Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please help!

Unread postby Gary R » April 22nd, 2011, 3:45 am

You've posted me the same OTL log that you posted last time.

Go to C:\_OTL\MovedFiles and you should find a series of .log files. They will be named MMDDYYYY_HHMMSS.log where MDY represent the date, and HMS represent the time a fix was run.

Post the log from the most recent fix please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Re: Please help!

Unread postby AdaAlcove » April 22nd, 2011, 9:17 am

Cannot find but the one log file. Should I rerun the OTL?
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby Gary R » April 22nd, 2011, 3:28 pm

Yes please. Just run the OTL fix as detailed in the post .... viewtopic.php?p=576146#p576146 .... no need to repeat the E-set scan.

Those files may no longer be present on your machine, but I'd like to make sure they aren't.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Please help!

Unread postby AdaAlcove » April 22nd, 2011, 3:58 pm

OTL Files - I really am appreciating your help!

========== FILES ==========
C:\windows\ozicapaq.dll moved successfully.
C:\windows\ubagoheke.dll moved successfully.
C:\windows\asopunep.dll moved successfully.
C:\windows\asajiyerez.dll moved successfully.
C:\windows\ofupijaf.dll moved successfully.
C:\windows\uviwiqul.dll moved successfully.
C:\windows\ereluhuziqi.dll moved successfully.
C:\windows\oravehamirolu.dll moved successfully.
C:\windows\icukitub.dll moved successfully.
C:\windows\ijisicog.dll moved successfully.
C:\windows\ujevacuq.dll moved successfully.
C:\windows\ijuwanubilil.dll moved successfully.
C:\windows\imusecoq.dll moved successfully.
C:\windows\odagutudiwo.dll moved successfully.
C:\windows\oyabupov.dll moved successfully.
C:\windows\esuyuqidefa.dll moved successfully.
C:\windows\alumebope.dll moved successfully.
C:\windows\ogehocozis.dll moved successfully.
C:\windows\iveyunol.dll moved successfully.
C:\windows\ijudokezezocoh.dll moved successfully.
C:\windows\ivobicitaqun.dll moved successfully.
C:\windows\ilakohiyi.dll moved successfully.
C:\windows\eqadoqen.dll moved successfully.
C:\windows\oqohetiq.dll moved successfully.
C:\windows\iyucepepajo.dll moved successfully.
C:\windows\akalininozum.dll moved successfully.
C:\windows\opuvanoqiq.dll moved successfully.
C:\windows\igobupovi.dll moved successfully.
C:\windows\agiyuqidefayoqe.dll moved successfully.
C:\windows\izeziqowukaza.dll moved successfully.
C:\windows\ijiropifatu.dll moved successfully.
C:\windows\edoyunol.dll moved successfully.
C:\windows\ilenejob.dll moved successfully.
C:\windows\ojawafon.dll moved successfully.
C:\windows\upuxomodor.dll moved successfully.
C:\windows\ugovuroviloxegir.dll moved successfully.
C:\windows\ofukaxodem.dll moved successfully.
C:\windows\oxufizosowuwule.dll moved successfully.
C:\windows\usavolovo.dll moved successfully.
C:\windows\ifowiges.dll moved successfully.
C:\windows\usixezibeceri.dll moved successfully.
C:\windows\icogifinosobuz.dll moved successfully.
C:\windows\ovubiwey.dll moved successfully.
C:\windows\ekiyifeg.dll moved successfully.
C:\windows\uhizafitequwezan.dll moved successfully.
C:\windows\ifuhelicomepo.dll moved successfully.
C:\windows\ejuyizajova.dll moved successfully.
C:\windows\ojiguzele.dll moved successfully.
C:\windows\inebalep.dll moved successfully.
C:\windows\icorawaxozuvovep.dll moved successfully.
C:\windows\idinuresiqaquz.dll moved successfully.
C:\windows\iyepofev.dll moved successfully.
C:\windows\iricuwus.dll moved successfully.
C:\windows\ohijiles.dll moved successfully.
C:\windows\igopozanijudu.dll moved successfully.
C:\windows\awekolasihi.dll moved successfully.
C:\windows\ibidaribiy.dll moved successfully.
C:\windows\ehukiqaqoju.dll moved successfully.
C:\windows\idirifucipisozoq.dll moved successfully.
C:\windows\uxasiwojiy.dll moved successfully.
C:\windows\iqaperul.dll moved successfully.
C:\windows\eribazuko.dll moved successfully.
C:\windows\ebisesoxikayisu.dll moved successfully.
C:\windows\erugosulizego.dll moved successfully.
C:\windows\acuwuzozawu.dll moved successfully.
C:\windows\ajecafof.dll moved successfully.
C:\windows\ugeteriw.dll moved successfully.
C:\windows\egubowinewunozab.dll moved successfully.
C:\windows\afasufiyas.dll moved successfully.
C:\windows\usedusib.dll moved successfully.
C:\windows\esahilono.dll moved successfully.
C:\windows\alokizicesojolo.dll moved successfully.
C:\windows\ukuqoseje.dll moved successfully.
C:\windows\ucupixoxiwakev.dll moved successfully.
C:\windows\avurewer.dll moved successfully.
C:\windows\okodifex.dll moved successfully.
C:\windows\ehohafileyocozof.dll moved successfully.
C:\windows\aderasewisura.dll moved successfully.
C:\windows\utulevef.dll moved successfully.
C:\windows\usumesaw.dll moved successfully.
C:\windows\amikalegetekola.dll moved successfully.
C:\windows\abayuwamoxobuzog.dll moved successfully.
C:\windows\iyotafabiz.dll moved successfully.
C:\windows\awowiman.dll moved successfully.
C:\windows\urolurac.dll moved successfully.
C:\windows\uxatuzuhovehula.dll moved successfully.
C:\windows\ugobezaxeqeta.dll moved successfully.
C:\windows\uxiyisuk.dll moved successfully.
C:\windows\ifecukalibiki.dll moved successfully.
C:\windows\atisuvarukurur.dll moved successfully.
C:\windows\iyipopeg.dll moved successfully.
C:\windows\eseridas.dll moved successfully.
C:\windows\ecedovugiyar.dll moved successfully.
C:\windows\ebivekanugazi.dll moved successfully.
C:\windows\ivewefokibo.dll moved successfully.
C:\windows\avasikun.dll moved successfully.
C:\windows\eruvakad.dll moved successfully.
C:\windows\efebavukubonerav.dll moved successfully.
C:\windows\eqisedoxiyetuk.dll moved successfully.
C:\windows\exuzodul.dll moved successfully.
C:\windows\etaruvoz.dll moved successfully.
C:\windows\aceyajofoyejeji.dll moved successfully.
C:\windows\abeqariwitatu.dll moved successfully.
C:\windows\eyobokogike.dll moved successfully.
C:\windows\awuyoxiy.dll moved successfully.
C:\windows\ohadudib.dll moved successfully.
C:\windows\egahidonokecikot.dll moved successfully.
C:\windows\azuciviciduhak.dll moved successfully.
C:\windows\ujutodejexijokiq.dll moved successfully.
C:\windows\atapejoxi.dll moved successfully.
C:\windows\alukikikodurexu.dll moved successfully.
C:\windows\udolexexexivu.dll moved successfully.
C:\windows\ogefozuzifowasi.dll moved successfully.
C:\windows\uwuradew.dll moved successfully.
C:\windows\upalepix.dll moved successfully.
C:\windows\obofedawevev.dll moved successfully.
C:\windows\abokudegemidar.dll moved successfully.
C:\windows\onusuram.dll moved successfully.
C:\windows\otumejab.dll moved successfully.
C:\windows\unewixanimifixe.dll moved successfully.
C:\windows\ufilukacegala.dll moved successfully.
C:\windows\osoqovabup.dll moved successfully.
C:\windows\uyibevax.dll moved successfully.
C:\windows\osiyeluk.dll moved successfully.
C:\windows\ocimopajeboy.dll moved successfully.
C:\windows\ivujoxodokake.dll moved successfully.
C:\windows\uvekaxuwena.dll moved successfully.
C:\windows\ojiqerof.dll moved successfully.
C:\windows\igenojowaye.dll moved successfully.
C:\windows\ayexayotik.dll moved successfully.
C:\windows\efalejac.dll moved successfully.
C:\windows\epakuhoxajedec.dll moved successfully.
C:\windows\upaduqir.dll moved successfully.
C:\windows\obuxuhij.dll moved successfully.
C:\windows\oteganidesugune.dll moved successfully.
C:\windows\unalonor.dll moved successfully.
C:\windows\ulexucem.dll moved successfully.
C:\windows\ifogojer.dll moved successfully.
C:\windows\apugilim.dll moved successfully.
C:\windows\Pgujafisequpali.dat moved successfully.
C:\windows\Mfapebiwe.bin moved successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 04222011_155644
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby Gary R » April 22nd, 2011, 5:35 pm

Loooks like OTL has removed them, now there's just the things found by E-Set.

Some of the files found were encrypted quarantined files created by Combofix and OTL, and some were infected Sysyem Restore files. The quarantine files are safe, and unless you perform a restore to one of the infected restore points they can't re-infect you either.

We'll remove them all when we're finished to ensure that can't happen, but for the time being we'll leave them in place.

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Documents and Settings\Owner\My Documents\Downloads\Audible_Nero_English.exe
C:\Documents and Settings\Owner\My Documents\Downloads\registrybooster.exe
C:\WINDOWS\CouponsBar.dll
C:\WINDOWS\Downloaded Installations\{6674FEC9-7EB0-4BAF-9391-06E15D0EBB3C}\MyFantasyMaker.msi 

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

How is your computer behaving now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Please help!

Unread postby AdaAlcove » April 22nd, 2011, 7:07 pm

========== FILES ==========
C:\Documents and Settings\Owner\My Documents\Downloads\Audible_Nero_English.exe moved successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\registrybooster.exe moved successfully.
C:\WINDOWS\CouponsBar.dll moved successfully.
C:\WINDOWS\Downloaded Installations\{6674FEC9-7EB0-4BAF-9391-06E15D0EBB3C}\MyFantasyMaker.msi moved successfully.



Computer seems to be working fine, only one hijack from google
OTL by OldTimer - Version 3.2.22.3 log created on 04222011_184001
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby Gary R » April 23rd, 2011, 1:59 am

If you've been hijacked even one time it's a sign we haven't fully removed all your infection.

Please run another OTL scan using the instructions below ....

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Under Custom Scans/Fixes copy/paste the contents of the code box below.
Code: Select all
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents

  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Run a new scan with TDSSKiller using the instructions below ....

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Please help!

Unread postby AdaAlcove » April 23rd, 2011, 11:33 am

OTL

OTL logfile created on: 4/23/2011 11:08:05 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 204.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 353.67 Gb Free Space | 75.93% Space Free | Partition Type: NTFS

Computer Name: DOLORES | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/20 09:18:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2011/03/25 12:17:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/10/02 02:10:58 | 000,055,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront Online Protection for Exchange Gateway\Microsoft.Forefront.Server.EhsGatewayService.exe
PRC - [2009/06/10 12:10:00 | 000,525,640 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/08/24 08:01:56 | 004,067,328 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2008/08/08 18:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2008/08/08 18:30:40 | 000,532,808 | R--- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/07 11:40:34 | 000,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2007/09/07 11:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007/04/20 08:03:08 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
PRC - [2007/04/20 08:03:02 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
PRC - [2006/03/10 14:01:02 | 000,543,232 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BellSouthWCC\McciTrayApp.exe
PRC - [2005/02/23 11:44:10 | 000,249,856 | ---- | M] (Netopia, Inc.) -- C:\Program Files\Netopia\C3kWEPn.exe
PRC - [2004/04/26 03:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE
PRC - [2003/04/09 18:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/09 17:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/09 17:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/09 17:41:38 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (SafeList) ==========

MOD - [2011/04/20 09:18:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/10/02 02:10:58 | 000,055,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront Online Protection for Exchange Gateway\Microsoft.Forefront.Server.EhsGatewayService.exe -- (FopeGatewayService)
SRV - [2007/09/07 11:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/04/20 08:03:02 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/05/14 14:03:00 | 000,445,696 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 10:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/05/02 14:38:42 | 000,110,720 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/10 10:57:54 | 000,017,536 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NtpaSp50.sys -- (NTPASp50)
DRV - [2004/04/26 18:11:00 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PLCNDIS5.SYS -- (PLCNDIS5)
DRV - [2003/12/17 16:58:08 | 000,082,888 | ---- | M] (SAMSUNG Electro-Mechanics Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swld23u.sys -- (SWLD23U)
DRV - [2003/08/28 19:58:40 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/05/02 17:26:18 | 000,053,690 | ---- | M] (Samsung Electro-Mechanics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swlubtl.sys -- (swlubtl)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\windows\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-492894223-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc1133.mail.yahoo.com/mc/welc ... 9kpqln8m81
IE - HKU\S-1-5-21-746137067-492894223-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-492894223-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.blogger.com/home"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44079
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/07/10 14:48:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 08:44:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 12:17:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 12:17:44 | 000,000,000 | ---D | M]

[2009/07/09 18:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/04/22 13:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions
[2010/04/28 13:12:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/21 08:54:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/02 08:28:55 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/03/02 08:28:56 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/03/26 12:33:34 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions\personas@christopher.beard
[2011/03/26 12:33:19 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions\piclens@cooliris.com
[2011/03/26 12:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\extensions\piclens@cooliris.com-trash
[2010/03/20 18:56:46 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qs24tubu.default\searchplugins\bing.xml
[2011/04/22 13:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/01 18:38:25 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/04/20 21:16:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/03/06 08:44:00 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2011/04/20 21:15:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/04/20 21:15:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/02/21 21:04:19 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2010/12/01 14:52:13 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/04/20 21:31:01 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [C2kWep] C:\Program Files\Netopia\C3kWEPn.exe (Netopia, Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-746137067-492894223-725345543-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-746137067-492894223-725345543-1003..\Run: [EPSON Stylus Photo R320 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-746137067-492894223-725345543-1003..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-746137067-492894223-725345543-1003..\Run: [Sonic RecordNow!] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-492894223-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 7652113531 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\windows\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\windows\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\windows\system32\Rundll32.exe c:\windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\windows\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\windows\system32\rundll32.exe" "C:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\windows\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dmb1 - m3jpeg32.dll File not found
Drivers32: VIDC.I420 - C:\windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.MJPG - m3jpeg32.dll File not found
Drivers32: vidc.tscc - C:\windows\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/21 16:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/20 21:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/04/20 21:50:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/20 21:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/20 21:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/20 21:49:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/04/20 21:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/20 21:33:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/20 21:30:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/20 21:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/20 21:16:19 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl
[2011/04/20 21:16:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011/04/20 21:16:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011/04/20 21:16:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011/04/20 18:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\SightSpeed Recordings
[2011/04/19 23:55:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/04/19 23:55:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/04/19 23:55:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/04/19 23:55:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/04/19 23:55:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/19 14:51:33 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/04/19 13:51:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/11 18:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
[2011/04/02 14:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/03/31 21:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/03/29 17:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2011/03/29 17:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Add-in Express
[2011/03/25 12:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Logitech
[1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/23 10:58:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/23 10:35:46 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2011/04/23 09:52:18 | 000,000,424 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2011/04/23 09:46:34 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/23 09:46:26 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/23 09:46:22 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/22 15:40:42 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/04/21 16:48:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/21 13:33:26 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2011/04/21 12:24:23 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Excel.lnk
[2011/04/21 03:27:08 | 003,649,552 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/04/21 03:08:40 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2011/04/21 03:06:05 | 000,442,608 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/21 03:06:05 | 000,072,238 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/20 21:31:01 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/04/20 21:15:41 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011/04/20 21:15:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011/04/20 21:15:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011/04/20 21:15:41 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl
[2011/04/20 21:15:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2011/04/20 11:56:01 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2011/04/20 08:49:55 | 000,002,577 | ---- | M] () -- C:\windows\System32\CONFIG.NT
[2011/04/19 23:52:36 | 004,325,107 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/19 21:45:05 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2011/04/18 15:39:46 | 000,002,496 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/04/17 09:39:54 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft PowerPoint.lnk
[2011/04/10 20:08:20 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/04/06 15:05:09 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2011/04/06 11:20:53 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/02 07:56:41 | 000,476,758 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/04/02 07:54:13 | 000,192,320 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/04/02 07:23:37 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/03/30 05:01:08 | 000,001,639 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EQ5.lnk
[2011/03/28 13:00:40 | 000,016,759 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\timedout.jpg
[2011/03/28 11:25:32 | 001,037,023 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\5563585529_8d39200275_o.jpg

========== Files Created - No Company Name ==========

[2011/04/21 13:33:26 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2011/04/20 21:50:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/19 23:55:30 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/04/19 23:55:30 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/04/19 23:55:30 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/04/19 23:55:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/04/19 23:55:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/04/19 06:26:55 | 004,325,107 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/02 14:23:46 | 000,002,496 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/04/02 07:56:41 | 000,476,758 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/04/02 07:54:13 | 000,192,320 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/04/02 07:23:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/03/30 05:01:08 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\EQ5.lnk
[2011/03/28 12:57:55 | 000,016,759 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\timedout.jpg
[2011/03/28 11:25:23 | 001,037,023 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\5563585529_8d39200275_o.jpg
[2011/03/07 21:25:53 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 19:39:42 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2011/01/12 20:49:48 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs
[2010/11/10 11:01:55 | 000,003,350 | ---- | C] () -- C:\windows\System32\KGyGaAvL.sys
[2010/10/13 03:04:02 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2010/08/11 16:33:27 | 000,089,588 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2010/06/22 21:14:04 | 000,000,315 | ---- | C] () -- C:\windows\EReg515.dat
[2010/06/22 20:27:35 | 000,001,373 | ---- | C] () -- C:\windows\disney.ini
[2010/05/20 18:15:43 | 000,000,056 | ---- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/02/23 00:04:33 | 000,000,063 | ---- | C] () -- C:\windows\mdm.ini
[2010/01/27 17:50:42 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2009/12/28 17:07:53 | 000,000,037 | ---- | C] () -- C:\windows\marscam.ini
[2009/10/07 20:27:28 | 000,010,240 | ---- | C] () -- C:\windows\System32\vidx16.dll
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\windows\System32\drivers\iKeyLFT2.dll
[2009/08/27 20:07:25 | 000,000,074 | ---- | C] () -- C:\windows\MPLAYER.INI
[2009/07/31 13:23:10 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F0F92D9D8F.sys
[2009/07/31 13:23:09 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/07/31 13:11:59 | 000,363,520 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2009/07/20 20:13:04 | 000,004,272 | ---- | C] () -- C:\windows\System32\drivers\bvrp_pci.sys
[2009/07/19 21:25:43 | 000,213,054 | ---- | C] () -- C:\windows\System32\AsokaPLC16.dll
[2009/07/12 15:13:26 | 000,000,406 | ---- | C] () -- C:\windows\MSREGUSR.INI
[2009/07/09 18:33:14 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2009/07/08 13:23:23 | 001,294,336 | ---- | C] () -- C:\windows\System32\MGIIpl2A6.dll
[2009/07/08 13:23:23 | 001,261,568 | ---- | C] () -- C:\windows\System32\MGIIpl2M6.dll
[2009/07/08 13:23:23 | 001,228,800 | ---- | C] () -- C:\windows\System32\MGIIpl2M5.dll
[2009/07/08 13:23:23 | 001,105,920 | ---- | C] () -- C:\windows\System32\MGIIpl2P6.dll
[2009/07/08 13:23:22 | 001,052,672 | ---- | C] () -- C:\windows\System32\MGIIpl2P5.dll
[2009/07/08 13:23:10 | 000,000,002 | ---- | C] () -- C:\windows\PhotoSuite.ini
[2009/07/08 13:23:07 | 001,093,632 | ---- | C] () -- C:\windows\System32\MGIIpl2PX.dll
[2009/07/08 13:23:07 | 000,122,880 | ---- | C] () -- C:\windows\System32\JPEGLIB.DLL
[2009/07/08 13:23:07 | 000,122,880 | ---- | C] () -- C:\windows\System32\EnrouteStitch.dll
[2009/07/08 13:23:07 | 000,020,480 | ---- | C] () -- C:\windows\System32\MGIIpl2.dll
[2009/07/08 13:23:07 | 000,019,968 | ---- | C] () -- C:\windows\System32\CPUINF32.DLL
[2009/07/08 13:23:06 | 000,332,800 | ---- | C] () -- C:\windows\System32\FPXLIB.DLL
[2009/07/08 10:56:16 | 000,000,138 | ---- | C] () -- C:\windows\wininit.ini
[2009/07/08 10:43:32 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/07/08 10:33:37 | 000,013,024 | ---- | C] () -- C:\windows\tabinst.dll
[2009/07/08 10:33:37 | 000,004,032 | ---- | C] () -- C:\windows\tabins16.dll
[2009/07/08 10:23:40 | 000,032,200 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2009/07/08 10:23:40 | 000,020,910 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2009/07/08 10:23:40 | 000,020,869 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2009/07/08 10:23:40 | 000,000,022 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2009/07/08 10:19:18 | 000,000,058 | ---- | C] () -- C:\windows\System32\EAL32.INI
[2009/07/08 10:19:11 | 000,000,044 | ---- | C] () -- C:\windows\EPSPR320.ini
[2009/07/08 10:05:21 | 000,018,179 | ---- | C] () -- C:\windows\hpoins01.dat
[2009/07/08 10:05:21 | 000,016,606 | ---- | C] () -- C:\windows\hpomdl01.dat
[2009/07/07 22:43:14 | 000,086,016 | ---- | C] () -- C:\windows\System32\BJInstaller.dll
[2009/07/07 22:43:14 | 000,040,448 | ---- | C] () -- C:\windows\System32\BJAXSecurityManager.dll
[2009/07/07 21:38:17 | 000,006,048 | ---- | C] () -- C:\windows\System32\MCC16.dll
[2009/07/07 21:18:46 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/07 21:13:35 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2009/07/07 17:09:47 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2009/07/07 17:09:01 | 003,649,552 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\windows\System32\PSIService.exe
[2003/08/14 03:13:23 | 000,000,000 | ---- | C] () -- C:\windows\System32\px.ini
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\windows\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2003/07/16 16:41:25 | 000,442,608 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,072,238 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\windows\System32\hpotscl.dll
[2002/12/11 19:19:34 | 000,708,608 | ---- | C] () -- C:\windows\System32\ltcry13n.dll
[2002/12/11 19:19:34 | 000,147,456 | ---- | C] () -- C:\windows\System32\lttls13n.dll
[2001/10/12 11:58:20 | 000,028,672 | ---- | C] () -- C:\windows\System32\mr310exd.dll
[2001/10/12 11:57:18 | 000,036,864 | ---- | C] () -- C:\windows\System32\mr310exv.dll
[2000/04/12 17:28:12 | 000,118,784 | ---- | C] () -- C:\windows\System32\lfkodak.dll
[2000/04/12 17:24:10 | 000,338,944 | ---- | C] () -- C:\windows\System32\lffpx7.dll

========== LOP Check ==========

[2011/04/20 08:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/07/08 10:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/11/16 19:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2011/02/04 12:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/06/06 17:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaleider
[2009/07/07 22:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/01/11 21:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/14 09:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/07 09:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/08/07 11:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/26 02:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\FileOpen
[2009/11/22 22:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/02/23 20:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\FileOpen
[2011/01/12 23:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/20 21:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoreInternetUtility
[2009/10/07 20:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EuroTalk
[2011/02/04 12:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileOpen
[2011/03/31 09:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2011/01/24 16:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2010/10/12 21:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ilik
[2010/06/06 17:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kaleider
[2009/07/08 10:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/03/16 10:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Piizi
[2010/11/29 16:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuiltAssistant
[2011/01/20 18:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RMS
[2011/03/02 20:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smilebox
[2011/01/30 23:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2011/01/26 17:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/10/08 10:14:22 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1247062429.job
[2011/04/23 09:52:18 | 000,000,424 | -H-- | M] () -- C:\windows\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/04/20 03:03:01 | 000,025,098 | ---- | M] () -- C:\ComboFix.txt
[2010/11/16 19:40:33 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log
[2011/04/23 09:46:22 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/06 15:05:09 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2011/02/04 12:18:08 | 000,018,254 | ---- | M] () -- C:\install.log
[2009/07/12 14:53:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/20 03:03:41 | 000,025,098 | ---- | M] () -- C:\log.txt
[2009/07/12 14:53:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/03/03 17:52:11 | 000,047,564 | ---- | M] () -- C:\ntdetect.com
[2010/03/08 12:28:31 | 000,250,048 | ---- | M] () -- C:\ntldr
[2011/04/23 09:46:21 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2011/04/20 09:51:31 | 000,043,892 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_20.04.2011_09.42.52_log.txt
[2007/07/13 20:03:08 | 000,301,090 | ---- | M] () -- C:\Toolbar_Install.bmp
[2011/02/04 12:17:44 | 000,000,828 | ---- | M] () -- C:\uninstall.log


< MD5 for: AGP440.SYS >
[2010/03/03 17:48:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/03/08 12:21:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/03/03 17:48:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/03/08 12:21:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 16:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2010/03/03 17:48:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/03/08 12:21:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2003/07/16 16:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2010/03/03 17:48:39 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/03/08 12:21:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/07/16 16:24:25 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2011/02/22 19:06:28 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/07/07 17:01:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/07 17:01:20 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/07 17:01:20 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2011/02/17 09:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2011/02/17 09:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

< %PROGRAMFILES%\*. >
[2011/02/19 17:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/01/11 21:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2009/07/07 21:28:52 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2010/08/07 11:50:05 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/07/19 21:25:43 | 000,000,000 | ---D | M] -- C:\Program Files\Asoka Plug Link 9650
[2009/07/10 21:34:07 | 000,000,000 | ---D | M] -- C:\Program Files\Aurora Digital Imaging
[2011/03/04 10:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2009/07/07 22:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\BellSouth
[2009/07/08 09:11:21 | 000,000,000 | ---D | M] -- C:\Program Files\BellSouthWCC
[2010/12/01 14:42:36 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/07/07 22:44:05 | 000,000,000 | ---D | M] -- C:\Program Files\BroadJump
[2011/01/11 14:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\CAJ Media
[2010/09/14 11:06:04 | 000,000,000 | ---D | M] -- C:\Program Files\Calendar Creator
[2009/07/12 14:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\ClickArt
[2011/04/20 21:17:31 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/12 15:09:49 | 000,000,000 | ---D | M] -- C:\Program Files\Companion Software
[2009/07/07 21:13:34 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/11/11 11:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2011/03/16 11:03:54 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2009/12/28 17:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/06/22 20:29:22 | 000,000,000 | ---D | M] -- C:\Program Files\Disney Interactive
[2010/08/07 11:43:36 | 000,000,000 | ---D | M] -- C:\Program Files\Downloaded Program Files
[2009/07/24 09:16:02 | 000,000,000 | ---D | M] -- C:\Program Files\Electric Quilt Company
[2009/07/08 10:23:04 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2009/07/08 10:22:24 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON Print CD
[2009/07/08 10:27:20 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON Software
[2011/04/21 16:50:56 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/09/05 22:47:57 | 000,000,000 | ---D | M] -- C:\Program Files\EZ Fonts
[2011/02/04 12:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\FileOpen
[2011/03/28 10:05:48 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2009/07/08 16:52:51 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2011/03/04 10:03:44 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/07/08 10:14:19 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/07/10 17:41:37 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/07/07 21:28:06 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/04/21 03:07:28 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/03/02 15:17:03 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/03/02 15:18:07 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/07/21 15:29:39 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/11/27 19:23:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/13 03:20:59 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/04/21 16:48:21 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/08 12:37:35 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/07/08 10:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/04/19 03:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/03/19 14:24:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Expression
[2011/04/23 09:47:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Forefront Online Protection for Exchange Gateway
[2009/07/08 10:46:39 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/11/16 15:09:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/03/13 11:40:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2011/01/28 14:25:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2011/04/23 09:46:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/07/08 10:47:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/03/13 11:36:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 10.0
[2010/03/19 14:03:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/03/13 11:36:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/08/13 03:01:10 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/04/22 21:24:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/03 18:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/11/16 15:09:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/07/07 21:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/07/07 21:13:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/03/07 04:01:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/03/03 18:36:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/01/01 18:59:40 | 000,000,000 | ---D | M] -- C:\Program Files\My Documents
[2010/01/21 09:26:33 | 000,000,000 | ---D | M] -- C:\Program Files\MyFantasyMaker
[2010/03/08 12:30:40 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/07/07 22:51:59 | 000,000,000 | ---D | M] -- C:\Program Files\Netopia
[2009/07/07 21:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/16 09:34:10 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/07/21 21:58:17 | 000,000,000 | ---D | M] -- C:\Program Files\Photo Story 3 for Windows
[2011/03/02 15:09:15 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/03/10 13:21:56 | 000,000,000 | ---D | M] -- C:\Program Files\QuiltAssistant
[2009/07/08 11:53:07 | 000,000,000 | ---D | M] -- C:\Program Files\Rainlendar2
[2010/03/03 18:39:59 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/01/20 18:15:05 | 000,000,000 | ---D | M] -- C:\Program Files\RMS
[2009/07/10 17:41:37 | 000,000,000 | ---D | M] -- C:\Program Files\Serif
[2011/03/01 18:38:24 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/07/10 14:56:45 | 000,000,000 | ---D | M] -- C:\Program Files\Smilebox
[2009/07/08 10:56:16 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2011/01/30 23:05:38 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2011/01/30 23:03:17 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Media Go Install
[2009/07/09 16:18:55 | 000,000,000 | ---D | M] -- C:\Program Files\Tablet
[2009/07/07 21:19:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/08 10:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2010/04/17 13:23:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/04/17 13:23:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/10/14 19:10:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/09/14 18:26:41 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/07/10 14:49:49 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2010/03/13 11:47:30 | 000,000,000 | ---D | M] -- C:\Program Files\WPF Toolkit
[2009/07/07 21:17:26 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/10/10 16:15:11 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo SiteBuilder
[2011/02/21 21:02:06 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo Layers Client
[2011/02/19 17:16:35 | 000,000,000 | ---D | M] -- C:\Program Files\zFlick

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-22 07:03:22

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents >
"OOBETimer" = FF D5 71 D6 8B 6A 8D 6F D5 33 93 FD [binary data]

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC3DB898

< End of report >
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby AdaAlcove » April 23rd, 2011, 11:34 am

Extra

OTL Extras logfile created on: 4/23/2011 11:08:05 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 204.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 353.67 Gb Free Space | 75.93% Space Free | Partition Type: NTFS

Computer Name: DOLORES | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-746137067-492894223-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Expression\Web 3\ExpressionWeb.exe" = C:\Program Files\Microsoft Expression\Web 3\ExpressionWeb.exe:*:Enabled:Microsoft Expression Web 3 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E837AF0-4C92-4077-83F0-D022073F17C0}" = Microsoft Expression Blend 3 SDK
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{157616FE-1A3B-4B74-90AF-56ACA3824390}" = Microsoft Forefront Online Protection for Exchange Gateway
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}" = Scrapbook Flair
"{23E4A9D2-3C02-4BFC-B9BA-6CA6180568EF}" = Browser Enhancer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{3E421598-0E2D-4272-8734-3E2A0FF662EB}" = Deep Zoom Composer
"{3EA86486-E94C-49E1-831A-4974B06C1D9B}" = Microsoft Silverlight 3 Toolkit November 2009
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = hp psc 2100 series
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{949460AD-3C77-44FD-8D78-BF605EF28114}" = EMEA02
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}" = Microsoft Expression Blend 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD6ACA58-30FE-4336-A5B0-461FD60AF727}" = FileOpen Client
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6AC04F5-5916-4A02-BC36-AF5BC0A3CBD4}" = Media Go
"{C8CE30F9-CBD0-43B1-BFD3-B18F55A48827}" = Calendar Creator 10
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D76E927F-E292-434B-9661-3858F5D7BF63}" = EPSON PhotoCenter
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D7FB76C8-3A76-49A1-B1A4-C686E4B067B9}" = BellSouth Wireless LAN USB Adapter
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9980014-BE11-4891-A5F4-0F2917B856BC}" = Microsoft Expression Design 3
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F73340A9-8AA9-49C4-937E-E271B837056C}" = Microsoft Expression Encoder 3
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FDCB0CA0-E96B-C312-0AE3-0E33DE2F3348}" = zFlick
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"10CB2083F7325ECF7648ED6DB0E2392F905A2829" = Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image (05/02/2006 2.0.1.0)
"AccompanEase" = AccompanEase
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BellSouth Wireless Connection Tool" = BellSouth Wireless Connection Tool
"Blend_3.0.1927.0" = Microsoft Expression Blend 3
"BroadJump Client Foundation" = BroadJump Client Foundation
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ClickArt 300,000 Premier Image Pak 1.0" = ClickArt® 300,000 Premier Image Pak
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.example.assets.BF8C6DE3BF2EC0B079B9A373AE538EADAB49A61B.1" = zFlick
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Design_6.0.1739.0" = Microsoft Expression Design 3
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"EPSON Printer and Utilities" = EPSON Printer Software
"EQ5" = EQ5
"ESET Online Scanner" = ESET Online Scanner v3
"Family Tree Maker" = Family Tree Maker 6.0
"FileZilla Client" = FileZilla Client 3.3.5.1
"Film Factory" = Film Factory
"Google Chrome" = Google Chrome
"HP PSC 2100 Series" = HP Photo and Imaging 2.0 - hp psc 2100 series
"ie8" = Windows Internet Explorer 8
"ImageSkill Background Remover 3" = ImageSkill Background Remover 3
"Kaleider_is1" = Kaleider 4.4
"Little Mermaid II" = Little Mermaid II Return to the Sea
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metafile Companion 1.10" = Metafile Companion 1.10
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Picasa 3" = Picasa 3
"PlugLink 9650 Utility" = PlugLink 9650 Utility
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuiltAssist" = QuiltAssistant
"Rainlendar2" = Rainlendar2 (remove only)
"Search Toolbar" = Search Toolbar
"ShapeCollage" = Shape Collage
"Silent Package Run-Time Sample" = ESPR320 Reference Guide
"TTB000001.TTB000001Toolbar" = CouponBar
"Wacom Tablet Driver" = Wacom Tablet
"Web_3.0.3813.0" = Microsoft Expression Web 3
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/19/2011 6:46:18 AM | Computer Name = DOLORES | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/19/2011 10:15:13 AM | Computer Name = DOLORES | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt>
with error: The connection with the server was terminated abnormally

Error - 4/19/2011 10:15:13 AM | Computer Name = DOLORES | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt>
with error: This network connection does not exist.

Error - 4/19/2011 11:15:55 AM | Computer Name = DOLORES | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/19/2011 11:15:56 AM | Computer Name = DOLORES | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/19/2011 2:58:44 PM | Computer Name = DOLORES | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/20/2011 9:01:00 PM | Computer Name = DOLORES | Source = MsiInstaller | ID = 11704
Description = Product: Java(TM) 6 Update 18 -- Error 1704.An installation for Microsoft
FrontPage 2000 is currently suspended. You must undo the changes made by that
installation to continue. Do you want to undo those changes?

Error - 4/20/2011 9:41:06 PM | Computer Name = DOLORES | Source = Application Hang | ID = 1002
Description = Hanging application C3kWEPn.exe, version 1.1.0.64, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/22/2011 9:31:21 PM | Computer Name = DOLORES | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 10.0.6863.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/22/2011 9:53:58 PM | Computer Name = DOLORES | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/20/2011 9:30:50 PM | Computer Name = DOLORES | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/20/2011 9:30:50 PM | Computer Name = DOLORES | Source = Service Control Manager | ID = 7034
Description = The Protexis Licensing V2 service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/20/2011 9:30:50 PM | Computer Name = DOLORES | Source = Service Control Manager | ID = 7034
Description = The TabletServiceWacom service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/20/2011 9:30:50 PM | Computer Name = DOLORES | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 4/20/2011 9:30:50 PM | Computer Name = DOLORES | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/20/2011 9:30:50 PM | Computer Name = DOLORES | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/23/2011 9:47:28 AM | Computer Name = DOLORES | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/23/2011 9:47:28 AM | Computer Name = DOLORES | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/23/2011 9:47:28 AM | Computer Name = DOLORES | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/23/2011 9:47:28 AM | Computer Name = DOLORES | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.


< End of report >
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby AdaAlcove » April 23rd, 2011, 11:36 am

TDSSkiller

2011/04/23 11:30:23.0199 2496 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/23 11:30:23.0527 2496 ================================================================================
2011/04/23 11:30:23.0527 2496 SystemInfo:
2011/04/23 11:30:23.0527 2496
2011/04/23 11:30:23.0527 2496 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/23 11:30:23.0527 2496 Product type: Workstation
2011/04/23 11:30:23.0527 2496 ComputerName: DOLORES
2011/04/23 11:30:23.0527 2496 UserName: Owner
2011/04/23 11:30:23.0527 2496 Windows directory: C:\windows
2011/04/23 11:30:23.0527 2496 System windows directory: C:\windows
2011/04/23 11:30:23.0527 2496 Processor architecture: Intel x86
2011/04/23 11:30:23.0527 2496 Number of processors: 1
2011/04/23 11:30:23.0527 2496 Page size: 0x1000
2011/04/23 11:30:23.0527 2496 Boot type: Normal boot
2011/04/23 11:30:23.0527 2496 ================================================================================
2011/04/23 11:30:23.0699 2496 Initialize success
2011/04/23 11:30:29.0480 3920 ================================================================================
2011/04/23 11:30:29.0480 3920 Scan started
2011/04/23 11:30:29.0480 3920 Mode: Manual;
2011/04/23 11:30:29.0480 3920 ================================================================================
2011/04/23 11:30:30.0949 3920 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys
2011/04/23 11:30:31.0011 3920 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys
2011/04/23 11:30:31.0121 3920 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\windows\system32\drivers\aeaudio.sys
2011/04/23 11:30:31.0183 3920 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
2011/04/23 11:30:31.0230 3920 AFD (7618d5218f2a614672ec61a80d854a37) C:\windows\System32\drivers\afd.sys
2011/04/23 11:30:31.0574 3920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
2011/04/23 11:30:31.0636 3920 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
2011/04/23 11:30:31.0715 3920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
2011/04/23 11:30:31.0793 3920 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
2011/04/23 11:30:31.0855 3920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
2011/04/23 11:30:31.0918 3920 bvrp_pci (c915a416f265149471d74e0815c928b2) C:\windows\System32\drivers\bvrp_pci.sys
2011/04/23 11:30:32.0230 3920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
2011/04/23 11:30:32.0277 3920 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys
2011/04/23 11:30:32.0371 3920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
2011/04/23 11:30:32.0418 3920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
2011/04/23 11:30:32.0480 3920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
2011/04/23 11:30:32.0730 3920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
2011/04/23 11:30:32.0793 3920 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys
2011/04/23 11:30:32.0824 3920 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys
2011/04/23 11:30:32.0855 3920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
2011/04/23 11:30:32.0902 3920 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
2011/04/23 11:30:32.0965 3920 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
2011/04/23 11:30:32.0996 3920 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\windows\system32\drivers\drvmcdb.sys
2011/04/23 11:30:33.0027 3920 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\windows\system32\drivers\drvnddm.sys
2011/04/23 11:30:33.0105 3920 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\windows\system32\DRIVERS\e100b325.sys
2011/04/23 11:30:33.0168 3920 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
2011/04/23 11:30:33.0199 3920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys
2011/04/23 11:30:33.0246 3920 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys
2011/04/23 11:30:33.0277 3920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\DRIVERS\flpydisk.sys
2011/04/23 11:30:33.0324 3920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys
2011/04/23 11:30:33.0355 3920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
2011/04/23 11:30:33.0386 3920 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys
2011/04/23 11:30:33.0433 3920 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/23 11:30:33.0480 3920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
2011/04/23 11:30:33.0543 3920 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
2011/04/23 11:30:33.0652 3920 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\windows\system32\DRIVERS\HPZid412.sys
2011/04/23 11:30:33.0683 3920 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\windows\system32\DRIVERS\HPZipr12.sys
2011/04/23 11:30:33.0730 3920 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\windows\system32\DRIVERS\HPZius12.sys
2011/04/23 11:30:33.0793 3920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
2011/04/23 11:30:33.0933 3920 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\drivers\i8042prt.sys
2011/04/23 11:30:33.0996 3920 ialm (1406d6ef4436aee970efe13193123965) C:\windows\system32\DRIVERS\ialmnt5.sys
2011/04/23 11:30:34.0058 3920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
2011/04/23 11:30:34.0183 3920 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys
2011/04/23 11:30:34.0246 3920 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys
2011/04/23 11:30:34.0308 3920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/04/23 11:30:34.0355 3920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
2011/04/23 11:30:34.0402 3920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
2011/04/23 11:30:34.0480 3920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
2011/04/23 11:30:34.0527 3920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
2011/04/23 11:30:34.0590 3920 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys
2011/04/23 11:30:34.0652 3920 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys
2011/04/23 11:30:34.0683 3920 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys
2011/04/23 11:30:34.0730 3920 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
2011/04/23 11:30:34.0777 3920 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
2011/04/23 11:30:34.0886 3920 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\windows\system32\DRIVERS\LVPr2Mon.sys
2011/04/23 11:30:34.0949 3920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
2011/04/23 11:30:34.0996 3920 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys
2011/04/23 11:30:35.0027 3920 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys
2011/04/23 11:30:35.0090 3920 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys
2011/04/23 11:30:35.0183 3920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
2011/04/23 11:30:35.0230 3920 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\windows\system32\DRIVERS\MpFilter.sys
2011/04/23 11:30:35.0543 3920 MR97310_USB_DUAL_CAMERA (2d5990203cb98b7dfd13d73d71c48028) C:\windows\system32\DRIVERS\mr97310c.sys
2011/04/23 11:30:35.0636 3920 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2011/04/23 11:30:35.0699 3920 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2011/04/23 11:30:35.0761 3920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
2011/04/23 11:30:35.0824 3920 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/04/23 11:30:35.0871 3920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
2011/04/23 11:30:35.0918 3920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
2011/04/23 11:30:35.0949 3920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
2011/04/23 11:30:35.0980 3920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
2011/04/23 11:30:36.0027 3920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
2011/04/23 11:30:36.0058 3920 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys
2011/04/23 11:30:36.0105 3920 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys
2011/04/23 11:30:36.0152 3920 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys
2011/04/23 11:30:36.0183 3920 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
2011/04/23 11:30:36.0215 3920 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys
2011/04/23 11:30:36.0261 3920 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys
2011/04/23 11:30:36.0293 3920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
2011/04/23 11:30:36.0324 3920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
2011/04/23 11:30:36.0371 3920 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
2011/04/23 11:30:36.0402 3920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
2011/04/23 11:30:36.0496 3920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
2011/04/23 11:30:36.0574 3920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
2011/04/23 11:30:36.0636 3920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
2011/04/23 11:30:36.0715 3920 NTPASp50 (71cb7616cb36d43ea787c41ab55fe458) C:\windows\system32\Drivers\NTPASp50.sys
2011/04/23 11:30:36.0761 3920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
2011/04/23 11:30:36.0808 3920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
2011/04/23 11:30:36.0840 3920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
2011/04/23 11:30:36.0886 3920 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\windows\SYSTEM32\DRIVERS\OMCI.SYS
2011/04/23 11:30:36.0933 3920 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys
2011/04/23 11:30:36.0996 3920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
2011/04/23 11:30:37.0058 3920 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys
2011/04/23 11:30:37.0090 3920 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys
2011/04/23 11:30:37.0136 3920 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys
2011/04/23 11:30:37.0168 3920 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys
2011/04/23 11:30:37.0465 3920 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\windows\system32\DRIVERS\LV302V32.SYS
2011/04/23 11:30:38.0355 3920 PLCNDIS5 (2aba2f545b35f9c6cc2cfc4e1d539a80) C:\windows\System32\PLCNDIS5.SYS
2011/04/23 11:30:38.0418 3920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
2011/04/23 11:30:38.0496 3920 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\windows\system32\DRIVERS\processr.sys
2011/04/23 11:30:38.0527 3920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
2011/04/23 11:30:38.0558 3920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
2011/04/23 11:30:38.0605 3920 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\windows\system32\DRIVERS\PxHelp20.sys
2011/04/23 11:30:38.0777 3920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
2011/04/23 11:30:38.0824 3920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/04/23 11:30:38.0855 3920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
2011/04/23 11:30:38.0886 3920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
2011/04/23 11:30:38.0949 3920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
2011/04/23 11:30:38.0980 3920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/04/23 11:30:39.0027 3920 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys
2011/04/23 11:30:39.0074 3920 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys
2011/04/23 11:30:39.0152 3920 RT73 (da4980fad2b7d86d6ed8e35e3874f65e) C:\windows\system32\DRIVERS\rt73.sys
2011/04/23 11:30:39.0199 3920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
2011/04/23 11:30:39.0261 3920 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys
2011/04/23 11:30:39.0308 3920 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\DRIVERS\serial.sys
2011/04/23 11:30:39.0371 3920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
2011/04/23 11:30:39.0449 3920 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys
2011/04/23 11:30:39.0496 3920 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\windows\system32\drivers\smwdm.sys
2011/04/23 11:30:39.0543 3920 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\windows\system32\DRIVERS\SONYPVU1.SYS
2011/04/23 11:30:39.0605 3920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
2011/04/23 11:30:39.0668 3920 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys
2011/04/23 11:30:39.0730 3920 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
2011/04/23 11:30:39.0761 3920 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\windows\system32\drivers\sscdbhk5.sys
2011/04/23 11:30:39.0777 3920 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\windows\system32\drivers\ssrtln.sys
2011/04/23 11:30:39.0855 3920 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys
2011/04/23 11:30:39.0886 3920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
2011/04/23 11:30:39.0933 3920 SWLD23U (1ec513697ef612dcd38fb99271d92398) C:\windows\system32\DRIVERS\SWLD23U.sys
2011/04/23 11:30:39.0965 3920 swlubtl (115f988b94c6285b0073e88867af2ab0) C:\windows\system32\Drivers\swlubtl.sys
2011/04/23 11:30:40.0011 3920 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
2011/04/23 11:30:40.0121 3920 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
2011/04/23 11:30:40.0402 3920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
2011/04/23 11:30:40.0449 3920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
2011/04/23 11:30:40.0480 3920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
2011/04/23 11:30:40.0527 3920 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
2011/04/23 11:30:40.0590 3920 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\windows\system32\dla\tfsnboio.sys
2011/04/23 11:30:40.0605 3920 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\windows\system32\dla\tfsncofs.sys
2011/04/23 11:30:40.0636 3920 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\windows\system32\dla\tfsndrct.sys
2011/04/23 11:30:40.0652 3920 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\windows\system32\dla\tfsndres.sys
2011/04/23 11:30:40.0668 3920 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\windows\system32\dla\tfsnifs.sys
2011/04/23 11:30:40.0699 3920 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\windows\system32\dla\tfsnopio.sys
2011/04/23 11:30:40.0715 3920 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\windows\system32\dla\tfsnpool.sys
2011/04/23 11:30:40.0746 3920 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\windows\system32\dla\tfsnudf.sys
2011/04/23 11:30:40.0777 3920 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\windows\system32\dla\tfsnudfa.sys
2011/04/23 11:30:40.0886 3920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
2011/04/23 11:30:40.0965 3920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
2011/04/23 11:30:41.0027 3920 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\windows\system32\Drivers\usbaapl.sys
2011/04/23 11:30:41.0090 3920 usbaudio (e919708db44ed8543a7c017953148330) C:\windows\system32\drivers\usbaudio.sys
2011/04/23 11:30:41.0121 3920 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
2011/04/23 11:30:41.0136 3920 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
2011/04/23 11:30:41.0152 3920 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
2011/04/23 11:30:41.0183 3920 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys
2011/04/23 11:30:41.0199 3920 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys
2011/04/23 11:30:41.0230 3920 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/04/23 11:30:41.0261 3920 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys
2011/04/23 11:30:41.0324 3920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
2011/04/23 11:30:41.0402 3920 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys
2011/04/23 11:30:41.0465 3920 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\windows\system32\DRIVERS\wacommousefilter.sys
2011/04/23 11:30:41.0527 3920 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\windows\system32\DRIVERS\wacomvhid.sys
2011/04/23 11:30:41.0574 3920 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\windows\system32\DRIVERS\WacomVKHid.sys
2011/04/23 11:30:41.0621 3920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
2011/04/23 11:30:41.0668 3920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
2011/04/23 11:30:41.0761 3920 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS
2011/04/23 11:30:41.0824 3920 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
2011/04/23 11:30:41.0855 3920 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys
2011/04/23 11:30:41.0933 3920 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\windows\system32\drivers\ialmsbw.sys
2011/04/23 11:30:41.0965 3920 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\windows\system32\drivers\ialmkchw.sys
2011/04/23 11:30:42.0105 3920 ================================================================================
2011/04/23 11:30:42.0105 3920 Scan finished
2011/04/23 11:30:42.0105 3920 ================================================================================
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby Gary R » April 23rd, 2011, 1:05 pm

OK, nothing of any consequence showing in any of your logs.

There's a couple of minor Registry setting that need seeing to but your computer looks clean. Could be your router has been hijacked.

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000

:Files
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
[emptyflash]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Let’s try to Reset your Router to its default configuration.
  • This can be done by inserting something like an opened paper clip into a small hole labeled Reset that's usually found at the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know your router's default password, you can look it up. HERE
  • You will need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to ask your Internet Service Provider (ISP) which DNS servers your network should be using.

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This should help to stop your router from being hijacked again.

Next

Please download Rootkit Unhooker and extract it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Summary of the logs I need from you in your next post:
  • OTL log
  • RKU log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Please help!

Unread postby AdaAlcove » April 23rd, 2011, 6:37 pm

OTL Log
All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 12764 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 327649 bytes
->Temporary Internet Files folder emptied: 4017533 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96324634 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2861 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2615625 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15803176 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 114.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04232011_145024

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby Gary R » April 24th, 2011, 2:01 am

I don't see the RKU log I asked for, if you haven't yet run a RKU scan please do so following the instructions in my last post and post me the log.

Are you still being re-directed ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Please help!

Unread postby AdaAlcove » April 24th, 2011, 4:22 am

We had trouble getting the router back on line. The scan just finished about 5 minutes ago. Here it is.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xEE00B000 C:\windows\system32\DRIVERS\LV302V32.SYS 2682880 bytes (Logitech Inc., Logitech Webcam Software Driver)
0x804D7000 C:\windows\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\windows\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF662A000 C:\windows\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF7455000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF06F000 C:\windows\System32\ialmdd5.DLL 483328 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xEE2C2000 C:\windows\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6580000 C:\windows\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEE3CD000 C:\windows\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xED73D000 C:\windows\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF0E5000 C:\windows\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF7588000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBF041000 C:\windows\System32\ialmdev5.DLL 188416 bytes (Intel Corporation, Component GHAL Driver)
0xED925000 C:\windows\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7428000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEC863000 C:\windows\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEE332000 C:\windows\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF66EF000 C:\windows\System32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xEE3A5000 C:\windows\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEE481000 C:\windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xEE37F000 C:\windows\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEC88E000 C:\windows\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6606000 C:\windows\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6717000 C:\windows\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF66B8000 C:\windows\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEE35D000 C:\windows\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF01F000 C:\windows\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\windows\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7520000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7558000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEE4A8000 C:\windows\system32\drivers\ialmsbw.sys 114688 bytes (Intel Corporation, Intel Graphics Platform (SoftBIOS) Driver for Windows 2000(R) & Windows XP(TM))
0xF740E000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xEDE6D000 C:\windows\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7540000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEDFF3000 C:\windows\System32\Drivers\dump_atapi.sys 98304 bytes
0xEDE86000 C:\windows\system32\dla\tfsnudf.sys 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xF674F000 C:\windows\System32\DRIVERS\ialmnt5.sys 94208 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF74E2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF65EF000 C:\windows\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF74F9000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xEDE9E000 C:\windows\system32\dla\tfsnifs.sys 86016 bytes (Sonic Solutions, Drive Letter Access Component)
0xEDB38000 C:\windows\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xEE4C4000 C:\windows\system32\drivers\ialmkchw.sys 81920 bytes (Intel Corporation, Intel Graphics Chipset (KCH) Driver for Windows 2000(R) & Windows XP(TM))
0xF66DB000 C:\windows\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF673B000 C:\windows\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEE426000 C:\windows\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\windows\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF750E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7577000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF65DE000 C:\windows\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF6786000 C:\windows\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7687000 C:\windows\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7677000 C:\windows\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76C7000 C:\windows\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76A7000 C:\windows\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEDC65000 C:\windows\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6766000 C:\windows\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF7757000 C:\windows\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7617000 C:\windows\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7777000 C:\windows\System32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xBF012000 C:\windows\System32\ialmrnt5.dll 53248 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF76E7000 C:\windows\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75F7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7707000 C:\windows\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF67A6000 C:\windows\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76B7000 C:\windows\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75E7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76F7000 C:\windows\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7697000 C:\windows\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF75D7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7737000 C:\windows\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7727000 C:\windows\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7607000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF76D7000 C:\windows\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7667000 C:\windows\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7717000 C:\windows\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF67D6000 C:\windows\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEC992000 C:\windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF67F6000 C:\windows\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF67E6000 C:\windows\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF795F000 C:\windows\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF797F000 C:\windows\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF798F000 C:\windows\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF78D7000 C:\windows\System32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xF799F000 C:\windows\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF79DF000 C:\windows\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7857000 C:\windows\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78E7000 C:\windows\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF79AF000 C:\windows\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF78F7000 C:\windows\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF79B7000 C:\windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF79C7000 C:\windows\System32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF78BF000 C:\windows\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78C7000 C:\windows\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF78FF000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A64CFEA7-2D44-4E82-ABCE-C01E155309C3}\MpKslbba69ec0.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xF792F000 C:\windows\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF7987000 C:\windows\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF793F000 C:\windows\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF78EF000 C:\windows\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7997000 C:\windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xF79BF000 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS 20480 bytes (Motive, Inc., Motive NDIS 5.0 Protocol Driver)
0xF794F000 C:\windows\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7917000 C:\windows\System32\Drivers\NTPASp50.sys 20480 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 SPR Protocol Driver)
0xF785F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78A7000 C:\windows\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7867000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF78B7000 C:\windows\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7897000 C:\windows\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF789F000 C:\windows\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF6F4C000 C:\windows\System32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xF7A8F000 C:\windows\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A7B000 C:\windows\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEDEB3000 C:\windows\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7AB3000 C:\windows\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF7AD3000 C:\windows\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xEDF37000 C:\windows\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF6F54000 C:\windows\System32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF79E7000 C:\windows\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A77000 C:\windows\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6574000 C:\windows\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7A83000 C:\windows\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A67000 C:\windows\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF656C000 C:\windows\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B0D000 C:\windows\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7B53000 C:\windows\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B61000 C:\windows\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B4F000 C:\windows\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AD7000 C:\windows\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B57000 C:\windows\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B5F000 C:\windows\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7B5B000 C:\windows\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B03000 C:\windows\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7B17000 C:\windows\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B87000 C:\windows\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7B1B000 C:\windows\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B0F000 C:\windows\System32\DRIVERS\wacomvhid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
0xF7B11000 C:\windows\System32\DRIVERS\WacomVKHid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
0xF7AD9000 C:\windows\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BC1000 C:\windows\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BA2000 C:\windows\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C83000 C:\windows\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B9F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7CAD000 C:\windows\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7C60000 C:\windows\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================
0x04E70000 Hidden Image-->System.Data.dll [ EPROCESS 0x867389E0 ] PID: 492, 2961408 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\temp\tmp188.tmp
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\temp\~DF1779.tmp
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\temp\~WRD0001.doc
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\temp\~WRS0000.tmp
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP774\change.log.2
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP774\drivetable.txt
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\A0124081.rbf
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\A0124082.rbf
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\change.log
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\RestorePointSize
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\rp.log
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\ComDb.Dat
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\domain.txt
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\Repository\$WinMgmt.CFG
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\Repository\FS\INDEX.BTR
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\Repository\FS\INDEX.MAP
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\Repository\FS\MAPPING.VER
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\Repository\FS\MAPPING1.MAP
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\Repository\FS\MAPPING2.MAP
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\Repository\FS\OBJECTS.DATA
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\Repository\FS\OBJECTS.MAP
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\_REGISTRY_MACHINE_SAM
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\_REGISTRY_MACHINE_SECURITY
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\_REGISTRY_MACHINE_SOFTWARE
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\_REGISTRY_MACHINE_SYSTEM
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\_REGISTRY_USER_.DEFAULT
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-746137067-492894223-725345543-1003
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
!-->[Hidden] C:\System Volume Information\_restore{D65A3307-59B9-45C3-99FD-68AA64DD6ED9}\RP775\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-746137067-492894223-725345543-1003
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$\Managed\3e43b73803c7c394f8a6b2f0402e19c2\8.0.59193\FL_msdia71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98\9.0.30729\FL_msdia71_dll_2_60035_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
!-->[Hidden] C:\WINDOWS\Installer\29ba457.msi
!-->[Hidden] C:\WINDOWS\Installer\29ba45d.msi
!-->[Hidden] C:\WINDOWS\Prefetch\INSTALL.EXE-019FDC96.pf
!-->[Hidden] C:\WINDOWS\Prefetch\VCREDIST_X86.EXE-04D87126.pf
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\Install\vcredist_x86.exe
!-->[Hidden] C:\WINDOWS\Temp\dd_vcredistMSI3882.txt
!-->[Hidden] C:\WINDOWS\Temp\dd_vcredistUI3882.txt
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c.manifest
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8.manifest
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb.manifest
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd.manifest
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662.manifest
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a.manifest
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6.manifest
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b.manifest
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb.manifest
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422.manifest
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.5592.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.5592.policy
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.5592.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.5592.policy
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\8.0.50727.5592.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\8.0.50727.5592.policy
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.5592.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.5592.policy
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9\8.0.50727.5592.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9\8.0.50727.5592.policy
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.30729.5570.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.30729.5570.policy
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.5570.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.5570.policy
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\9.0.30729.5570.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\9.0.30729.5570.policy
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\9.0.30729.5570.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\9.0.30729.5570.policy
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.30729.5570.cat
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.30729.5570.policy
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
[1612]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1612]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1612]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1612]explorer.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj01.dll]
[1612]explorer.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj01.dll]
[1612]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj01.dll]
[1612]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011CC-->00000000 [LVPrcInj01.dll]
[1612]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1612]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1612]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1612]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[2864]LWS.exe-->kernel32.dll-->FindResourceA, Type: IAT modification 0x0050A2F4-->00000000 [LWS.exe]
[2864]LWS.exe-->kernel32.dll-->FindResourceExW, Type: IAT modification 0x0050A2F0-->00000000 [LWS.exe]
[2864]LWS.exe-->kernel32.dll-->FindResourceW, Type: IAT modification 0x0050A4CC-->00000000 [LWS.exe]
[2864]LWS.exe-->kernel32.dll-->FreeResource, Type: IAT modification 0x0050A3F8-->00000000 [LWS.exe]
[2864]LWS.exe-->kernel32.dll-->GetProfileIntA, Type: IAT modification 0x0050A2EC-->00000000 [LWS.exe]
[2864]LWS.exe-->kernel32.dll-->GetProfileIntW, Type: IAT modification 0x0050A388-->00000000 [LWS.exe]
[2864]LWS.exe-->kernel32.dll-->LoadResource, Type: IAT modification 0x0050A4D0-->00000000 [LWS.exe]
[2864]LWS.exe-->kernel32.dll-->LockResource, Type: IAT modification 0x0050A4D4-->00000000 [LWS.exe]
[2864]LWS.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj01.dll]
[2864]LWS.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj01.dll]
[2864]LWS.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj01.dll]
[2864]LWS.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011CC-->00000000 [LVPrcInj01.dll]
[2864]LWS.exe-->kernel32.dll-->SizeofResource, Type: IAT modification 0x0050A4D8-->00000000 [LWS.exe]
[2864]LWS.exe-->user32.dll-->LoadMenuA, Type: IAT modification 0x0050A7E0-->00000000 [LWS.exe]
[2864]LWS.exe-->user32.dll-->LoadMenuW, Type: IAT modification 0x0050A6E8-->00000000 [LWS.exe]
[2864]LWS.exe-->user32.dll-->LoadStringA, Type: IAT modification 0x0050A7DC-->00000000 [LWS.exe]
[2864]LWS.exe-->user32.dll-->LoadStringW, Type: IAT modification 0x0050A7D8-->00000000 [LWS.exe]
[3564]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x013890A0-->00000000 [unknown_code_page]
[3564]Skype.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x013890A4-->00000000 [Skype.exe]
[3564]Skype.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj01.dll]
[3564]Skype.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj01.dll]
[3564]Skype.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj01.dll]
[3564]Skype.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011CC-->00000000 [LVPrcInj01.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm

Re: Please help!

Unread postby AdaAlcove » April 24th, 2011, 5:14 am

Computer does not seem to be getting hijacked right now.
AdaAlcove
Regular Member
 
Posts: 24
Joined: April 18th, 2011, 3:49 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 68 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware