PDA

View Full Version : I think my computer is infected.


crashingdell
2010-09-20, 17:12
FYI...Before coming to this forum I downloaded, installed, and ran spybot SSD, Mal-ware bytes, and Ad-aware. I ran all three and only MWB found anything...6 tracking cookies. I have kaspersky as my antivirus program and no threats have been detected. That said, my IE appears to be hijacked. It will often redirect, and my computer is running VERY SLOW. It often locks up shortly after visiting and yahoo site. I can see the browser on the bottom left trying to load multiple ad sites. Here is the log.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Gadfly at 11:00:27.93 on Mon 09/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.275 [GMT -4:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gadfly\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paloal~1.lnk - c:\program files\common files\palo alto software\8.0\PAS8_Update.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} - hxxp://www.blackberry.com/devicesoftware/AxLoader.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157768554078
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-9 64288]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-11-22 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355928]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-10 135664]

=============== Created Last 30 ================

2010-09-16 18:26:28 3246 ----a-w- c:\windows\system32\wbem\Outlook_01cb55ccadde7997.mof
2010-09-10 01:39:29 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-10 01:39:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-10 01:32:12 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-10 01:31:11 0 d-----w- c:\program files\Lavasoft

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-29 16:03:02 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-29 16:03:01 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 21:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2008-08-10 17:29:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081020080811\index.dat
2009-09-27 12:35:07 2805792 --sha-w- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 11:03:12.81 ===============
ken545
2010-09-23, 02:18
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware execpt for the programs we may run.



Step 1 | Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
crashingdell
2010-09-23, 04:42
Hey Ken, I actually live in West Haven....noticed you are in CT also.

Anyhow, here is the info you requested.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000014

Kernel Drivers (total 194):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 cmdide.sys
0xBA5AE000 aliide.sys
0xBA5B0000 toside.sys
0xBA5B2000 viaide.sys
0xBA5B4000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xBA4C4000 cpqarray.sys
0xB9F0B000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB9EF3000 atapi.sys
0xBA4C8000 aha154x.sys
0xBA338000 sparrow.sys
0xBA4CC000 symc810.sys
0xBA0D8000 aic78xx.sys
0xBA4D0000 dac960nt.sys
0xBA0E8000 ql10wnt.sys
0xBA4D4000 amsint.sys
0xBA340000 asc.sys
0xBA4D8000 asc3550.sys
0xBA348000 mraid35x.sys
0xBA350000 i2omp.sys
0xBA4DC000 ini910u.sys
0xBA0F8000 ql1240.sys
0xBA108000 aic78u2.sys
0xBA358000 symc8xx.sys
0xBA360000 sym_hi.sys
0xBA368000 sym_u3.sys
0xBA370000 ABP480N5.SYS
0xBA378000 asc3350p.sys
0xBA5B6000 cd20xrnt.sys
0xBA118000 ultra.sys
0xB9EDA000 adpu160m.sys
0xBA380000 dpti2o.sys
0xBA128000 ql1080.sys
0xBA138000 ql1280.sys
0xBA148000 ql12160.sys
0xBA388000 perc2.sys
0xBA5B8000 perc2hib.sys
0xBA390000 hpn.sys
0xBA4E0000 cbidf2k.sys
0xB9EAE000 dac2w2k.sys
0xBA158000 disk.sys
0xBA168000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E8E000 fltmgr.sys
0xB9E7C000 sr.sys
0xBA178000 Lbd.sys
0xB9E66000 drvmcdb.sys
0xBA188000 PxHelp20.sys
0xB9E4F000 KSecDD.sys
0xB9DC2000 Ntfs.sys
0xB9D95000 NDIS.sys
0xBA198000 sisagp.sys
0xBA1A8000 viaagp.sys
0xBA1B8000 ohci1394.sys
0xBA1C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D7B000 Mup.sys
0xBA1D8000 klbg.sys
0xBA1E8000 agp440.sys
0xBA1F8000 alim1541.sys
0xBA208000 amdagp.sys
0xBA218000 agpCPQ.sys
0xBA248000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9C93000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB9C7E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB8826000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8812000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB87EA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8648000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8624000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3C0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA308000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xB8610000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB8E27000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB85C4000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xB8E17000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8595000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8E07000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8DF7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5DA000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xB8DE7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8DD7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8572000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8DC7000 \SystemRoot\system32\DRIVERS\klim5.sys
0xBA6C6000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8DB7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9C66000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB855B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8DA7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8D97000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8522000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA318000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB84F2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB9D6B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5DC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8494000 \SystemRoot\system32\DRIVERS\update.sys
0xBA570000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA400000 \SystemRoot\system32\DRIVERS\omci.sys
0xB9D5B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA8262000 \SystemRoot\system32\drivers\sthda.sys
0xA823E000 \SystemRoot\system32\drivers\portcls.sys
0xB9D2B000 \SystemRoot\system32\drivers\drmk.sys
0xA820C000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA810F000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA805F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA418000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9CFB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB9C97000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA7FE6000 \SystemRoot\system32\DRIVERS\klif.sys
0xBA5EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA773000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5EE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA428000 \SystemRoot\system32\drivers\ssrtln.sys
0xBA430000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA438000 \SystemRoot\System32\drivers\vga.sys
0xBA5F0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA440000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA448000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8547000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA7F3B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA7EE2000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA7EBA000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA799A000 \??\C:\WINDOWS\system32\drivers\kl1.sys
0xA78DB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9CEB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA7891000 \SystemRoot\System32\drivers\afd.sys
0xB9CDB000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA7866000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA77F6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9327000 \SystemRoot\System32\Drivers\Fips.SYS
0xB9317000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA8053000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xB92B7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA77DE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA608000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA7FE2000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA478000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7C5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB92C7000 \SystemRoot\system32\drivers\drvnddm.sys
0xBA6A4000 \SystemRoot\system32\dla\tfsndres.sys
0xA7660000 \SystemRoot\system32\dla\tfsnifs.sys
0xA76FA000 \SystemRoot\system32\dla\tfsnopio.sys
0xBA62A000 \SystemRoot\system32\dla\tfsnpool.sys
0xBA490000 \SystemRoot\system32\dla\tfsnboio.sys
0xB92A7000 \SystemRoot\system32\dla\tfsncofs.sys
0xBA6A5000 \SystemRoot\system32\dla\tfsndrct.sys
0xA7647000 \SystemRoot\system32\dla\tfsnudf.sys
0xA762E000 \SystemRoot\system32\dla\tfsnudfa.sys
0xBA498000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA7682000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA752A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA71F1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA7048000 \SystemRoot\System32\Drivers\HTTP.sys
0xA6F01000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7089000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA69EC000 \SystemRoot\system32\drivers\wdmaud.sys
0xA6A29000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7091000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
0xA653A000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xBA66C000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0xA53EE000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 69):
0 System Idle Process
4 System
1360 C:\WINDOWS\system32\smss.exe
1408 csrss.exe
1432 C:\WINDOWS\system32\winlogon.exe
1484 C:\WINDOWS\system32\services.exe
1496 C:\WINDOWS\system32\lsass.exe
1680 C:\WINDOWS\system32\svchost.exe
1792 svchost.exe
1840 C:\WINDOWS\system32\svchost.exe
1892 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
144 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
192 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
340 svchost.exe
488 svchost.exe
812 C:\WINDOWS\system32\spoolsv.exe
920 svchost.exe
1040 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1060 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
1088 C:\Program Files\Bonjour\mDNSResponder.exe
1112 svchost.exe
1212 C:\WINDOWS\ehome\ehrecvr.exe
1252 C:\WINDOWS\ehome\ehSched.exe
212 C:\Program Files\Java\jre6\bin\jqs.exe
404 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
400 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
912 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1300 svchost.exe
1396 C:\WINDOWS\system32\svchost.exe
2100 mcrdsvc.exe
2388 wmiprvse.exe
2924 C:\WINDOWS\explorer.exe
3384 unsecapp.exe
3816 alg.exe
388 C:\WINDOWS\ehome\ehtray.exe
652 C:\WINDOWS\system32\rundll32.exe
1800 C:\WINDOWS\ehome\ehmsas.exe
1852 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2432 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
408 C:\WINDOWS\system32\dllhost.exe
2692 C:\WINDOWS\system32\TaskSwitch.exe
1100 C:\WINDOWS\system32\dla\tfswctrl.exe
2920 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3020 C:\WINDOWS\system32\hkcmd.exe
3044 C:\WINDOWS\system32\igfxpers.exe
3096 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
1728 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
2716 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
1488 C:\Program Files\Dell\QuickSet\quickset.exe
3412 C:\Program Files\iTunes\iTunesHelper.exe
3588 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1988 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
4072 C:\WINDOWS\system32\ctfmon.exe
4012 C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
2864 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
1008 C:\Program Files\iPod\bin\iPodService.exe
3424 C:\WINDOWS\system32\svchost.exe
136 C:\WINDOWS\system32\igfxsrvc.exe
648 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
2236 C:\Program Files\Internet Explorer\iexplore.exe
996 C:\Program Files\Internet Explorer\iexplore.exe
1704 C:\Program Files\Internet Explorer\iexplore.exe
4800 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
6028 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
4960 C:\Program Files\Internet Explorer\iexplore.exe
6092 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
2988 C:\Program Files\Internet Explorer\iexplore.exe
2308 C:\WINDOWS\system32\wscntfy.exe
6140 C:\Documents and Settings\Gadfly\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541060G9SA00, Rev: MB3OC60R

Size Device Name MBR Status
--------------------------------------------
54 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 86489E3B39BA71CCD7428B67894DE6732DFFF0C8


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
ken545
2010-09-23, 10:49
Hi,

Yep, not to far from you. Ever been to Pepe's Pizza ?

Looks like your Master Boot Record is infected and this can be very delicate to fix. Before we proceed we need to check for a Rootkit also.

Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
crashingdell
2010-09-23, 18:52
Used to go there all the time, now only once in a while. If the wait is too bad I go to "the spot" next door. Just the same, just not usually a wait.

Zuppardi's in West Haven is great pizza. The Sausage pie there is fantastic.

As far as my computer. I ran the program, when I went to save the file as a .txt, it defaulted as a .log file. So I saved it as ark.log and then renamed it ark.txt. Hopefully that is okay.

Also, I disabled the antivirus software (kaspersky), but midway through the scan it activated itself for about 5 seconds. I quickly turned it off.
ken545
2010-09-23, 19:04
Go ahead and post the log or attach it if you wish
crashingdell
2010-09-23, 19:06
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-23 12:06:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Gadfly\LOCALS~1\Temp\uxtdipog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA800658C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xA8006E0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xA8007922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xA8007E94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xA80070EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xA8005436]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xA8007D6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xA8006192]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xA8007C28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xA800634E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA8007FC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA8009C08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xA8006AAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xA8007CCA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA80095FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xA80059FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xA8005D88]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA8007576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xA800A5CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA8005ECA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA8005F74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xA8007382]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xA800968C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xA8005412]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xA8005424]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xA8009CBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA80060C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xA8007F36]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xA8006E8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xA80055DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xA8007E04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xA8006792]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xA8009C32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA8008068]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xA80066B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xA800601E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA8005C46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xA8009FD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xA8005896]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xA8009922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xA8005B0E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xA80052B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xA80083F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA80082B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xA800939A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xA800CE2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xA800A4AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xA8005248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xA800765C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xA8006CC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xA8008C4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xA8009786]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xA800A114]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xA800571E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xA800A1F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xA800A320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xA8009526]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xA800690A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xA8006860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA8009E8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA80069EA]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9FA0 5 Bytes JMP A7FFB4DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE87E 5 Bytes JMP A7FFB8B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 244C 80501C84 16 Bytes [4E, 63, 00, A8, C6, 7F, 00, ...] {DEC ESI; ARPL [EAX], AX; TEST AL, 0xc6; JG 0x7; TEST AL, 0x8; PUSHF ; ADD [EAX-0x57ff9556], CH}
.text ntkrnlpa.exe!ZwCallbackReturn + 2508 80501D40 12 Bytes [8C, 96, 00, A8, 12, 54, 00, ...] {MOV WORD [ESI+0x5412a800], SS; ADD [EAX-0x57ffabdc], CH}
.text ntkrnlpa.exe!ZwCallbackReturn + 2684 80501EBC 16 Bytes [0E, 5B, 00, A8, B0, 52, 00, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2778 80501FB0 12 Bytes [F8, A1, 00, A8, 20, A3, 00, ...] {CLC ; MOV EAX, [0xa320a800]; ADD [EAX-0x57ff6ada], CH}
.text ntkrnlpa.exe!ZwCallbackReturn + 27D8 80502010 4 Bytes JMP 5CA80069
? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1060] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1060] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1060] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 33, 6D]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2716] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 33, 6D]
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[6028] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 30F8D300 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \FileSystem\Fastfat \Fat A52C7D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Processes - GMER 1.0.15 ----

Library C:\Documents (*** hidden *** ) @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [1060] 0x06FF0000
Library C:\Documents (*** hidden *** ) @ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [1060] 0x0A250000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016414d1a58
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016414d1a58 (not active ControlSet)

---- EOF - GMER 1.0.15 ----
ken545
2010-09-23, 22:43
Hi,

Lets do this. Keep MBRCheck on your desktop, we may need it later.

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
crashingdell
2010-09-23, 23:23
ComboFix 10-09-23.01 - Gadfly 09/23/2010 16:55:31.11.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.908 [GMT -4:00]
Running from: c:\documents and settings\Gadfly\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-09-20 15:26 . 2010-09-20 15:26 -------- d-----w- c:\program files\ERUNT
2010-09-10 02:13 . 2010-09-10 02:13 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-10 01:39 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-10 01:39 . 2010-09-10 01:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-10 01:33 . 2010-09-10 01:33 -------- d-----w- c:\documents and settings\Gadfly\Local Settings\Application Data\Sunbelt Software
2010-09-10 01:32 . 2010-09-10 01:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-10 01:31 . 2010-09-10 01:31 -------- d-----w- c:\program files\Lavasoft
2010-09-09 23:11 . 2010-09-09 23:11 -------- d-----w- c:\program files\Common Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 21:09 . 2009-11-23 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-09-23 20:48 . 2008-10-18 18:57 -------- d-----w- c:\documents and settings\Gadfly\Application Data\FileZilla
2010-09-16 16:10 . 2010-09-16 16:10 850448 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\updater.dll
2010-09-16 16:10 . 2010-09-16 16:10 850520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\updater.dll
2010-09-10 01:31 . 2008-09-15 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-09-09 23:10 . 2006-09-08 23:31 -------- d-----w- c:\program files\Java
2010-09-05 14:44 . 2010-02-14 03:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-01 16:19 . 2006-09-08 23:27 37640 ----a-w- c:\documents and settings\Gadfly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-29 16:17 . 2010-08-17 15:19 -------- d-----w- c:\program files\DraftDominator
2010-08-24 00:28 . 2006-09-23 19:05 -------- d-----w- c:\documents and settings\Gadfly\Application Data\Apple Computer
2010-08-18 19:07 . 2010-08-18 19:07 170584 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll
2010-08-18 19:07 . 2010-08-18 19:07 340520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe
2010-08-17 15:16 . 2010-08-17 15:16 -------- d-----w- c:\program files\MFL Import
2010-08-17 13:17 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 15:38 . 2010-08-16 15:38 -------- d-----w- c:\program files\MSECache
2010-08-12 12:16 . 2010-09-10 01:32 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-04 21:15 . 2007-01-21 22:06 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-08-04 16:23 . 2007-01-21 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-08-04 16:23 . 2006-09-08 23:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 13:33 . 2010-08-03 13:33 503808 ----a-w- c:\documents and settings\Gadfly\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3bb31d84-n\msvcp71.dll
2010-08-03 13:33 . 2010-08-03 13:33 12800 ----a-w- c:\documents and settings\Gadfly\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-74e5ae48-n\decora-d3d.dll
2010-08-03 13:33 . 2010-08-03 13:33 61440 ----a-w- c:\documents and settings\Gadfly\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-74e5ae48-n\decora-sse.dll
2010-08-03 13:33 . 2010-08-03 13:33 499712 ----a-w- c:\documents and settings\Gadfly\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3bb31d84-n\jmc.dll
2010-08-03 13:33 . 2010-08-03 13:33 348160 ----a-w- c:\documents and settings\Gadfly\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3bb31d84-n\msvcr71.dll
2010-07-29 16:03 . 2009-11-23 01:27 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-29 16:03 . 2009-11-23 01:27 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-22 15:49 . 2005-08-16 09:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 23:00 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 09:00 . 2010-04-18 19:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2005-08-16 09:18 149504 ----a-w- c:\windows\system32\schannel.dll
2009-09-27 12:35 . 2009-09-26 23:31 2805792 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-04-06 1032192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Palo Alto Software Update Manager 8.0.lnk - c:\program files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe [2004-6-29 102400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 10:18 PM 36880]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/9/2010 9:39 PM 64288]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 3:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 8:39 PM 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/10/2010 1:52 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355928]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 8:15 AM 15008]
.
Contents of the 'Scheduled Tasks' folder

2010-09-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 01:39]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 17:52]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 17:52]

2010-09-23 c:\windows\Tasks\User_Feed_Synchronization-{E14903A5-8CD0-4F6D-8286-8317D2832BD0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Norton Ghost 10 - c:\program files\Norton Ghost\Agent\GhostTray.exe
MSConfigStartUp-pccguide - c:\program files\Trend Micro\Internet Security 14\pccguide.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 17:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\¸*& 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(804)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE
c:\program files\internet explorer\iexplore.exe
c:\program files\Microsoft Office\OFFICE11\WINWORD.EXE
.
**************************************************************************
.
Completion time: 2010-09-23 17:21:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-23 21:21

Pre-Run: 16,861,376,512 bytes free
Post-Run: 16,923,238,400 bytes free

- - End Of File - - 5A333232CE4BD6216486001D77634B68
ken545
2010-09-24, 00:47
Hey Pepes Pizza guy

We know that one in New Haven gets crowded so most times we go to the one in Fairfield.

Looks like your MBR was not infected or else CF would have shown it as infected and it did not.

Lets do this to really clean up your system.



Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean







Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
crashingdell
2010-09-24, 02:01
Never been to the fairfield one. They opened one in Mohegan Sun by Bobby's Burger Palace in the old Casino. It's amazing how quickly they expanded when the opportunity presented itself.

Here's the MBAM Log. I ran TFC first.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4678

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/23/2010 7:59:48 PM
mbam-log-2010-09-23 (19-59-48).txt

Scan type: Quick scan
Objects scanned: 163761
Time elapsed: 9 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ken545
2010-09-24, 03:24
Looks good so far.

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
crashingdell
2010-09-25, 00:10
WOW.....6 hours to scan. That was intense. Here is the log.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=335e04691dfd954d91995ee6c658e9f8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-24 09:26:28
# local_time=2010-09-24 05:26:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1280 16777191 100 0 25482988 25482988 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=106894
# found=2
# cleaned=2
# scan_time=23035
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent23.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent53.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ken545
2010-09-25, 13:10
Good Morining.

Looks good, all ESET found where items that Spybot removed and had them quarantined.

How are things running now ?
crashingdell
2010-09-26, 20:48
IE seems to be running better, still having some lag issues. I feel like there is something compromised somewhere. I expected to find a rootkit. I'm at a loss.
ken545
2010-09-26, 20:53
Lets try running this utility.

Download TDSSKiller and save it to your Desktop.
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Extract the file and run it.
Once completed it will create a log in your C:\ drive
Please post the contents of that log
crashingdell
2010-09-26, 20:57
2010/09/26 14:55:29.0390 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/26 14:55:29.0390 ================================================================================
2010/09/26 14:55:29.0390 SystemInfo:
2010/09/26 14:55:29.0390
2010/09/26 14:55:29.0390 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/26 14:55:29.0390 Product type: Workstation
2010/09/26 14:55:29.0390 ComputerName: HIROKI
2010/09/26 14:55:29.0390 UserName: Gadfly
2010/09/26 14:55:29.0390 Windows directory: C:\WINDOWS
2010/09/26 14:55:29.0390 System windows directory: C:\WINDOWS
2010/09/26 14:55:29.0390 Processor architecture: Intel x86
2010/09/26 14:55:29.0390 Number of processors: 1
2010/09/26 14:55:29.0390 Page size: 0x1000
2010/09/26 14:55:29.0390 Boot type: Normal boot
2010/09/26 14:55:29.0390 ================================================================================
2010/09/26 14:55:30.0578 Initialize success
2010/09/26 14:55:41.0171 ================================================================================
2010/09/26 14:55:41.0171 Scan started
2010/09/26 14:55:41.0171 Mode: Manual;
2010/09/26 14:55:41.0171 ================================================================================
2010/09/26 14:55:48.0703 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/09/26 14:55:48.0937 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/26 14:55:49.0531 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/26 14:55:49.0890 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/09/26 14:55:50.0234 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/26 14:55:50.0406 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/09/26 14:55:50.0515 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/26 14:55:50.0562 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/26 14:55:50.0640 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/09/26 14:55:50.0859 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/09/26 14:55:50.0953 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/09/26 14:55:51.0000 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/09/26 14:55:51.0078 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/09/26 14:55:51.0140 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/09/26 14:55:51.0203 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/09/26 14:55:51.0265 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/09/26 14:55:51.0750 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/09/26 14:55:52.0343 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/26 14:55:52.0718 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/09/26 14:55:53.0265 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/09/26 14:55:53.0656 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/09/26 14:55:54.0359 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/26 14:55:54.0859 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/26 14:55:55.0312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/26 14:55:55.0703 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/26 14:55:56.0156 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/09/26 14:55:56.0890 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/26 14:55:57.0562 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/09/26 14:55:57.0921 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/09/26 14:55:58.0812 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/09/26 14:55:59.0609 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/09/26 14:55:59.0828 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/09/26 14:55:59.0875 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/26 14:55:59.0921 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/09/26 14:56:00.0015 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/26 14:56:00.0078 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/26 14:56:00.0187 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/26 14:56:00.0281 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/26 14:56:00.0359 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/09/26 14:56:00.0406 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/26 14:56:00.0500 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/09/26 14:56:00.0578 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/09/26 14:56:00.0625 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/09/26 14:56:00.0687 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/26 14:56:00.0812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/26 14:56:01.0015 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/26 14:56:01.0109 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/26 14:56:01.0218 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/26 14:56:01.0390 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/09/26 14:56:01.0500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/26 14:56:01.0609 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/09/26 14:56:01.0687 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/09/26 14:56:01.0781 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/09/26 14:56:01.0937 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/26 14:56:02.0062 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/26 14:56:02.0250 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/26 14:56:02.0343 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/26 14:56:02.0453 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/26 14:56:02.0562 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/26 14:56:02.0828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/26 14:56:02.0937 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/26 14:56:03.0015 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/26 14:56:03.0156 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/26 14:56:03.0312 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/26 14:56:03.0406 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/09/26 14:56:03.0484 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/09/26 14:56:03.0671 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/09/26 14:56:03.0781 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/26 14:56:03.0859 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/09/26 14:56:04.0000 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/09/26 14:56:04.0125 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/26 14:56:04.0687 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/09/26 14:56:05.0218 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/26 14:56:05.0328 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/09/26 14:56:05.0375 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/26 14:56:05.0906 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/26 14:56:06.0062 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/26 14:56:06.0125 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/26 14:56:06.0187 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/26 14:56:06.0265 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/26 14:56:06.0421 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/26 14:56:06.0500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/26 14:56:06.0562 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/26 14:56:06.0640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/26 14:56:06.0796 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/26 14:56:06.0906 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2010/09/26 14:56:06.0968 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2010/09/26 14:56:07.0062 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/09/26 14:56:07.0156 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/09/26 14:56:07.0234 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2010/09/26 14:56:07.0531 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/26 14:56:07.0625 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/26 14:56:07.0781 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/09/26 14:56:07.0875 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/09/26 14:56:07.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/26 14:56:08.0156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/26 14:56:08.0296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/26 14:56:08.0515 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/26 14:56:08.0578 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/26 14:56:08.0765 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/09/26 14:56:08.0859 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/26 14:56:09.0078 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/26 14:56:09.0203 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/26 14:56:09.0343 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/26 14:56:09.0656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/26 14:56:09.0875 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/26 14:56:10.0015 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/26 14:56:10.0156 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/26 14:56:10.0281 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/26 14:56:10.0406 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/26 14:56:10.0531 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/26 14:56:10.0640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/26 14:56:10.0796 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/26 14:56:10.0890 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/26 14:56:11.0015 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/26 14:56:11.0265 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2010/09/26 14:56:11.0484 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/26 14:56:11.0625 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/26 14:56:11.0765 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/26 14:56:11.0984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/26 14:56:12.0156 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/26 14:56:12.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/26 14:56:12.0421 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/26 14:56:12.0546 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/26 14:56:12.0750 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/09/26 14:56:12.0812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/26 14:56:12.0890 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/26 14:56:13.0093 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/26 14:56:13.0140 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/26 14:56:13.0234 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/26 14:56:13.0312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/26 14:56:13.0453 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/09/26 14:56:13.0578 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/09/26 14:56:13.0781 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/09/26 14:56:13.0828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/26 14:56:13.0953 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/26 14:56:14.0046 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/26 14:56:14.0156 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/26 14:56:14.0265 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/09/26 14:56:14.0328 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/09/26 14:56:14.0390 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/09/26 14:56:14.0468 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/09/26 14:56:14.0546 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/09/26 14:56:14.0625 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/26 14:56:14.0687 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/26 14:56:14.0765 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/26 14:56:14.0843 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/26 14:56:14.0921 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/26 14:56:15.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/26 14:56:15.0328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/26 14:56:15.0421 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/26 14:56:15.0515 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/26 14:56:15.0640 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/09/26 14:56:15.0734 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/09/26 14:56:15.0859 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/09/26 14:56:16.0000 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/26 14:56:16.0046 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/09/26 14:56:16.0140 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/26 14:56:16.0281 s24trans (daef68fc328342d219de928c8ee610b2) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/09/26 14:56:16.0437 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/09/26 14:56:16.0609 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/26 14:56:16.0718 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/26 14:56:16.0906 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/26 14:56:17.0078 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/09/26 14:56:17.0203 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/09/26 14:56:17.0296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/26 14:56:17.0421 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/09/26 14:56:17.0562 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/09/26 14:56:17.0609 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/09/26 14:56:17.0671 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/26 14:56:17.0734 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/26 14:56:17.0859 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/26 14:56:17.0890 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/09/26 14:56:18.0093 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/09/26 14:56:18.0250 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2010/09/26 14:56:18.0406 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/26 14:56:18.0515 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/26 14:56:18.0656 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/09/26 14:56:18.0796 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/09/26 14:56:18.0875 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/09/26 14:56:19.0000 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/09/26 14:56:19.0125 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/26 14:56:19.0187 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/26 14:56:19.0312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/26 14:56:19.0421 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/26 14:56:19.0453 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/26 14:56:19.0484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/26 14:56:19.0656 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/09/26 14:56:19.0750 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/09/26 14:56:19.0843 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/09/26 14:56:19.0906 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
2010/09/26 14:56:19.0968 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/09/26 14:56:20.0046 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/09/26 14:56:20.0109 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/09/26 14:56:20.0156 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/09/26 14:56:20.0250 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/09/26 14:56:20.0359 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/09/26 14:56:20.0453 TSP (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\drivers\klif.sys
2010/09/26 14:56:20.0562 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/26 14:56:20.0593 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/09/26 14:56:20.0703 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/26 14:56:20.0828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/26 14:56:20.0859 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/26 14:56:20.0953 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/26 14:56:21.0000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/26 14:56:21.0078 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/26 14:56:21.0140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/26 14:56:21.0187 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/26 14:56:21.0234 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/26 14:56:21.0281 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/09/26 14:56:21.0468 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/26 14:56:21.0515 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/26 14:56:21.0656 w39n51 (95c7421f8bafc85ba09d33364058937d) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/09/26 14:56:21.0796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/26 14:56:21.0859 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/26 14:56:21.0937 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/09/26 14:56:22.0156 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/09/26 14:56:22.0281 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/26 14:56:22.0375 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/26 14:56:22.0437 ================================================================================
2010/09/26 14:56:22.0437 Scan finished
2010/09/26 14:56:22.0437 ================================================================================
ken545
2010-09-26, 21:55
No rootkit on that log


Press Start > Run or Windows Key + R then copy and paste the following command into the run box that opens and press "Enter"
cmd /c mbr -t>"%userprofile%\Desktop\mbr.txt"

That will place a file called MBR.txt on your desktop. Please copy and paste the contents of that file into your next post.






Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in



netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav



Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
crashingdell
2010-09-27, 00:42
MBR.txt is here.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
crashingdell
2010-09-27, 00:43
Extra's .txt here:

OTL Extras logfile created on: 9/26/2010 5:47:31 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Gadfly\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46.61 Gb Total Space | 16.03 Gb Free Space | 34.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HIROKI
Current User Name: Gadfly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00180408-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 Runtime
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09C37001-A57E-4CDB-85A4-7895F3B85DD4}" = Palo Alto Software's Application Manager 8.1
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{205F8D68-A379-4AB6-9919-FA3D6B3EBD55}" = Business Plan Pro 2005
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3E9E68FB-49FA-410A-8787-424F2A506E0F}" = Business Plan Pro 15th Anniversary Edition
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{4FC350CC-38D0-47D3-BC09-CE1F09F0C96E}" = Encompass NetBranch Installation Manager
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{684FD900-B874-4A02-90E1-E65305D72B6B}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}" = Slideshow Generator Powertoy for Windows XP
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ED5761A3-C109-4E0E-8241-19DB67E66BED}" = CuteFTP 8 Lite
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell_HostCD" = Dell Software Uninstall
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.1.4.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"Photodex Presenter" = Photodex Presenter
"Picasa2" = Picasa 2
"ProInst" = Intel(R) PROSet/Wireless Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VideoLAN VLC media player 0.8.5
"WinAVI Video Converter 10.0_is1" = WinAVI Video Converter
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/23/2010 8:29:33 PM | Computer Name = HIROKI | Source = ESENT | ID = 623
Description = wuaueng.dll (1060) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 8Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x02590320 Session-context: 0x00000000 Session-context ThreadId: 0x000003FC

Error - 9/24/2010 9:34:05 AM | Computer Name = HIROKI | Source = ESENT | ID = 623
Description = wuaueng.dll (4076) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 8Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x025903C0 Session-context: 0x00000000 Session-context ThreadId: 0x00000854

Error - 9/25/2010 8:08:14 AM | Computer Name = HIROKI | Source = Google Update | ID = 20
Description =

Error - 9/25/2010 8:10:33 AM | Computer Name = HIROKI | Source = ESENT | ID = 623
Description = wuaueng.dll (1328) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 8Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x02590320 Session-context: 0x00000000 Session-context ThreadId: 0x0000051C

Error - 9/25/2010 8:13:38 AM | Computer Name = HIROKI | Source = ESENT | ID = 623
Description = wuaueng.dll (1328) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 8Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x02590320 Session-context: 0x00000000 Session-context ThreadId: 0x0000051C

Error - 9/25/2010 8:15:10 AM | Computer Name = HIROKI | Source = ESENT | ID = 623
Description = wuaueng.dll (1328) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 8Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x025903C0 Session-context: 0x00000000 Session-context ThreadId: 0x0000051C

Error - 9/26/2010 9:15:33 AM | Computer Name = HIROKI | Source = Google Update | ID = 20
Description =

Error - 9/26/2010 9:18:32 AM | Computer Name = HIROKI | Source = ESENT | ID = 623
Description = wuaueng.dll (3940) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 8Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x02590320 Session-context: 0x00000000 Session-context ThreadId: 0x0000090C

Error - 9/26/2010 11:43:44 AM | Computer Name = HIROKI | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/26/2010 2:24:05 PM | Computer Name = HIROKI | Source = ESENT | ID = 623
Description = wuaueng.dll (704) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 8Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x025903C0 Session-context: 0x00000000 Session-context ThreadId: 0x0000020C

[ System Events ]
Error - 9/23/2010 7:37:20 PM | Computer Name = HIROKI | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 9/23/2010 7:41:25 PM | Computer Name = HIROKI | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/23/2010 8:25:12 PM | Computer Name = HIROKI | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/24/2010 9:31:25 AM | Computer Name = HIROKI | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.102 for the Network Card with network
address 0018DE15027A has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/24/2010 9:48:56 AM | Computer Name = HIROKI | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
IMAC-A04A82 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{C8F7ECE3-3C12-47. The master browser is stopping or an election is
being forced.

Error - 9/24/2010 5:47:09 PM | Computer Name = HIROKI | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.7 for the Network Card with network
address 0018DE15027A has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/25/2010 8:04:31 AM | Computer Name = HIROKI | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/26/2010 9:14:49 AM | Computer Name = HIROKI | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.102 on
the Network Card with network address 0018DE15027A.

Error - 9/26/2010 12:22:36 PM | Computer Name = HIROKI | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/26/2010 4:54:18 PM | Computer Name = HIROKI | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.139 for the Network Card with network
address 0018DE15027A has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >
crashingdell
2010-09-27, 00:43
OTL.txt here:

OTL logfile created on: 9/26/2010 5:47:31 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Gadfly\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3048

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46.61 Gb Total Space | 16.03 Gb Free Space | 34.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HIROKI
Current User Name: Gadfly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Gadfly\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe (Palo Alto Software)
PRC - C:\WINDOWS\system32\TaskSwitch.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Gadfly\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\hccutils.dll (Intel Corporation)
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()


========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)


========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (RimUsb) -- C:\WINDOWS\System32\Drivers\RimUsb.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (TSP) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.atcomet.com/b/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:0.7.5.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.8.5

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/11/22 21:26:54 | 000,000,000 | ---D | M]

[2008/11/22 10:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Mozilla\Extensions
[2009/09/13 10:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Mozilla\Firefox\Profiles\l0m55gax.default\extensions
[2009/09/13 10:36:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gadfly\Application Data\Mozilla\Firefox\Profiles\l0m55gax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/22 10:58:53 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Gadfly\Application Data\Mozilla\Firefox\Profiles\l0m55gax.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/11/22 10:58:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Gadfly\Application Data\Mozilla\Firefox\Profiles\l0m55gax.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/13 10:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Mozilla\Firefox\Profiles\l0m55gax.default\extensions\staged-xpis
[2009/12/05 14:57:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/22 21:27:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2010/09/23 17:07:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe (Palo Alto Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157768554078 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Gadfly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gadfly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/26 14:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gadfly\Desktop\tdsskiller
[2010/09/23 19:47:22 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gadfly\Desktop\mbam-setup-1.46.exe
[2010/09/23 19:39:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/23 19:36:05 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gadfly\Desktop\TFC.exe
[2010/09/23 16:50:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/23 16:50:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/23 16:50:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/23 16:50:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/23 16:49:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/23 15:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gadfly\Desktop\Aero1.3.8
[2010/09/23 09:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gadfly\Desktop\gmer
[2010/09/20 11:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gadfly\Desktop\9-20-2010
[2010/09/20 11:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/20 11:25:51 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Gadfly\Desktop\erunt-setup.exe
[2010/09/20 11:18:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gadfly\Desktop\OTL.exe
[2010/09/09 21:39:10 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/09 21:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gadfly\Local Settings\Application Data\Sunbelt Software
[2010/09/09 19:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/09 19:10:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/09 19:10:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/09 19:10:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2007/04/04 11:58:29 | 000,348,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll

========== Files - Modified Within 30 Days ==========

[2010/09/26 17:31:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E14903A5-8CD0-4F6D-8286-8317D2832BD0}.job
[2010/09/26 17:08:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/26 15:58:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gadfly\Desktop\OTL.exe
[2010/09/26 14:54:58 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\tdsskiller.zip
[2010/09/26 12:23:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/26 12:21:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/26 12:21:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/26 12:21:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/26 12:21:24 | 1600,585,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/25 08:43:47 | 000,209,224 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\romowithagift.jpg
[2010/09/24 20:21:53 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\Gadfly\NTUSER.DAT
[2010/09/24 20:21:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Gadfly\ntuser.ini
[2010/09/23 21:39:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/23 19:47:22 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gadfly\Desktop\mbam-setup-1.46.exe
[2010/09/23 19:36:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gadfly\Desktop\TFC.exe
[2010/09/23 17:08:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/23 17:07:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/23 16:46:54 | 003,851,266 | R--- | M] () -- C:\Documents and Settings\Gadfly\Desktop\ComboFix.exe
[2010/09/23 15:10:46 | 001,020,700 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\Aero1.3.8.zip
[2010/09/23 09:11:07 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\gmer.zip
[2010/09/22 22:21:15 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\MBRCheck.exe
[2010/09/22 14:51:39 | 000,087,706 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\63066_118987928154694_100001304621717_104899_1212206_n.jpg
[2010/09/22 14:50:17 | 000,059,683 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\60545_117985001588320_100001304621717_100620_7526896_n.jpg
[2010/09/22 14:50:01 | 000,101,107 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\60902_117984951588325_100001304621717_100615_4439154_n.jpg
[2010/09/22 14:48:26 | 000,055,395 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\47532_117545428298944_100001304621717_98698_8249426_n.jpg
[2010/09/22 14:45:45 | 000,053,925 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\60982_117523418301145_100001304621717_98621_2281308_n.jpg
[2010/09/22 14:45:04 | 000,059,511 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\60051_117327594987394_100001304621717_97641_7995432_n.jpg
[2010/09/22 14:44:23 | 000,058,314 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\41069_117327541654066_100001304621717_97637_748196_n.jpg
[2010/09/22 14:39:56 | 000,024,862 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\41069_117327538320733_100001304621717_97636_8004423_n.jpg
[2010/09/22 14:39:53 | 000,039,534 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\59121_117327521654068_100001304621717_97634_2053346_n.jpg
[2010/09/21 15:47:00 | 000,082,239 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\Tony.png
[2010/09/21 10:23:39 | 000,103,556 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\Out to Play Business Plan.docx
[2010/09/20 11:26:35 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\ERUNT.lnk
[2010/09/20 11:26:05 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Gadfly\Desktop\erunt-setup.exe
[2010/09/20 11:11:07 | 000,004,237 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\Attach.zip
[2010/09/20 11:08:42 | 000,004,056 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\Attach.rar
[2010/09/20 10:59:23 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\dds.com
[2010/09/16 14:26:36 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Gadfly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/16 14:26:28 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/16 14:26:28 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/16 14:26:27 | 000,525,644 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/16 12:26:25 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/16 12:25:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/14 11:22:48 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\faq.php
[2010/09/10 14:42:35 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\Names.doc
[2010/09/09 21:39:10 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/09 20:02:02 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/08 16:06:00 | 000,104,965 | ---- | M] () -- C:\Documents and Settings\Gadfly\Desktop\C Street Business Plan.docx
[2010/09/01 12:19:09 | 000,037,640 | ---- | M] () -- C:\Documents and Settings\Gadfly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2010/09/26 15:57:28 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\Gadfly\mbr.log
[2010/09/26 14:54:53 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\tdsskiller.zip
[2010/09/25 08:44:05 | 000,209,224 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\romowithagift.jpg
[2010/09/23 16:50:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/23 16:50:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/23 16:50:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/23 16:50:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/23 16:50:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/23 16:46:54 | 003,851,266 | R--- | C] () -- C:\Documents and Settings\Gadfly\Desktop\ComboFix.exe
[2010/09/23 15:10:43 | 001,020,700 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\Aero1.3.8.zip
[2010/09/23 09:11:03 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\gmer.zip
[2010/09/22 22:21:15 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\MBRCheck.exe
[2010/09/22 14:52:20 | 000,087,706 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\63066_118987928154694_100001304621717_104899_1212206_n.jpg
[2010/09/22 14:51:05 | 000,059,683 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\60545_117985001588320_100001304621717_100620_7526896_n.jpg
[2010/09/22 14:50:53 | 000,101,107 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\60902_117984951588325_100001304621717_100615_4439154_n.jpg
[2010/09/22 14:48:45 | 000,055,395 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\47532_117545428298944_100001304621717_98698_8249426_n.jpg
[2010/09/22 14:46:25 | 000,053,925 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\60982_117523418301145_100001304621717_98621_2281308_n.jpg
[2010/09/22 14:45:29 | 000,059,511 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\60051_117327594987394_100001304621717_97641_7995432_n.jpg
[2010/09/22 14:45:01 | 000,058,314 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\41069_117327541654066_100001304621717_97637_748196_n.jpg
[2010/09/22 14:44:45 | 000,024,862 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\41069_117327538320733_100001304621717_97636_8004423_n.jpg
[2010/09/22 14:44:19 | 000,039,534 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\59121_117327521654068_100001304621717_97634_2053346_n.jpg
[2010/09/21 15:47:00 | 000,082,239 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\Tony.png
[2010/09/21 10:23:34 | 000,103,556 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\Out to Play Business Plan.docx
[2010/09/20 11:26:35 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\ERUNT.lnk
[2010/09/20 11:11:07 | 000,004,237 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\Attach.zip
[2010/09/20 11:08:42 | 000,004,056 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\Attach.rar
[2010/09/20 10:59:22 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\dds.com
[2010/09/14 11:22:48 | 000,001,558 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\faq.php
[2010/09/08 16:05:57 | 000,104,965 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\C Street Business Plan.docx
[2010/09/07 15:18:51 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Gadfly\Desktop\Names.doc
[2010/02/19 18:18:44 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/19 18:18:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/19 18:18:41 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/19 18:18:41 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/19 18:18:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/02/19 18:18:38 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/02/19 18:18:37 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/11/14 17:36:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/11/14 17:31:55 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/11/14 17:31:38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPR220.ini
[2007/07/29 20:29:26 | 000,005,980 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/25 13:46:21 | 000,000,507 | ---- | C] () -- C:\WINDOWS\DKAAY2DD.ini
[2007/05/17 18:52:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/04/04 11:58:27 | 000,001,345 | ---- | C] () -- C:\WINDOWS\DKAAT2DD.ini
[2007/02/27 20:34:46 | 000,036,636 | ---- | C] () -- C:\Documents and Settings\Gadfly\Application Data\Comma Separated Values (Windows).ADR
[2007/02/15 21:20:14 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\Gadfly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/23 16:15:22 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/22 23:57:46 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/08 22:55:32 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2006/09/08 20:07:32 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Gadfly\Local Settings\Application Data\fusioncache.dat
[2006/09/08 20:00:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/08 19:47:36 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/08 19:44:38 | 000,000,522 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/08 19:41:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/08 19:39:15 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/09/08 19:29:19 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/07 21:22:36 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/07 21:22:10 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/24 10:33:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ExpLoansFromGenesis.dll
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/12 09:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/01 20:11:00 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2005/04/01 20:11:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2003/11/12 09:16:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GNetParserX.dll
[2003/05/27 14:49:00 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\AQalphaGL.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/19 18:30:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2002/03/19 17:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2000/02/17 13:57:02 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Gn32.dll
[1999/10/13 14:59:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Gns2kzip.dll
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/08/10 19:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2010/06/07 14:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010/03/28 18:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Palo Alto Software
[2009/12/02 08:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/07/15 10:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2007/01/21 18:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/08/04 12:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/12/05 13:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/03 11:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/17 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/03/01 20:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Alchemy Mindworks
[2010/06/07 14:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\bppenu11
[2008/09/14 15:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
[2009/03/12 19:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\CometNetwork
[2007/05/07 15:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Encompass
[2010/09/23 16:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\FileZilla
[2008/10/18 14:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\GlobalSCAPE
[2006/12/16 18:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\ICAClient
[2008/04/13 15:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\KompoZer
[2006/10/05 18:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Leadertech
[2007/04/28 18:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\LinkedIn
[2010/07/15 10:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Netscape
[2010/03/28 19:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Palo Alto Software
[2007/06/02 09:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\SecondLife
[2007/03/30 18:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Snapfish
[2008/03/19 20:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\TomTom
[2007/01/21 18:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Ulead Systems
[2007/03/19 10:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\Viewpoint
[2010/02/19 19:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gadfly\Application Data\WinAVI
[2010/09/23 21:39:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/09/26 17:31:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E14903A5-8CD0-4F6D-8286-8317D2832BD0}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/10 13:06:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/10 13:06:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/10 13:06:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/10 13:06:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2008/04/13 20:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Gadfly\Desktop\Attach.txt:SummaryInformation
< End of report >
ken545
2010-09-27, 01:31
Your Master Boot Record is fine.

Are you having problems with Windows Updates ?
crashingdell
2010-09-27, 01:35
Windows seems to update fine. IE crashes often however, and very often gets bogged down to a hault. It locks up at least once a day.

It has improved 10 fold since we started this process though.
ken545
2010-09-27, 01:46
Open IE and go to Tools > Internet Options > Advanced Tab > Reset Internet Explorer Settings > Reset......will take a few seconds ...then ok your way out, close IE and then launch it again and see if it helped.

Let me know

The rest of your log looks fine, just looked like there could have been a problem with windows updates
crashingdell
2010-09-27, 16:21
Just did the reset. Give me a little time to test it out. We will see what happens. I'll let you know. Thanks for the Help thus far Ken. I'll try and respond by end of day.
ken545
2010-10-04, 09:59
Hows it going ? Let me know if you still need help , if not I can close this thread
crashingdell
2010-10-05, 04:39
Thank you much for your help. I think the problem is solved for the most part. At least at much as I think is possible. It's working a lot better. Still some problems, but I don't know what else could be done, or even which problems can be attributed to age, resources, etc.
ken545
2010-10-05, 09:43
What problems are you still having, let me know and if it appears windows related I can link you to a couple of good windows forums that can help you.

A computer will slow down a bit with age , as you start adding new programs and hardware. But this forum is for the removal of malware so we really cant get into any windows problems, so let me know what they are I can can pick the forum for you that may best meet your needs.

Ken
crashingdell
2010-10-05, 18:33
IE still often freezes, even after following your advice. Definately a possibility that maybe windows itself is running slow. Could also be age, but this all seemed fairly sudden.

I can say however that I'm running much better now after your help than before.
ken545
2010-10-05, 19:29
Why don't you go to this site and run the Overdrive Scan, it will access your system , may be able to see if something is amiss. After you run the scan, post in the forum with a link to the scan so a tech can look at it for you and offer advice. The site is free but you will need to register.

http://www.pcpitstop.com/

Good Luck,

Ken :)
ken545
2010-10-07, 19:17
Hi,

Hope you resolved your issue

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix <---Is not a general cleaning tool, just run it with supervision or you can damage your system


Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png


When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.





Now to remove most of the tools that we have used in fixing your machine:
Make sure you have an Internet Connection.
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) to your desktop and run it
A list of tool components used in the cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to begin the cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.






How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

WinPatrol (www.winpatrol.com/download.html) Keep this fine program activated to block a lot of threats

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.



Safe Surfn
Ken