PDA

View Full Version : Click.Giftload, Virtumonde and Antivirus Antispyware OH MY...



Mommazon
2011-03-25, 20:54
Hello wonderful SpyBot support team!

I have read through the Before you Post bit and have done all that has been suggested with the ERUNT, DDS and attach.txt. My only reservation is how to get that info to this forum. I am on another computer in our network and I used a jump drive to download files and transfer them to the infected computer. (I had to disconnect the other from the home network to keep it's cooties to itself.) I fired it up in safe mode (I will get to how I finally achieved even that in a moment) I opened ERUNT and ran it, saved and exited, then ran DDS, saved and exited. as well I have the Spybot results copied and pasted.

My gut tells me that the wee txt files saved onto the jump drive would be fine to plug in and transfer what is necessary to the forum for sufficient assistance. However, I don't 100% know how devious these beasties are in getting onto my jumper and spreading their disease. I will wait for further instruction on how to proceed.

real quick I am running Windows XP svc pack3

Here's the low down of what started this "storm" of troubles and what I have done to remedy the situation. (thankfully I have read in the past that ComboFix is not for the unsavvy....so I have avoided that thus far until I have advisement to do so)

1- IE pop ups began randomly appearing...I recognized this and did not open anything. I went into Task Manager and ended any IE processes so that I could stop and run SpyBot, Malwarebytes and the MSE (Microsoft Security Essentials) that were already on the computer. (I have had better success with AVG, but it won't load with MSE on board)

2-Ran Spybot and it found several minor infections including click.giftload I fixed and removed them all.

3- Tried to restart computer...explorer.exe would not shut itself down, nor would it shut down the computer. did a hard shut down (held power down for 10 seconds until shut down)

4- restarted computer and no explorer.exe at all...would fire up and go to the use profile...but no icons, no start menu...nada. hard shut down again (yes I cringe each time I have to do it...I know it's not good...but...)

5- The next morning I came out to try round 2, everything started up just fine....even explorer....I ran spybot again and it only found click.giftload....YAY Progress!

6...to make a long story short, I have run Spybot, then malwarebytes (after a few fights with Antivirus Antispyware 2011 now popping up) and it removed another fistfull of infections. Couldn't get AA2011 though...I ran Rkill, THEN malwarebytes and knocked it out...ran Spybot again and now it is finding the click.giftload, Virtumonde.prx and Microsoft.WindowsSecurityCenter_disabled...I fix them and it says they are all removed, but then they restart the computer, they are back again.

So...here I am...

I appreciate any assistance you can give.

S

edit...I have also run MSE, but it repeatedly says no infections found...
when I had no explorer I clicked Control/alt/delete to get task manager to open and clicked File -> New task "explorer.exe" then run....it took a few tries to get that to work, but it did and once I was able to successfully shut down the computer...I was able to reopen in Safe Mode as Administrator.

ken545
2011-03-27, 01:09
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Download DDS from one of the links below to your desktop

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)


Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)


Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)

Mommazon
2011-03-27, 05:06
Thanks Ken...

I read through everything...I'm just going to use the jump drive and hope for the best.

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Administrator at 10:22:45.15 on Fri 03/25/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1750 [GMT -7:00]
.
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Personal Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
F:\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Whakowem] rundll32.exe "c:\windows\ikuwomaqudenenor.dll",Startup
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
mRunOnce: [SpybotDeletingA345] command.com /c del "c:\windows\ikuwomaqudenenor.dll_old"
mRunOnce: [SpybotDeletingC9660] cmd.exe /c del "c:\windows\ikuwomaqudenenor.dll_old"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: itlnfw32 - itlnfw32.dll
Notify: itlntfy - itlnfw32.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\63wlbkrm.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: XULRunner: {62FE7DAD-3BEE-4B24-B1B9-C08095A31C20} - c:\documents and settings\mommazon\local settings\application data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
S1 MpKsl966d8728;MpKsl966d8728;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{223cf3a5-5ab7-492c-9d16-d5d9bc56e41b}\mpksl966d8728.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{223cf3a5-5ab7-492c-9d16-d5d9bc56e41b}\MpKsl966d8728.sys [?]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2005-8-16 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2005-8-16 14336]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-03-25 04:49:42 0 ----a-w- c:\windows\Bhogubetogumamum.bin
2011-03-25 00:44:46 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-03-25 00:00:24 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla
2011-03-25 00:00:04 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2011-03-24 20:23:38 34816 ----a-w- c:\windows\system32\itlnfw32.dll
2011-03-24 20:23:38 216064 ----a-w- c:\windows\system32\itlpfw32.dll
2011-03-24 04:42:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-24 04:42:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-24 04:42:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-24 04:42:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-23 04:42:31 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7efc8332-93e6-4a1a-8c02-bc970a3b9fcd}\MpKslcf42d9c4.sys
2011-03-23 04:40:22 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7efc8332-93e6-4a1a-8c02-bc970a3b9fcd}\MpKsl085c156a.sys
2011-03-23 04:30:12 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7efc8332-93e6-4a1a-8c02-bc970a3b9fcd}\MpKsl46dd7b34.sys
2011-03-23 04:21:02 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7efc8332-93e6-4a1a-8c02-bc970a3b9fcd}\MpKslba6b11df.sys
2011-03-23 03:41:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-03-22 15:11:26 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7efc8332-93e6-4a1a-8c02-bc970a3b9fcd}\mpengine.dll
2011-03-22 01:35:30 -------- d-----w- c:\windows\system32\appmgmt
2011-03-21 23:08:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-21 23:08:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-21 23:08:41 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-03-16 03:46:57 -------- d-----w- c:\program files\MSECache
2011-03-10 00:15:57 -------- d-----w- c:\program files\common files\DAZ
2011-03-08 04:38:59 -------- d-----w- c:\program files\Smith Micro
2011-03-07 23:32:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Poser
2011-02-26 07:59:26 86528 ----a-w- c:\windows\system32\E_FLBEGA.DLL
2011-02-26 07:59:26 78848 ----a-w- c:\windows\system32\E_FD4BEGA.DLL
2011-02-26 07:59:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\EPSON
2011-02-26 07:49:14 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-02-26 07:49:14 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2011-02-26 07:44:46 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-02-26 07:44:46 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
.
==================== Find3M ====================
.
2011-03-21 23:58:48 848 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2011-03-19 20:40:35 4184 ----a-w- c:\windows\system32\KGyGaAvL.sys
2011-02-19 06:23:43 88 ------w- c:\windows\system32\9E0BD4F60D.sys
2011-02-05 01:48:32 456192 ------w- c:\windows\system32\encdec.dll
2011-02-05 01:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58:35 2067456 ------w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ------w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ------w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ------w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ------w- c:\windows\system32\win32k.sys
2010-12-29 17:39:04 1700352 ------w- c:\windows\system32\gdiplus.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS728080PLA380 rev.PF2OA63A -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A5B2439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a5b87d0]; MOV EAX, [0x8a5b884c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A5ECAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A5EAAB0]
\Driver\atapi[0x8A614EB8] -> IRP_MJ_CREATE -> 0x8A5B2439
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskHDS728080PLA380_________________________PF2OA63A#5&2510770d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A5B227F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 10:24:34.40 ===============

ken545
2011-03-27, 14:43
Good Morning,

Your infected with the TDSS Rootkit

Please download Flash_Disinfector.exe (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) by sUBs and save it to your desktop:


Double-click Flash_Disinfector.exe to run it.
Follow any prompts that may appear.
Wait until the program has finished scanning, then please exit the program.
The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.


Please restart your computer.




Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

Mommazon
2011-03-27, 20:57
2011/03/27 10:54:08.0046 0112 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/27 10:54:08.0265 0112 ================================================================================
2011/03/27 10:54:08.0265 0112 SystemInfo:
2011/03/27 10:54:08.0265 0112
2011/03/27 10:54:08.0265 0112 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/27 10:54:08.0265 0112 Product type: Workstation
2011/03/27 10:54:08.0265 0112 ComputerName: D7M16T91
2011/03/27 10:54:08.0265 0112 UserName: Mommazon
2011/03/27 10:54:08.0265 0112 Windows directory: C:\WINDOWS
2011/03/27 10:54:08.0265 0112 System windows directory: C:\WINDOWS
2011/03/27 10:54:08.0265 0112 Processor architecture: Intel x86
2011/03/27 10:54:08.0265 0112 Number of processors: 2
2011/03/27 10:54:08.0265 0112 Page size: 0x1000
2011/03/27 10:54:08.0265 0112 Boot type: Normal boot
2011/03/27 10:54:08.0265 0112 ================================================================================
2011/03/27 10:54:08.0859 0112 Initialize success
2011/03/27 10:54:25.0593 2296 ================================================================================
2011/03/27 10:54:25.0593 2296 Scan started
2011/03/27 10:54:25.0593 2296 Mode: Manual;
2011/03/27 10:54:25.0593 2296 ================================================================================
2011/03/27 10:54:26.0125 2296 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/27 10:54:26.0171 2296 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/27 10:54:26.0187 2296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/27 10:54:26.0234 2296 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/27 10:54:26.0265 2296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/27 10:54:26.0359 2296 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/27 10:54:26.0406 2296 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/27 10:54:26.0437 2296 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/27 10:54:26.0500 2296 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/27 10:54:26.0515 2296 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/27 10:54:26.0531 2296 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/27 10:54:26.0562 2296 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/27 10:54:26.0609 2296 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/27 10:54:26.0625 2296 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/27 10:54:26.0640 2296 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/27 10:54:26.0687 2296 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/27 10:54:26.0765 2296 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/27 10:54:26.0781 2296 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/27 10:54:26.0796 2296 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/27 10:54:26.0828 2296 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/03/27 10:54:26.0875 2296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/27 10:54:26.0906 2296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/27 10:54:26.0937 2296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/27 10:54:27.0000 2296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/27 10:54:27.0046 2296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/27 10:54:27.0078 2296 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/27 10:54:27.0093 2296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/27 10:54:27.0109 2296 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/27 10:54:27.0125 2296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/27 10:54:27.0156 2296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/27 10:54:27.0171 2296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/27 10:54:27.0265 2296 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/27 10:54:27.0296 2296 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/27 10:54:27.0343 2296 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/27 10:54:27.0359 2296 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/27 10:54:27.0375 2296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/27 10:54:27.0406 2296 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/03/27 10:54:27.0421 2296 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/03/27 10:54:27.0453 2296 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/03/27 10:54:27.0484 2296 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/03/27 10:54:27.0500 2296 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/03/27 10:54:27.0515 2296 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/03/27 10:54:27.0531 2296 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/03/27 10:54:27.0546 2296 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/03/27 10:54:27.0562 2296 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/03/27 10:54:27.0609 2296 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/27 10:54:27.0625 2296 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/27 10:54:27.0640 2296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/27 10:54:27.0671 2296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/27 10:54:27.0703 2296 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/27 10:54:27.0718 2296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/27 10:54:27.0750 2296 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/03/27 10:54:27.0796 2296 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/03/27 10:54:27.0828 2296 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/27 10:54:27.0875 2296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/27 10:54:27.0906 2296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/27 10:54:27.0921 2296 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/27 10:54:27.0937 2296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/27 10:54:27.0953 2296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/27 10:54:27.0968 2296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/27 10:54:27.0984 2296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/27 10:54:28.0093 2296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/03/27 10:54:28.0125 2296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/27 10:54:28.0171 2296 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/27 10:54:28.0203 2296 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/27 10:54:28.0234 2296 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/27 10:54:28.0312 2296 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/27 10:54:28.0328 2296 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/27 10:54:28.0343 2296 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/27 10:54:28.0375 2296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/27 10:54:28.0406 2296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/27 10:54:28.0437 2296 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/27 10:54:28.0468 2296 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/27 10:54:28.0500 2296 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/27 10:54:28.0546 2296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/27 10:54:28.0578 2296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/27 10:54:28.0625 2296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/27 10:54:28.0671 2296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/27 10:54:28.0703 2296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/27 10:54:28.0750 2296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/27 10:54:28.0796 2296 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/27 10:54:28.0812 2296 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/27 10:54:28.0843 2296 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/27 10:54:28.0875 2296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/27 10:54:28.0906 2296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/27 10:54:28.0968 2296 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/03/27 10:54:29.0000 2296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/27 10:54:29.0078 2296 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/27 10:54:29.0093 2296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/27 10:54:29.0140 2296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/27 10:54:29.0187 2296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/27 10:54:29.0218 2296 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/03/27 10:54:29.0359 2296 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/27 10:54:29.0375 2296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/27 10:54:29.0421 2296 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/27 10:54:29.0468 2296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/27 10:54:29.0484 2296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/27 10:54:29.0515 2296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/27 10:54:29.0546 2296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/27 10:54:29.0578 2296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/27 10:54:29.0593 2296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/27 10:54:29.0609 2296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/27 10:54:29.0625 2296 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/27 10:54:29.0656 2296 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/27 10:54:29.0718 2296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/27 10:54:29.0734 2296 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/27 10:54:29.0765 2296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/27 10:54:29.0796 2296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/27 10:54:29.0828 2296 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/27 10:54:29.0843 2296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/27 10:54:29.0875 2296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/27 10:54:29.0906 2296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/27 10:54:30.0015 2296 nv (94c9962a2d51115be99dbed20801edae) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/27 10:54:30.0140 2296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/27 10:54:30.0140 2296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/27 10:54:30.0187 2296 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/27 10:54:30.0203 2296 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/27 10:54:30.0218 2296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/27 10:54:30.0250 2296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/27 10:54:30.0265 2296 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/27 10:54:30.0281 2296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/27 10:54:30.0312 2296 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/27 10:54:30.0390 2296 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/27 10:54:30.0437 2296 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/27 10:54:30.0484 2296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/27 10:54:30.0531 2296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/27 10:54:30.0546 2296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/27 10:54:30.0562 2296 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/27 10:54:30.0578 2296 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/27 10:54:30.0593 2296 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/27 10:54:30.0609 2296 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/27 10:54:30.0625 2296 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/27 10:54:30.0640 2296 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/27 10:54:30.0671 2296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/27 10:54:30.0687 2296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/27 10:54:30.0703 2296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/27 10:54:30.0718 2296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/27 10:54:30.0750 2296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/27 10:54:30.0765 2296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/27 10:54:30.0781 2296 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/27 10:54:30.0812 2296 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/27 10:54:30.0906 2296 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/27 10:54:30.0953 2296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/27 10:54:30.0984 2296 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/27 10:54:31.0000 2296 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/27 10:54:31.0015 2296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/27 10:54:31.0093 2296 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/27 10:54:31.0171 2296 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/27 10:54:31.0203 2296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/27 10:54:31.0218 2296 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/27 10:54:31.0265 2296 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/27 10:54:31.0328 2296 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2011/03/27 10:54:31.0421 2296 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/27 10:54:31.0453 2296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/27 10:54:31.0484 2296 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/27 10:54:31.0500 2296 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/27 10:54:31.0515 2296 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/27 10:54:31.0531 2296 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/27 10:54:31.0562 2296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/27 10:54:31.0609 2296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/27 10:54:31.0671 2296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/27 10:54:31.0703 2296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/27 10:54:31.0734 2296 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/27 10:54:31.0781 2296 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/27 10:54:31.0812 2296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/27 10:54:31.0828 2296 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/27 10:54:31.0890 2296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/27 10:54:31.0953 2296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/27 10:54:32.0000 2296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/27 10:54:32.0062 2296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/27 10:54:32.0109 2296 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/27 10:54:32.0187 2296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/27 10:54:32.0218 2296 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/27 10:54:32.0234 2296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/27 10:54:32.0296 2296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/27 10:54:32.0343 2296 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/27 10:54:32.0375 2296 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/27 10:54:32.0406 2296 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/27 10:54:32.0453 2296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/27 10:54:32.0515 2296 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/03/27 10:54:32.0562 2296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/27 10:54:32.0640 2296 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/27 10:54:33.0609 2296 ================================================================================
2011/03/27 10:54:33.0609 2296 Scan finished
2011/03/27 10:54:33.0609 2296 ================================================================================
2011/03/27 10:54:33.0625 2288 Detected object count: 1
2011/03/27 10:54:43.0937 2288 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/27 10:54:43.0937 2288 \HardDisk0 - ok
2011/03/27 10:54:43.0937 2288 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/27 10:54:49.0234 0228 Deinitialize success

ken545
2011-03-27, 22:01
:bigthumb:

Make sure you reboot and then run this program


Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Mommazon
2011-03-27, 22:29
Having a bit of trouble disabling MSE...I try to open the program and it will not even open...so I thought perhaps it was disabled, however, CF detects that it is there along with McAfee Scan (I don't even have that listed anywhere to be able to shut it down...never knew it was even ON this computer)

ken545
2011-03-27, 22:50
Lets run Combofix in Safemode

Safemode with Network Support

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)

Mommazon
2011-03-27, 22:55
Ok...I'm in Safe Mode...

Do I need to attempt to disable anything at this point?

ken545
2011-03-27, 23:16
No, in safemode your AV and most programs will not load

Mommazon
2011-03-28, 01:06
UGH!! In safe mode...

It still says
---------------------------
Warning !!
---------------------------
ComboFix has detected the following real time scanner(s) to be active:



antivirus: McAfee VirusScan

antivirus: Microsoft Security Essentials



Antivirus and intrusion prevention programs are known to interfere

with ComboFix's running. This may lead to unpredictable results or

possible machine damage.



Please disable these scanners before clicking 'OK'.
---------------------------
OK
---------------------------

Mommazon
2011-03-28, 01:11
ok...update...

in Safe mode I finally got MSE to open and I have the real time protection turned off...however I cannot find ANYthing that I can shut down McAfee. Should I go into add & remove programs to try and find it that way?

ken545
2011-03-28, 01:20
Read this link
http://www.bleepingcomputer.com/forums/topic114351.html

Then proceed with CF

Mommazon
2011-03-28, 01:32
I have actually read it a few times...I have done searches for McAfee ANYTHING and it comes up with nothing.

I am still unable to locate anything that indicates any sort of McAfee installed on my computer. There is no 'M' in my system tray, no McAfee in my Program Files and nothing on the Installed Programs. It is very frustrating.

ken545
2011-03-28, 01:39
Just go ahead and run CF in Safemode

Mommazon
2011-03-28, 02:13
ok...I found...not sure how...McAfee Spamkiller, but on the Bleepingcomputer link there is nothing that I have found in those forums on how to disable it thus far...

ken545
2011-03-28, 02:45
Just go ahead and run CF in Safemode

Mommazon
2011-03-28, 06:09
ok...here we go...

ComboFix 11-03-27.01 - Administrator 03/27/2011 19:52:36.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1571 [GMT -7:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Personal Firewall Plus *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}
c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}\chrome.manifest
c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}\chrome\content\_cfg.js
c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}\chrome\content\overlay.xul
c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}\install.rdf
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoActivate.ico
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoHelp.ico
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoUninstall.ico
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\securityhelper.exe
c:\windows\system32\itlnfw32.dll
c:\windows\system32\itlpfw32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_ITLPERF
-------\Service_6to4
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-28 02:59 . 2011-03-28 02:59 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKsl7d2e889a.sys
2011-03-27 23:18 . 2011-03-27 23:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2011-03-27 22:52 . 2011-03-27 22:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2011-03-27 22:52 . 2011-03-27 22:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-03-25 17:21 . 2011-03-25 17:21 -------- d-----w- c:\program files\ERUNT
2011-03-25 04:49 . 2011-03-25 04:49 0 ----a-w- c:\windows\Bhogubetogumamum.bin
2011-03-25 00:44 . 2011-03-25 00:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-03-25 00:00 . 2011-03-25 00:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-03-25 00:00 . 2011-03-25 00:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-03-24 04:42 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-24 04:42 . 2011-03-24 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-24 04:42 . 2011-03-25 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-24 04:42 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 18:54 . 2011-03-23 18:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-03-23 18:54 . 2011-03-23 18:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-23 04:42 . 2011-03-23 04:42 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKslcf42d9c4.sys
2011-03-23 04:40 . 2011-03-23 04:40 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKsl085c156a.sys
2011-03-23 04:30 . 2011-03-23 04:30 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKsl46dd7b34.sys
2011-03-23 04:21 . 2011-03-23 04:21 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKslba6b11df.sys
2011-03-23 03:41 . 2011-03-23 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-22 15:11 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\mpengine.dll
2011-03-21 23:10 . 2011-03-21 23:10 -------- d-----w- c:\windows\Sun
2011-03-21 23:08 . 2011-02-03 04:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-21 23:08 . 2011-02-03 04:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-21 23:08 . 2011-02-03 02:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-16 03:46 . 2011-03-16 03:46 -------- d-----w- c:\program files\MSECache
2011-03-10 00:15 . 2011-03-22 02:42 -------- d-----w- c:\program files\Common Files\DAZ
2011-03-08 04:38 . 2011-03-08 04:38 -------- d-----w- c:\program files\Smith Micro
2011-03-08 01:39 . 2011-03-23 03:11 -------- d-----w- c:\documents and settings\Mommazon
2011-03-07 23:32 . 2011-03-07 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Poser
2011-03-07 23:28 . 2011-03-07 23:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Poser
2011-02-26 07:59 . 2007-12-07 10:08 86528 ----a-w- c:\windows\system32\E_FLBEGA.DLL
2011-02-26 07:59 . 2007-12-07 10:01 78848 ----a-w- c:\windows\system32\E_FD4BEGA.DLL
2011-02-26 07:59 . 2011-02-26 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2011-02-26 07:49 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-02-26 07:49 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2011-02-26 07:44 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-02-26 07:44 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 23:58 . 2011-02-20 00:38 848 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-02-11 06:54 . 2010-05-15 00:13 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-05 01:48 . 2005-08-16 09:18 456192 ------w- c:\windows\system32\encdec.dll
2011-02-05 01:48 . 2005-08-16 09:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2005-08-16 09:37 2067456 ------w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-08-16 09:37 677888 ------w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-08-16 09:18 439296 ------w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2005-08-16 09:18 290048 ------w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2005-08-16 09:18 1854976 ------w- c:\windows\system32\win32k.sys
2010-12-29 17:39 . 2010-12-29 17:39 1700352 ------w- c:\windows\system32\gdiplus.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-09 16712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ------w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-04-15 13:06 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 00:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 00:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-13 00:05 1117184 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-04-15 12:58 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 22:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Smith Micro\\Poser 8\\Poser.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 MpKsl7d2e889a;MpKsl7d2e889a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKsl7d2e889a.sys [3/27/2011 7:59 PM 28752]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/16/2005 2:18 AM 14336]
S1 MpKsl966d8728;MpKsl966d8728;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{223CF3A5-5AB7-492C-9D16-D5D9BC56E41B}\MpKsl966d8728.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{223CF3A5-5AB7-492C-9D16-D5D9BC56E41B}\MpKsl966d8728.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2011 11:05 AM 136176]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL7D2E889A
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
itlsvc REG_MULTI_SZ itlperf
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf7a2f20-3946-11e0-a099-001372b3e4c1}]
\Shell\AutoRun\command - "F:\WD SmartWare.exe" autoplay=true
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 18:05]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 18:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Mommazon\Application Data\Mozilla\Firefox\Profiles\nt6ta4nn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|https://mail.google.com/mail/?shva=1#inbox
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
Notify-itlntfy - itlnfw32.dll
MSConfigStartUp-BuildBU - c:\dell\bldbubg.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 19:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\TMP0000000356CAE2F891185EE8 524288 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2412)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-03-27 20:06:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-28 03:06
.
Pre-Run: 7,253,471,232 bytes free
Post-Run: 6,907,314,176 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - FAFC165F45F40479C4B79ED89DB28E76

ken545
2011-03-28, 11:10
Good Job,

One file I am concerned about



You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

c:\windows\Bhogubetogumamum.bin <--

If the site is busy you can try this one
http://virusscan.jotti.org/en





You have Microsoft Security Essentials installed , we need to remove McAfee as having two AVs can seriously hamper system performance.

First see if you can uninstall it via Add Remove Programs in the Control Panel and then run there removal tool from either one of these sites

http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
http://service.mcafee.com/FAQDocument.aspx?id=TS100507

Mommazon
2011-03-28, 19:44
hmm...

I went to the VirusTotal site and submitted it twice and nothing happened either time...so I went to the Jotti site and it said the file was empty.

c:\windows\Bhogubetogumamum.bin

I'm trying to figure out the McAfee thing...there is nothing in the Installed programs list for me to uninstall the beast. I'm going to do the majorgeeks MCPR uninstall thing I guess and see if that can wipe out whatever it is. I did find the folder under program files called McAfee Spamkiller, but there isn't an option to uninstall (or even install for that matter).

Mommazon
2011-03-28, 19:54
well according to Majorgeeks mcpr removal tool...cleanup successful! YAY!!

ken545
2011-03-28, 20:09
Great, reboot and run OTL again and lets look at a new log

Mommazon
2011-03-28, 20:18
uhhm....what is OTL?

Mommazon
2011-03-28, 20:23
went to reboot and it wants to install updates...should I let it? or restart without updates?

ken545
2011-03-28, 20:25
My bad, I thought we had run it before :red:

c:\windows\Bhogubetogumamum.bin <--Go ahead and delete this


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Mommazon
2011-03-28, 20:39
deleted the bhogety boogy whatever beast...

Here we go with the OTL.txt

OTL logfile created on: 3/28/2011 10:34:39 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mommazon\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 6.46 Gb Free Space | 9.25% Space Free | Partition Type: NTFS
Drive D: | 532.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 298.02 Gb Total Space | 4.49 Gb Free Space | 1.51% Space Free | Partition Type: FAT32

Computer Name: D7M16T91 | User Name: Mommazon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mommazon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mommazon\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_d76cf65.dll ()
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV - (MpKslc739de5a) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKslc739de5a.sys (Microsoft Corporation)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/|https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 12:21:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/27 12:21:09 | 000,000,000 | ---D | M]

[2011/03/07 22:03:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mommazon\Application Data\Mozilla\Extensions
[2011/03/07 22:03:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mommazon\Application Data\Mozilla\Firefox\Profiles\nt6ta4nn.default\extensions
[2011/03/27 13:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/21 16:08:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/23 22:33:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/21 16:08:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/27 19:59:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mommazon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mommazon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/27 10:33:31 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2005/12/20 10:19:23 | 000,000,035 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/01/10 08:32:40 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2011/03/27 10:33:34 | 000,000,000 | R--D | M] - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{cf7a2f20-3946-11e0-a099-001372b3e4c1}\Shell - "" = AutoRun
O33 - MountPoints2\{cf7a2f20-3946-11e0-a099-001372b3e4c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf7a2f20-3946-11e0-a099-001372b3e4c1}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/28 10:28:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mommazon\Desktop\OTL.exe
[2011/03/28 10:28:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/27 19:56:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/27 19:50:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/27 18:53:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/27 18:53:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/27 18:53:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/27 18:53:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/27 12:25:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/27 10:33:31 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/03/25 10:22:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/25 10:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/25 10:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/03/24 21:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/24 21:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/24 17:33:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/03/23 22:33:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/23 22:33:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/23 22:33:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/23 21:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Application Data\Malwarebytes
[2011/03/23 21:42:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/23 21:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/23 21:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/23 21:42:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/23 21:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/23 11:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/03/23 11:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/23 11:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/22 20:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/22 20:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/22 20:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/22 20:21:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/21 19:26:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mommazon\PrivacIE
[2011/03/21 18:35:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/03/21 16:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/03/21 16:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/21 16:08:41 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/21 16:08:41 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/19 14:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\WMTools Downloaded Files
[2011/03/19 14:01:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mommazon\My Documents\My Videos
[2011/03/17 22:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\My Documents\My Corel Shows
[2011/03/17 22:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\Corel
[2011/03/17 22:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\My Documents\My PSP Files
[2011/03/15 20:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/03/15 16:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\Identities
[2011/03/15 13:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\Western Digital
[2011/03/15 13:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\Apple
[2011/03/15 12:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\Apple Computer
[2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mommazon\Desktop\TDSSKiller.exe
[2011/03/09 17:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\(Default)
[2011/03/09 17:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAZ 3D
[2011/03/09 17:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DAZ
[2011/03/07 22:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\My Documents\Downloads
[2011/03/07 22:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\Mozilla
[2011/03/07 22:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Application Data\Mozilla
[2011/03/07 21:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smith Micro
[2011/03/07 21:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Smith Micro
[2011/03/07 18:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\Temp
[2011/03/07 18:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Application Data\Poser
[2011/03/07 18:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Application Data\Apple Computer
[2011/03/07 18:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\Adobe
[2011/03/07 18:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Application Data\Adobe
[2011/03/07 18:39:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mommazon\IETldCache
[2011/03/07 18:39:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Mommazon\Application Data\Microsoft
[2011/03/07 18:39:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mommazon\Application Data
[2011/03/07 18:39:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mommazon\Favorites
[2011/03/07 18:39:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mommazon\Cookies
[2011/03/07 18:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Application Data\Sun
[2011/03/07 18:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Application Data\Macromedia
[2011/03/07 18:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Application Data\Identities
[2011/03/07 18:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Application Data\Gtek
[2011/03/07 18:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\Google
[2011/03/07 18:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Application Data\Google
[2011/03/07 18:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Desktop
[2011/03/07 18:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Application Data\Corel
[2011/03/07 18:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\ApplicationHistory
[2011/03/07 18:39:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mommazon\SendTo
[2011/03/07 18:39:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mommazon\Recent
[2011/03/07 18:39:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mommazon\Start Menu\Programs\Startup
[2011/03/07 18:39:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mommazon\Start Menu
[2011/03/07 18:39:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mommazon\My Documents\My Pictures
[2011/03/07 18:39:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mommazon\My Documents\My Music
[2011/03/07 18:39:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mommazon\My Documents
[2011/03/07 18:39:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mommazon\Start Menu\Programs\Accessories
[2011/03/07 18:39:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mommazon\Templates
[2011/03/07 18:39:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mommazon\PrintHood
[2011/03/07 18:39:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mommazon\NetHood
[2011/03/07 18:39:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mommazon\Local Settings
[2011/03/07 18:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\Wildtangent
[2011/03/07 18:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\Musicmatch
[2011/03/07 18:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\Microsoft
[2011/03/07 18:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Start Menu\Programs\Dell Accessories
[2011/03/07 18:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Start Menu\Programs\Dell
[2011/03/07 18:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2011/03/07 16:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Poser
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/28 10:33:35 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/28 10:33:32 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/28 10:33:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/28 10:33:17 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/28 10:28:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mommazon\Desktop\OTL.exe
[2011/03/28 10:10:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/28 09:48:15 | 001,373,616 | ---- | M] () -- C:\Documents and Settings\Mommazon\Desktop\MCPR.exe
[2011/03/27 19:59:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/27 19:50:31 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/03/27 12:15:16 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\Mommazon\Desktop\Shortcut to ComboFix.lnk
[2011/03/27 12:15:06 | 004,303,726 | R--- | M] () -- C:\Documents and Settings\Mommazon\Desktop\ComboFix.exe
[2011/03/27 10:53:55 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mommazon\Desktop\TDSSKiller.exe
[2011/03/27 10:13:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/24 23:54:42 | 000,004,224 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/03/24 21:49:42 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ikayacegalaj.dat
[2011/03/24 21:24:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/23 21:42:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/21 20:04:37 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Update The Kids 4.lnk
[2011/03/21 16:58:48 | 000,000,848 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/03/19 16:35:45 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/19 15:53:57 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/19 13:40:35 | 000,004,184 | ---- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/03/18 21:31:27 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/03/16 12:58:30 | 003,583,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/14 20:50:34 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Update Michael 4 Base.lnk
[2011/03/14 11:17:44 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/14 11:17:44 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 18:58:23 | 000,056,768 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/09 17:21:55 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Poser 8.lnk
[2011/03/08 18:01:57 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/07 18:39:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Mommazon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/07 18:39:48 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Mommazon\Desktop\Windows Media Player.lnk
[2011/03/07 18:39:45 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Mommazon\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/03/01 23:07:55 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/28 09:47:56 | 001,373,616 | ---- | C] () -- C:\Documents and Settings\Mommazon\Desktop\MCPR.exe
[2011/03/27 19:59:04 | 2145,538,048 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/27 19:50:31 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/03/27 19:50:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/27 18:53:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/27 18:53:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/27 18:53:10 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/27 18:53:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/27 18:53:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/27 12:15:16 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\Mommazon\Desktop\Shortcut to ComboFix.lnk
[2011/03/27 12:14:21 | 004,303,726 | R--- | C] () -- C:\Documents and Settings\Mommazon\Desktop\ComboFix.exe
[2011/03/24 21:49:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ikayacegalaj.dat
[2011/03/23 21:42:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/22 20:35:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/21 20:04:37 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Update The Kids 4.lnk
[2011/03/16 23:07:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/14 20:50:34 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Update Michael 4 Base.lnk
[2011/03/10 18:58:23 | 000,056,768 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/07 21:41:01 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Poser 8.lnk
[2011/03/07 18:39:48 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Mommazon\Start Menu\Programs\Windows Media Player.lnk
[2011/03/07 18:39:48 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Mommazon\Desktop\Windows Media Player.lnk
[2011/03/07 18:39:34 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\Mommazon\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/03/07 18:39:34 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Mommazon\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2011/03/07 18:39:34 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Mommazon\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/03/07 18:39:34 | 000,001,298 | ---- | C] () -- C:\Documents and Settings\Mommazon\Desktop\Media Center.lnk
[2011/03/07 18:39:34 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Mommazon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/07 18:39:34 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Mommazon\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/03/07 18:39:34 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Mommazon\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2011/03/07 18:39:34 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Mommazon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/03/07 18:39:33 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Mommazon\Local Settings\Application Data\fusioncache.dat
[2011/03/07 18:39:32 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Mommazon\Start Menu\Programs\Remote Assistance.lnk
[2011/03/07 18:39:32 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Mommazon\Start Menu\Programs\Internet Explorer.lnk
[2011/03/07 18:39:32 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Mommazon\Start Menu\Programs\Outlook Express.lnk
[2011/03/01 23:07:55 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/01 23:07:55 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/19 17:38:16 | 000,000,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/02/18 23:20:37 | 000,004,184 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/02/18 23:20:37 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\9E0BD4F60D.sys
[2010/05/30 16:24:18 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/05/30 16:23:59 | 000,215,128 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/05/30 16:23:57 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010/05/30 16:23:57 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/05/13 14:16:03 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/04/15 06:10:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/15 06:05:39 | 000,004,224 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/15 06:01:33 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/04/15 05:57:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/15 05:55:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/15 05:30:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/04/15 05:30:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/09 08:30:52 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 06:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 02:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 02:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 02:27:59 | 003,583,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 02:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 02:18:33 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 02:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 02:18:33 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 02:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 02:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 02:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 02:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 02:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 02:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 02:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 02:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 12:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2005/08/16 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/02/26 00:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/03/22 20:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/07 16:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Poser
[2011/02/21 13:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2006/04/15 05:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/06 16:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/07 18:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mommazon\Application Data\Poser

========== Purity Check ==========



< End of report >

Mommazon
2011-03-28, 20:41
and the extras.txt

OTL Extras logfile created on: 3/28/2011 10:34:39 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mommazon\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 6.46 Gb Free Space | 9.25% Space Free | Partition Type: NTFS
Drive D: | 532.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 298.02 Gb Total Space | 4.49 Gb Free Space | 1.51% Space Free | Partition Type: FAT32

Computer Name: D7M16T91 | User Name: Mommazon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"1037:TCP" = 1037:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Smith Micro\Poser 8\Poser.exe" = C:\Program Files\Smith Micro\Poser 8\Poser.exe:*:Enabled:Poser executable file -- (Smith Micro Software, Inc)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EPSON Stylus NX400 Series" = EPSON Stylus NX400 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"Google Desktop" = Google Desktop
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"NVIDIA Drivers" = NVIDIA Drivers
"Poser 8_is1" = Poser 8 (8.0.0.10157)
"PROSet" = Intel(R) PRO Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2011 3:48:09 PM | Computer Name = D7M16T91 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/24/2011 3:48:09 PM | Computer Name = D7M16T91 | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {3590AF03-8787-49E4-93B7-1F6772DAD3F8} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 3/24/2011 3:48:41 PM | Computer Name = D7M16T91 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/24/2011 3:49:11 PM | Computer Name = D7M16T91 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/24/2011 3:49:41 PM | Computer Name = D7M16T91 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/24/2011 3:49:41 PM | Computer Name = D7M16T91 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\lcedisp.cpp(131),
hr = 80040206: Failed to CoCreate EventSystem objec

Error - 3/24/2011 3:50:11 PM | Computer Name = D7M16T91 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/24/2011 3:50:41 PM | Computer Name = D7M16T91 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/24/2011 3:50:41 PM | Computer Name = D7M16T91 | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {47882B63-6ECF-418D-B402-B8339FD7F156} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 3/27/2011 1:54:05 PM | Computer Name = D7M16T91 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt>
with error: The connection with the server was terminated abnormally

[ System Events ]
Error - 3/27/2011 6:22:28 PM | Computer Name = D7M16T91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/27/2011 6:27:45 PM | Computer Name = D7M16T91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/27/2011 6:33:55 PM | Computer Name = D7M16T91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/27/2011 6:33:55 PM | Computer Name = D7M16T91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/27/2011 7:08:55 PM | Computer Name = D7M16T91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/27/2011 7:17:56 PM | Computer Name = D7M16T91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/27/2011 7:17:56 PM | Computer Name = D7M16T91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/27/2011 7:17:56 PM | Computer Name = D7M16T91 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.99.1703.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6603.0 Error code: 0x80070422 Error
description: The service cannot be started, either because it is disabled or because
it has no enabled devices associated with it.

Error - 3/27/2011 7:22:28 PM | Computer Name = D7M16T91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/27/2011 10:58:16 PM | Computer Name = D7M16T91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

ken545
2011-03-28, 20:58
Yes, by all means install the updates.

You can delete this one as well
C:\WINDOWS\Ikayacegalaj.dat

Keep Java up to date
Download JavaRa (http://majorgeeks.com/JavaRA_d5982.html) to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.




1. Click Start > Settings > Control Panel.
2. Double-click the Java Plug-in icon in the control panel.
3. Click the Cache tab.
4. Click Clear A confirmation dialog box appears.
5. Click Yes to confirm.
6. Click Apply.


How are things running now ?

Mommazon
2011-03-28, 21:18
All gone....C:\WINDOWS\Ikayacegalaj.dat



---------------------------
JavaRa 1.16
---------------------------
Removed C:\Program Files\Java\j2re1.4.2_03.
Removed C:\Documents and Settings\Mommazon\Application Data\Sun\Java\jre1.6.0_22.

---------------------------

Apparently I already had the latest version of Java, but I asked it to reinstall anyway.

I went to the control panel and dbl clicked the Java icon, but it doesn't have a cahce tab, nor can I find anything under the main tabs (GENERAL, UPDATE, JAVA, SECURITY, ADVANCED)


Everything seems to be running smoothly! THANK YOU!!

Now do I go back and hide all the things under the windows folder?

As well, do I restart the MSE real time security (I don't remember exactly what it said at this point) or is it possible to remove that and get a better AV program? I have used AVG with great success in the past, but it won't load while MSE is on board. I truly appreciate your amazing assistance!!

ken545
2011-03-29, 00:37
Well, dont know if its me with my systems but I had issues with MSE, why dont you just uninstall it.

Uninstall AVG as well and try downloading it and reinstalling and see if that helps

If it still gives you problems I kind of lean toward Avast

Free Anti Virus Programs


Free Avast 4 Home Edition (http://www.avast.com/eng/avast_4_home.html)
Avira AntiVir® Personal Edition Classic (http://www.free-av.com/)
AVG Free (http://free.grisoft.com/doc/avg-anti-virus-free/lng/us/tpl/v5)




Free Firewalls


Zone Alarm (http://www.pcworld.com/downloads/file_description/0,fid,7228,00.asp)
Sygate Personal Firewall Free Edition (http://www.filehippo.com/download_sygate_personal_firewall/[/url])
Outpost Firewall Free (http://www.agnitum.com/products/outpostfree/index.php)




Once you have that straightened out, then do this


Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)




Safe Surfn
Ken

Mommazon
2011-03-29, 01:34
Thanks a bunch for your help Ken!

I think the BEST solution to stay bug free is just sacrifice the arm and the leg and get a MAC! LOL!! Although I'm sure they are not without their own problems.

Cheers!!

Sara

ken545
2011-03-29, 01:48
Well, as Macs get more popular there being targeted also, but right now not as much as windows, but as there market share improves you will start seeing threats targeting Macs

Not a big fan of Macs, I am a windows guy, but if you keep all your programs updated , like your browser, Java, Adobe, Flash Player and a host of others you should be ok.

Remember the weakest link in the chain may be you, dont open email from someone you dont know, dont download attachments unless a friend said he sent you one , dont surf Porn or use any P2P ( File Sharing Programs )

I have been at this for almost 8 years and most of the infected computers I clean are from users just downloading things they dont even know about

Use your head , just enjoy your computer with all of its benefits and stay safe

Ken :)

ken545
2011-04-01, 02:15
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.