PC Infected

Hello Bill Moz :),

ESET's findings are from the Java cache.

You can clear them off using ATF Cleaner's Java Cache option, or go to Start > Control Panel. Double click on Java and the Java Control Panel will open. At the General tab, click on the Settings... below the Temporary Internet Files title. Press the Delete Files... button and OK your way out.

--------------------

Your DDS log looks clean. Any more problems?
 
Redirects appear to be gone, still cannot launch main program to update Spybot S+D, can I re install it? During the eset scan setup I did get a rogue scanner exploit warning, but I had Spybot resident shut off and AVG resident shut off, I think AVG caught it, but I don't really know for sure.
 
Hello Bill Moz :),

You shut off the protection programs before you started with ESET or during the installation? The rogue scanner warning, it came up before ESET start to scan? You are not sure which program prompted the warning? When the warning came up, did it ask for any action from you?

For Spybot, you can try to uninstall it first, reboot your computer, the reinstall. See if that solve your problem.
 
I shut off real time protection before I went to Eset site. When I clicked on the button to open the scanner window is when the warning came up. No action was called for, and it was AVG that blocked the scanner. Computer still has redirect issue now that I've had a chance to try it. I've been using a flash drive so I can post logs from another computer just so you know. And it has not been plugged in during any scans, should I plug it in while performing the scans?
 
Hello Bill Moz :),

The warning is most likely a false positive by AVG.

Computer still has redirect issue now
Click to expand...
It could be your router or the USB. Please post a fresh DDS log, no need for Attach.txt.

The other computer you mentioned, is it using the same connection / router?

--------------------

Check USB storage devices / removable drives
  • Please download USBNoRisk© by bobby and save to your desktop. Click here.
  • Double click on usbnorisk.exe and wait a couple of seconds for the initial scan to finish.
  • Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
  • If there are more than one USB storage devices, please take note of the order they are connected.
  • When all the devices are plugged in and the scanning done, right click on any location in the white box where the results are shown and select Save log.
  • Click OK when prompted and a log will open. It is saved to C:\USBNoRisk\UsbNoRisk.txt.
  • Post the contents of that log in your reply and close the program.

--------------------

Please post back:
1. fresh DDS log
2. USBNoRisk result
 
Yes other computer is using the same router. USB scan.

USBNoRisk 2.6 (08 September 2010) by bobby

Started at 11/5/2010 10:36:49 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {00dc6dbc-a78d-11dd-a3cc-806d6172696f}
D: {00dc6dbd-a78d-11dd-a3cc-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 00dc6dbc-a78d-11dd-a3cc-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 00dc6dbd-a78d-11dd-a3cc-806d6172696f
----------------------------------------
Desktop.ini found at D:\My Documents\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID2={450d8fba-ad25-11d0-98a8-0800361b1103}
InfoTip=Stores your documents, graphics, and other files.
----------------------------------------
HKCR\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22914
HKCR\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-9227
HKCR\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103}\DefaultIcon,@ = %SystemRoot%\system32\SHELL32.dll,-235
HKCR\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103}\InProcServer32,@ = %SystemRoot%\system32\SHELL32.dll
HKCR\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKLM\Software\Classes\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22914
HKLM\Software\Classes\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-9227
HKLM\Software\Classes\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103}\DefaultIcon,@ = %SystemRoot%\system32\SHELL32.dll,-235
HKLM\Software\Classes\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103}\InProcServer32,@ = %SystemRoot%\system32\SHELL32.dll
HKLM\Software\Classes\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103}\shell\find\command,@ = %SystemRoot%\Explorer.exe
----------------------------------------
Desktop.ini found at D:\Program Files\ contains file:// string
----------------------------------------
[ExtShellFolderViews]
Default={5984FFE0-28D4-11CF-AE66-08002B2E1262}
{5984FFE0-28D4-11CF-AE66-08002B2E1262}={5984FFE0-28D4-11CF-AE66-08002B2E1262}

[{5984FFE0-28D4-11CF-AE66-08002B2E1262}]
PersistMoniker=file://Folder.htt

[.ShellClassInfo]
ConfirmFileOp=0
----------------------------------------
D:\Program Files\Folder.htt --ah- 11079 bytes
----------------------------------------
Desktop.ini found at D:\RECYCLED\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 11/5/2010 10:37:50 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {c1fea847-cf50-11de-98e8-001ee5a5870c}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for c1fea847-cf50-11de-98e8-001ee5a5870c
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

DDS



DDS (Ver_10-10-21.02) - NTFSx86
Run by Bill at 22:39:31.84 on Fri 11/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1299 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\Bill\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bill\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\bill\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [EPSON Artisan 800(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiema.exe /fu "c:\windows\temp\E_S82.tmp" /EF "HKCU"
uRun: [Google Update] "c:\documents and settings\bill\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [SpybotSD TeaTimer] c:\program files\bill\spybot - search & destroy\TeaTimer.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Launch PC Probe II] "c:\program files\asus\pc probe ii\Probe2.exe" 1
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\bill\startm~1\programs\startup\checkf~1.lnk - c:\jts\WiseUpdt.exe
StartupFolder: c:\docume~1\bill\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\bill\spybot - search & destroy\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225515211757
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225558772171
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-8 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-8 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-8 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]

=============== Created Last 30 ================

2010-11-06 03:38:31 -------- d-----w- C:\USBNoRisk
2010-11-05 03:37:10 -------- d-----w- c:\program files\Bill
2010-11-04 00:36:28 -------- d-----w- c:\program files\ESET
2010-11-02 00:46:47 -------- d-----w- c:\docume~1\bill\applic~1\Malwarebytes
2010-10-31 15:42:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 15:42:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-31 15:42:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-31 15:42:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-23 13:14:14 388096 ----a-r- c:\docume~1\bill\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-23 13:14:13 -------- d-----w- c:\program files\Trend Micro
2010-10-13 01:16:32 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 01:16:32 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 01:16:20 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 22:42:08.87 ===============
 
Hello Bill Moz :),

You should update your Java.

The USB is clean. Does the redirect happen to your other computer? Any other symptoms besides redirects?

--------------------

Please download OTL© by OldTimer from one of the links below and save it to your desktop.

Link 1
Link 2

Scan with OTL
  • Double click on OTL.exe to run it.
  • Make sure all the Use SafeList options is checked (ticked). There are six of them.
  • Check Scan All Users.
  • At the lower right corner, check LOP Check and Purity Check.
  • Click on Run Scan at the top left hand corner. This might take a while.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
    Note: These files are saved as OTL.txt and Extras.txt on the desktop.

--------------------

Please download MBRCheck© by a_d_13 from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Preliminary scan
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running MBRCheck. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click on MBRCheck.exe to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A command prompt window will open.
  • When you see Enter 'Y' and hit ENTER for more options, or 'N' to exit:, enter N at the prompt and press Enter twice.
  • Otherwise, just press Enter.
  • A log file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop. Please post the contents of that file.

--------------------

Please download Rootkit Unhooker and save it to your desktop. Click here.
  • Double click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Ensure the following are checked (ticked):
    • Drivers
    • Stealth Code
    • Files
    • Code Hooks
  • Uncheck the rest, then click OK. An initial scan will be performed.
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
  • Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
  • Save the report somewhere you can find it. Click Close to exit.
  • Copy the entire contents of the report and paste it in your next reply.

You may get a warning about parasite detection. Please click OK to continue.

--------------------

Please post back:
1. the answers to my questions about your other computer and symptoms
2. the OTL logs (OTL.txt and Extras.txt)
3. MBRCheck result
4. Rookit Unhooker log
 
Other computers are ok, no symptoms. The only other syptom was Spybot not running at all. I uninstalled and reinstalled Spybot and tried to install to a renamed folder and it still won't work. My redirects appear to only occur if click on a link from a google search, if I stay within my usual sites it seems OK. But google searches are almost useless as it may redirect two or three times after a click.
 
OTL logfile created on: 11/6/2010 1:21:39 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Bill\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.36 Gb Total Space | 2.91 Gb Free Space | 11.47% Space Free | Partition Type: NTFS
Drive D: | 55.90 Gb Total Space | 7.26 Gb Free Space | 12.99% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 1.19 Gb Free Space | 15.97% Space Free | Partition Type: FAT32
Unable to calculate disk information.

Computer Name: BILL-WCG1YON6RY | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bill\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Bill\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\ASUS\PC Probe II\Probe2.exe ()
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe (GEMTEKS)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bill\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dinput.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
SRV - (WLSVC) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe (GEMTEKS)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (RT61) Linksys Wireless-G PCI Adapter Driver(RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1454471165-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1454471165-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1454471165-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1454471165-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1454471165-1177238915-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-1177238915-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1454471165-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/09/02 15:00:52 | 000,417,813 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 14419 more lines...
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Bill\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1454471165-1177238915-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [Launch PC Probe II] C:\Program Files\ASUS\PC Probe II\Probe2.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-1454471165-1177238915-839522115-1003..\Run: [EPSON Artisan 800(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1454471165-1177238915-839522115-1003..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-21-1454471165-1177238915-839522115-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1454471165-1177238915-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Bill\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1454471165-1177238915-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Bill\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1225515211757 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1225558772171 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/31 23:04:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/07/25 15:28:12 | 000,000,078 | -HS- | M] () - D:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2005/07/31 16:42:38 | 000,000,037 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/07/23 11:30:04 | 000,000,078 | -HS- | M] () - D:\AUTOEXEC.DOS -- [ NTFS ]
O32 - AutoRun File - [2004/06/26 09:09:30 | 000,000,037 | ---- | M] () - D:\AUTOEXEC._AV -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/06 10:53:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/06 10:53:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/06 10:53:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/06 09:21:52 | 004,329,496 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Bill\Desktop\avg_free_stb_all_2011_1153_upgrade.exe
[2010/11/05 22:38:31 | 000,000,000 | ---D | C] -- C:\USBNoRisk
[2010/11/05 22:32:30 | 000,446,464 | ---- | C] (MyCity) -- C:\Documents and Settings\Bill\Desktop\usbnorisk.exe
[2010/11/04 22:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bill
[2010/11/03 19:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/03 18:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/03 18:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/03 18:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/11/03 17:53:18 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Bill\Desktop\ATF-Cleaner.exe
[2010/11/01 19:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\Malwarebytes
[2010/10/31 10:42:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/31 10:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/31 10:42:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/31 10:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/31 10:36:50 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bill\Desktop\mbam-setup-1.46.exe
[2010/10/26 08:53:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe
[2010/10/25 05:56:24 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Bill\Desktop\spybotsd162a.exe
[2010/10/23 08:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/23 08:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/23 08:31:56 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Bill\Desktop\erunt-setup.exe
[2010/10/23 08:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/12 20:16:32 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/12 20:16:32 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/12 20:16:20 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/06 13:04:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/06 12:54:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1177238915-839522115-1003UA.job
[2010/11/06 09:21:57 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Bill\Desktop\avg_free_stb_all_2011_1153_upgrade.exe
[2010/11/06 02:54:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1177238915-839522115-1003Core.job
[2010/11/05 23:59:11 | 067,277,623 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/11/05 22:32:32 | 000,446,464 | ---- | M] (MyCity) -- C:\Documents and Settings\Bill\Desktop\usbnorisk.exe
[2010/11/05 18:04:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 17:06:28 | 000,191,909 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/05 17:06:17 | 000,013,726 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/05 17:06:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/11/05 17:05:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/04 22:47:43 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/04 22:47:43 | 000,001,010 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Spybot - Search & Destroy.lnk
[2010/11/04 16:55:43 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Google Chrome.lnk
[2010/11/04 16:55:43 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/03 23:07:03 | 000,003,632 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Attach3.zip
[2010/11/03 18:40:51 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/03 17:53:18 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Bill\Desktop\ATF-Cleaner.exe
[2010/11/02 20:22:45 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\SystemLook.exe
[2010/10/31 23:09:21 | 000,112,640 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 22:55:42 | 000,003,295 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Attach2.zip
[2010/10/31 21:12:11 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\1gx17ml2.exe
[2010/10/31 10:42:05 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/31 10:34:26 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bill\Desktop\mbam-setup-1.46.exe
[2010/10/26 08:53:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\OTL.exe
[2010/10/25 05:56:24 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Bill\Desktop\spybotsd162a.exe
[2010/10/23 09:34:10 | 000,003,048 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\Attach.zip
[2010/10/23 09:34:10 | 000,003,048 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Attach.zip
[2010/10/23 08:36:09 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\dds.scr
[2010/10/23 08:33:39 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/23 08:33:18 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\ERUNT.lnk
[2010/10/23 08:31:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Bill\Desktop\erunt-setup.exe
[2010/10/23 08:14:29 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\HiJackThis.lnk
[2010/10/23 08:13:40 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\HiJackThis.msi
[2010/10/23 08:06:26 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\housecall.guid.cache
[2010/10/22 07:10:10 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NinjaTrader 6.5.lnk
[2010/10/21 22:52:36 | 007,993,878 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\auto5_mag_2up_s.pdf
[2010/10/21 22:05:49 | 006,562,200 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\auto5_light_om_s.pdf
[2010/10/21 21:26:39 | 000,556,544 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\JHM%20Basics%20Review%20by%20MKTr%20vers1[1].doc
[2010/10/18 22:17:09 | 006,562,200 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\auto5_light_om_s.pdf
[2010/10/13 04:26:17 | 000,132,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 04:09:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/12 21:58:43 | 000,097,914 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\worldFederationOfExchanges.pdf
[2010/10/08 04:05:50 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/08 04:05:50 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/04 22:47:43 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/11/04 22:47:43 | 000,001,010 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Spybot - Search & Destroy.lnk
[2010/11/03 23:07:03 | 000,003,632 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Attach3.zip
[2010/11/03 18:40:51 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/02 20:22:45 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\SystemLook.exe
[2010/10/31 22:55:42 | 000,003,295 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Attach2.zip
[2010/10/31 21:12:11 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\1gx17ml2.exe
[2010/10/31 10:42:05 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/23 10:54:55 | 000,003,048 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\Attach.zip
[2010/10/23 09:34:10 | 000,003,048 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Attach.zip
[2010/10/23 08:36:09 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\dds.scr
[2010/10/23 08:33:39 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/23 08:33:18 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\ERUNT.lnk
[2010/10/23 08:14:13 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\HiJackThis.lnk
[2010/10/23 08:13:39 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\HiJackThis.msi
[2010/10/23 08:06:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\housecall.guid.cache
[2010/10/21 22:52:36 | 007,993,878 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\auto5_mag_2up_s.pdf
[2010/10/21 22:05:49 | 006,562,200 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\auto5_light_om_s.pdf
[2010/10/21 21:26:39 | 000,556,544 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\JHM%20Basics%20Review%20by%20MKTr%20vers1[1].doc
[2010/10/18 22:17:09 | 006,562,200 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\auto5_light_om_s.pdf
[2010/10/12 21:58:43 | 000,097,914 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\worldFederationOfExchanges.pdf
[2010/06/24 04:24:16 | 000,208,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/29 21:31:56 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/02/19 19:31:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/02/14 14:10:02 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/14 14:06:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPART800.ini
[2008/11/16 11:01:06 | 000,004,360 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/11/16 10:59:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI
[2008/11/09 11:39:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/02 21:59:12 | 000,245,760 | ---- | C] () -- C:\WINDOWS\ddedll.dll
[2008/11/02 21:56:53 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini
[2008/11/02 21:56:48 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2008/11/01 00:42:50 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/11/01 00:42:29 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/10/31 23:29:11 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008/10/31 23:16:12 | 000,112,640 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/31 23:13:00 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/10/31 23:13:00 | 000,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/10/31 23:12:58 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/10/31 23:12:58 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/10/31 23:12:30 | 000,016,671 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/10/31 23:12:30 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/10/31 23:12:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/10/31 15:54:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/26 12:13:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\NtDirect.dll
[2007/06/28 23:43:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/28 23:43:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/28 23:43:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/28 23:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/28 23:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

========== LOP Check ==========

[2010/10/26 07:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/02/14 14:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/02/14 14:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Epson
[2010/11/05 17:06:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 11/6/2010 1:21:39 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Bill\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.36 Gb Total Space | 2.91 Gb Free Space | 11.47% Space Free | Partition Type: NTFS
Drive D: | 55.90 Gb Total Space | 7.26 Gb Free Space | 12.99% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 1.19 Gb Free Space | 15.97% Space Free | Partition Type: FAT32
Unable to calculate disk information.

Computer Name: BILL-WCG1YON6RY | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"4764:UDP" = 4764:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4765:UDP" = 4765:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4780:UDP" = 4780:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4781:UDP" = 4781:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4783:UDP" = 4783:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4785:UDP" = 4785:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4782:UDP" = 4782:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4784:UDP" = 4784:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4791:UDP" = 4791:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4790:UDP" = 4790:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4795:UDP" = 4795:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4797:UDP" = 4797:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4794:UDP" = 4794:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4796:UDP" = 4796:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4801:UDP" = 4801:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4803:UDP" = 4803:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4800:UDP" = 4800:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4802:UDP" = 4802:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4807:UDP" = 4807:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4806:UDP" = 4806:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4811:UDP" = 4811:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4810:UDP" = 4810:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4812:UDP" = 4812:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4813:UDP" = 4813:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4816:UDP" = 4816:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4819:UDP" = 4819:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4817:UDP" = 4817:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"4818:UDP" = 4818:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application -- (NinjaTrader)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"E:\Common\EasyInstall\EasyInstall.exe" = E:\Common\EasyInstall\EasyInstall.exe:*:Enabled:EasyInstall -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Bill\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Bill\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05B68931-AD1D-4879-AF0E-D2BFF9750C58}" = CrossHair
"{1733360D-6EE0-42F9-9B03-1072D5CD8179}" = ArcSoft Print Creations
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 22
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3
"{30D20E0C-95AE-4B67-BD69-B7865B311047}" = NinjaTrader 6.5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS_Ai_Proactive_Screensaver (E)" = ASUS_Ai_Proactive_Screensaver (E)
"AVG9Uninstall" = AVG Free 9.0
"EPSON Artisan 800 Series" = EPSON Artisan 800 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"QuoteTracker_is1" = QuoteTracker
"Trader Workstation 4.0" = Trader Workstation 4.0
"TWS Interoperability Components" = TWS Interoperability Components
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2010 1:50:13 PM | Computer Name = BILL-WCG1YON6RY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 9:18:09 AM | Computer Name = BILL-WCG1YON6RY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2010 11:23:12 AM | Computer Name = BILL-WCG1YON6RY | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module quartz.dll, version 6.5.2600.5822, fault address 0x000aeef4.

Error - 1/30/2010 12:58:07 AM | Computer Name = BILL-WCG1YON6RY | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/30/2010 7:57:09 PM | Computer Name = BILL-WCG1YON6RY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2010 12:03:02 PM | Computer Name = BILL-WCG1YON6RY | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2010 12:03:53 PM | Computer Name = BILL-WCG1YON6RY | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2010 12:04:16 PM | Computer Name = BILL-WCG1YON6RY | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/19/2010 12:21:50 AM | Computer Name = BILL-WCG1YON6RY | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module quartz.dll, version 6.5.2600.5908, fault address 0x00096146.

Error - 4/20/2010 12:18:11 AM | Computer Name = BILL-WCG1YON6RY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/5/2010 6:06:04 PM | Computer Name = BILL-WCG1YON6RY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/5/2010 8:57:17 PM | Computer Name = BILL-WCG1YON6RY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
LORI-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{C3A6FFF1-78F6-4DB3-B. The master browser is stopping or an election
is being forced.

Error - 11/5/2010 11:40:05 PM | Computer Name = BILL-WCG1YON6RY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WLSVC service.

Error - 11/6/2010 12:58:24 AM | Computer Name = BILL-WCG1YON6RY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 11/6/2010 12:58:36 AM | Computer Name = BILL-WCG1YON6RY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 11/6/2010 12:58:48 AM | Computer Name = BILL-WCG1YON6RY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 11/6/2010 12:59:38 AM | Computer Name = BILL-WCG1YON6RY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 11/6/2010 2:13:28 AM | Computer Name = BILL-WCG1YON6RY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 11/6/2010 11:53:39 AM | Computer Name = BILL-WCG1YON6RY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 11/6/2010 11:53:49 AM | Computer Name = BILL-WCG1YON6RY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.


< End of report >
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0200003d

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AE000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9ED9000 sr.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xBA338000 viaagp1.sys
0xB9DEE000 Mup.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xB9277000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xB9263000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xBA308000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA318000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA118000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB9240000 \SystemRoot\System32\DRIVERS\ks.sys
0xBA418000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB921C000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA420000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xBA128000 \SystemRoot\System32\DRIVERS\fetnd5bv.sys
0xB91F7000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
0xB91A0000 \SystemRoot\System32\DRIVERS\RT61.sys
0xBA5DC000 \SystemRoot\System32\DRIVERS\ASACPI.sys
0xBA428000 \SystemRoot\System32\DRIVERS\fdc.sys
0xBA138000 \SystemRoot\System32\DRIVERS\serial.sys
0xB9DBA000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB918C000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA780000 \SystemRoot\system32\drivers\msmpu401.sys
0xB9168000 \SystemRoot\system32\drivers\portcls.sys
0xBA148000 \SystemRoot\system32\drivers\drmk.sys
0xB9DB6000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xBA781000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA158000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB9DB2000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB9151000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA168000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA178000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xBA430000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB9140000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA188000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA438000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA440000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB9110000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA198000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA448000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA450000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA5DE000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB90B2000 \SystemRoot\System32\DRIVERS\update.sys
0xBA548000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA1A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA1B8000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA5E8000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xB6EA3000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xB6E83000 \SystemRoot\system32\drivers\AEAudio.sys
0xB6E23000 \SystemRoot\system32\drivers\Senfilt.sys
0xBA470000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xBA5EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7F4000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5EE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA488000 \SystemRoot\System32\drivers\vga.sys
0xBA5F0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA490000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA498000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA570000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB6DC8000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB6D6F000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB6D35000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB6D0F000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xBA1E8000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB6CE7000 \SystemRoot\System32\DRIVERS\netbt.sys
0xBA588000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA590000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA594000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB6CC5000 \SystemRoot\System32\drivers\afd.sys
0xBA208000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB6C9A000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB6C2A000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA288000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA3E0000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB6BF6000 \SystemRoot\System32\Drivers\avgldx86.sys
0xBA664000 \SystemRoot\system32\drivers\AsIO.sys
0xB6F29000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6F85000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA460000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA71A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB6987000 \SystemRoot\System32\DRIVERS\AegisP.sys
0xB6463000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB5E51000 \SystemRoot\system32\drivers\wdmaud.sys
0xB6056000 \SystemRoot\system32\drivers\sysaudio.sys
0xB5DD6000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA64A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB5AAE000 \SystemRoot\System32\DRIVERS\srv.sys
0xB5A8A000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB54F9000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA408000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB52CE000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB45EE000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
656 C:\WINDOWS\system32\smss.exe
704 csrss.exe
728 C:\WINDOWS\system32\winlogon.exe
772 C:\WINDOWS\system32\services.exe
784 C:\WINDOWS\system32\lsass.exe
952 C:\WINDOWS\system32\svchost.exe
1000 svchost.exe
1092 C:\WINDOWS\system32\svchost.exe
1164 C:\Program Files\AVG\AVG9\avgchsvx.exe
1192 C:\Program Files\AVG\AVG9\avgrsx.exe
1256 svchost.exe
1428 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1456 svchost.exe
1888 C:\WINDOWS\system32\spoolsv.exe
252 svchost.exe
324 C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe
496 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
504 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1076 C:\WINDOWS\system32\nvsvc32.exe
1484 C:\WINDOWS\explorer.exe
1976 C:\Program Files\AVG\AVG9\avgnsx.exe
2164 C:\WINDOWS\system32\svchost.exe
2336 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
3380 alg.exe
3472 C:\Program Files\Analog Devices\Core\smax4pnp.exe
3480 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
3504 C:\Program Files\ASUS\PC Probe II\Probe2.exe
3512 C:\WINDOWS\system32\rundll32.exe
3520 C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
3528 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
3536 C:\Program Files\AVG\AVG9\avgtray.exe
3620 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3628 C:\WINDOWS\system32\ctfmon.exe
3684 C:\Program Files\Bill\Spybot - Search & Destroy\TeaTimer.exe
3696 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
132 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
2412 C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
3808 PresentationFontCache.exe
3272 C:\Program Files\Java\jre6\bin\jqs.exe
3864 C:\WINDOWS\system32\wscntfy.exe
276 C:\Documents and Settings\Bill\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: Maxtor92720U8, Rev: MA540RR0
PhysicalDrive1 Model Number: ST360021A, Rev: 7.73

Size Device Name MBR Status
--------------------------------------------
25 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
55 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
Root kit unhook took a very long time to complete, 4-5 hours, but it checked all drives instead of just c:. The scan result report did not specifically save as a text file but it will open in note pad.
 
First Unhook report would not attach and was too long to paste in post because I scanned more than just drive c:, this report is from drive C: only, hope it is enough, I will redo it if you need all drives scanned.





RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB9277000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 6135808 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.13 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6057984 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 178.13 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9E35000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB6C2A000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB6E23000 C:\WINDOWS\system32\drivers\Senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xB90B2000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB6D6F000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB5AAE000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB91A0000 C:\WINDOWS\System32\DRIVERS\RT61.sys 356352 bytes (Ralink Technology Inc., Ralink 802.11 Wireless Adapter Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB54F9000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB6D35000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB6BF6000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB9110000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB5DD6000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9E08000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB6C9A000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB6CE7000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB6EA3000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 155648 bytes (Analog Devices, Inc., High Definition Audio Function Driver(Release Candidate 1))
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB6D0F000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB91F7000 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 151552 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB5A8A000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9168000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB921C000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9240000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB52CE000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xB6CC5000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB6E83000 C:\WINDOWS\system32\drivers\AEAudio.sys 131072 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9DEE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9151000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB5E51000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB918C000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9263000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB6DC8000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9140000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB6F29000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA318000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA138000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA148000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA118000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB6056000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA1B8000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xBA0E8000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA158000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA178000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA128000 C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys 45056 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)
0xBA288000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA308000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA168000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA1A8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA198000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA188000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA208000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB5682000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA1E8000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA498000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA420000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA428000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA480000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA338000 viaagp1.sys 28672 bytes (VIA Technologies, Inc., VIA NT AGP Filter)
0xBA3E0000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA448000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA450000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA408000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA418000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA488000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB6987000 C:\WINDOWS\System32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xBA470000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA490000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA438000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA440000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA430000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA460000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA590000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA548000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB6463000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB9DBA000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB6F85000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9DB6000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xBA588000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA594000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9DB2000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA570000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5DC000 C:\WINDOWS\System32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xBA664000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes
0xBA5EE000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AE000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5EC000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5F0000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA64A000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA5F2000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5DE000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5E8000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AC000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA781000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA71A000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA780000 C:\WINDOWS\system32\drivers\msmpu401.sys 4096 bytes (Microsoft Corporation, MPU401 Adapter Driver)
0xBA7F4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x89EBAAEA ?_empty_? 1302 bytes
0x89EBAEC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x89DD3CA8 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xB9F0B000 WARNING: suspicious driver modification [atapi.sys::0x89EBAAEA]
0xB6CE7000 WARNING: Virus alike driver modification [netbt.sys], 163840 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
[132]ArcCon.ac-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[1428]avgcsrvx.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[1484]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1484]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1484]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1484]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[1484]explorer.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[1484]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1484]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1484]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1484]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[2412]GoogleCrashHandler.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[252]svchost.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[3472]smax4pnp.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[3480]SMax4.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[3504]Probe2.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[3512]rundll32.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[3520]EEventManager.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[3528]ACDaemon.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[3628]ctfmon.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[3684]TeaTimer.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[3696]hpotdd01.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[3808]PresentationFontCache.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[728]winlogon.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]
[772]services.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x71A5C29B-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
 
Hello Bill Moz :),

Please download ComboFix© by sUBs from one of the links below and save it to your desktop.

Link 1
Link 2

Do not mouse click on ComboFix while it is running. That may cause it to stall. ComboFix is a powerful tool and must not be used without supervision.

Install Recovery Console and run ComboFix
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will be asked to install it if it is not present in your computer. Click Yes to proceed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, click on Yes to continue scanning for malware.
  • When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
  • If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
  • Enable back your security softwares as soon as you completed the ComboFix steps.

A detailed step by step tutorial to run ComboFix can be found here if you need help.

--------------------

Please post back:
1. the ComboFix log
 
You must log in or register to reply here.
Back
Top