 10:01:22 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2011/10/22 15:57:26 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/22 15:57:26 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/25 05:57:10 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/07/25 05:57:08 | 000,036,744 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2011/07/22 09:43:08 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2010/12/03 02:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/10/14 17:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/10/14 17:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/09/21 16:51:58 | 000,327,256 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/03/22 08:29:08 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2008/03/22 08:29:08 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2008/03/22 08:29:08 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2008/03/22 08:29:08 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2008/03/21 13:30:06 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/03/21 13:30:06 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/07 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLADResN.SYS -- (DLADResN)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/03/17 13:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/03/17 13:50:36 | 000,165,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/03/17 13:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2002/12/17 12:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = EB 48 79 12 0D 61 99 44 9C 4B C7 DD 7E C3 6E 21 [binary data]
IE - HKCU\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files\zonealarm_extreme_security\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Mom\Application Data\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/08/25 16:24:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/22 10:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/22 21:08:27 | 000,000,000 | ---D | M]

[2010/06/13 18:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions
[2010/06/13 18:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/11/22 10:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions
[2011/08/25 10:39:31 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/06/07 08:07:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/07 08:07:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash
[2011/11/22 10:08:24 | 000,000,000 | ---D | M] (ZoneAlarm Extreme Security Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}
[2011/02/06 14:32:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/12 07:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\al8a24s4.default\extensions\nostmp
[2011/11/22 09:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions
[2011/10/15 08:45:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{8ab5b9ad-9db2-4ec9-b4bb-5e74c164ae6b}
[2011/10/16 13:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\Profiles\extensions\{9c1fd1b9-ea4e-42dc-a9d9-377a53eb84fb}
[2011/11/22 10:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/22 10:08:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AL8A24S4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AL8A24S4.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
[2011/02/03 21:18:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/22 10:09:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2006/10/02 20:59:57 | 000,040,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2011/10/02 07:46:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/22 10:09:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/22 09:32:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Extreme Security Toolbar) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files\zonealarm_extreme_security\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Extreme Security Toolbar) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files\zonealarm_extreme_security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DEFD374-4448-4671-B2AC-94457207A28B}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/24 07:32:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/11/22 10:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/22 10:08:02 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/22 10:08:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/22 10:08:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/22 08:57:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/22 08:57:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/22 08:57:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/22 08:57:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/22 08:57:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/22 08:55:36 | 004,303,750 | R--- | C] (Swearware) -- C:\Documents and Settings\Mom\Desktop\ComboFix.exe
[2011/10/30 13:15:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/10/30 12:58:28 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\tdsskiller.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/24 07:32:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/11/24 07:22:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/11/24 07:20:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/24 07:20:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/24 07:20:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/24 07:20:12 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/22 11:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/22 09:32:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/22 08:55:37 | 004,303,750 | R--- | M] (Swearware) -- C:\Documents and Settings\Mom\Desktop\ComboFix.exe
[2011/11/22 08:18:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/30 15:18:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/30 12:58:28 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\tdsskiller.exe
[2011/10/28 10:51:08 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\j160kj1e.exe
[2011/10/28 10:44:16 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\gmer.zip
[2011/10/28 10:39:12 | 000,004,931 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\attach.zip
[2011/10/28 10:35:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/22 08:57:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/22 08:57:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/22 08:57:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/22 08:57:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/22 08:57:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/30 13:04:47 | 2137,149,440 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/28 10:51:08 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\j160kj1e.exe
[2011/10/28 10:39:12 | 000,004,931 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\attach.zip
[2011/10/18 06:43:17 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2011/05/19 15:39:53 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/19 15:39:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/02/04 15:19:12 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/03 17:56:47 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/02/01 16:47:16 | 000,000,155 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\del.bat
[2010/12/21 08:45:40 | 000,984,128 | ---- | C] () -- C:\Program Files\QDATA.IDX
[2010/12/21 08:45:40 | 000,027,648 | ---- | C] () -- C:\Program Files\QDATA.QEL
[2010/12/21 08:45:39 | 007,978,176 | ---- | C] () -- C:\Program Files\QDATA.QDF
[2010/12/21 08:45:39 | 000,000,032 | ---- | C] () -- C:\Program Files\QDATA.QPH
[2010/09/16 12:31:40 | 000,651,856 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/07 21:54:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/25 10:58:24 | 000,027,104 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/24 12:26:18 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2009/07/24 12:26:18 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2009/07/24 12:26:18 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2008/09/16 06:02:30 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/07/21 20:18:36 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/31 14:25:46 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/03/21 13:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 13:28:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/01/30 19:12:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/21 14:28:33 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2006/12/19 13:13:52 | 000,050,451 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006/12/19 13:06:34 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/12/19 13:04:12 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2006/12/10 18:55:36 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/22 11:36:45 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/11/22 11:36:02 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/11/22 11:36:02 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/11/22 11:36:02 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/03/04 19:51:37 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\D41609D341.sys
[2006/03/04 19:51:36 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/04 16:38:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/12/30 20:01:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\pex.INI
[2005/12/30 19:58:22 | 000,000,468 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2005/12/30 16:39:32 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2005/12/30 16:19:10 | 000,001,158 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/12/29 21:17:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/29 21:01:00 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/12/29 21:00:52 | 000,002,806 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/12/22 14:42:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/22 14:34:59 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/22 14:32:08 | 000,000,448 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/22 14:29:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/22 14:27:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/22 14:05:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/22 14:05:36 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/04 10:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/05/12 08:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 16:24:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 16:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 16:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 16:06:43 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 16:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 16:00:28 | 000,504,098 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 16:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 16:00:28 | 000,088,952 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 16:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 16:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 16:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 16:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 16:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 16:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 16:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 16:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >
=========================================================================================
EXTRAS.txt
OTL Extras logfile created on: 11/24/2011 7:35:49 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.18% Memory free
3.83 Gb Paging File | 3.07 Gb Available in Paging File | 80.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.79 Gb Total Space | 31.90 Gb Free Space | 45.06% Space Free | Partition Type: NTFS

Computer Name: D6G2C291 | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13E86C2B-FF38-418A-A448-A2933AFFA2E5}" = OverDrive Media Console
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 29
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Google AFE
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81C6F110-7958-4442-B308-C7C9CAEF8CCF}" = ZoneAlarm DataLock
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}" = Intel® Viiv™
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{996EC44B-38E1-4898-8E47-3EE3D15F2712}" = Garmin WebUpdater
"{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan 4200F
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38E1721-7FE7-11D4-A898-0000E83DCDA6}" = Ulead Photo Explorer 7.0 SE
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"Audacity_is1" = Audacity 1.2.6
"BrowserProtect_is1" = BrowserProtect 1.11
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"conduitEngine" = Conduit Engine
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"ESET Online Scanner" = ESET Online Scanner v3
"Google Updater" = Google Updater
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Tune-Up" = PC Tune-Up
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TomTom HOME" = TomTom HOME 2.8.1.2218
"Unlocker" = Unlocker 1.8.5
"Veetle TV" = Veetle TV 0.9.18
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2011 11:49:58 AM | Computer Name = D6G2C291 | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15641, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00002200.

Error - 10/23/2011 11:54:50 AM | Computer Name = D6G2C291 | Source = Application Error | ID = 1001
Description = Fault bucket -1699877041.

Error - 11/22/2011 2:44:24 PM | Computer Name = D6G2C291 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/22/2011 2:44:24 PM | Computer Name = D6G2C291 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1954

Error - 11/22/2011 2:44:24 PM | Computer Name = D6G2C291 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1954

Error - 11/22/2011 2:44:26 PM | Computer Name = D6G2C291 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/22/2011 2:44:26 PM | Computer Name = D6G2C291 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4047

Error - 11/22/2011 2:44:26 PM | Computer Name = D6G2C291 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4047

Error - 11/24/2011 10:35:23 AM | Computer Name = D6G2C291 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2011 10:35:30 AM | Computer Name = D6G2C291 | Source = Application Hang | ID = 1001
Description = Fault bucket -1642434152.

[ System Events ]
Error - 10/30/2011 4:03:41 PM | Computer Name = D6G2C291 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/30/2011 4:05:20 PM | Computer Name = D6G2C291 | Source = Service Control Manager | ID = 7000
Description = The Secunia Update Agent service failed to start due to the following
error: %%2

Error - 10/30/2011 4:09:36 PM | Computer Name = D6G2C291 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{4DEFD374-4448-4671-B2AC-94457207A28B}. The
backup browser is stopping.

Error - 10/30/2011 4:27:12 PM | Computer Name = D6G2C291 | Source = Service Control Manager | ID = 7000
Description = The Secunia Update Agent service failed to start due to the following
error: %%2

Error - 11/22/2011 11:04:34 AM | Computer Name = D6G2C291 | Source = Service Control Manager | ID = 7000
Description = The Secunia Update Agent service failed to start due to the following
error: %%2

Error - 11/22/2011 11:23:57 AM | Computer Name = D6G2C291 | Source = Service Control Manager | ID = 7000
Description = The Secunia Update Agent service failed to start due to the following
error: %%2

Error - 11/22/2011 11:43:20 AM | Computer Name = D6G2C291 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{4DEFD374-4448-4671-B2AC-94457207A28B}. The
backup browser is stopping.

Error - 11/22/2011 12:32:07 PM | Computer Name = D6G2C291 | Source = Service Control Manager | ID = 7000
Description = The Secunia Update Agent service failed to start due to the following
error: %%2

Error - 11/24/2011 10:20:41 AM | Computer Name = D6G2C291 | Source = Service Control Manager | ID = 7000
Description = The Secunia Update Agent service failed to start due to the following
error: %%2

Error - 11/24/2011 10:30:45 AM | Computer Name = D6G2C291 | Source = Service Control Manager | ID = 7034
Description = The TomTomHOMEService service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:01 AM

Posted 26 November 2011 - 11:49 AM

Hi zestyaz,

Apologies for the delay. Blind Faith is a little busy but will respond to you within 24hours.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 zestyaz

zestyaz
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 26 November 2011 - 08:35 PM

No problem.. Thanks for the note.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users