Jump to content


Photo

Help Needed! Trojan that will not go away


  • This topic is locked This topic is locked
38 replies to this topic

#1 whoover409

whoover409

    Member

  • Members
  • PipPip
  • 22 posts

Posted 30 January 2010 - 04:11 PM

I have been trying to get rid of this thing for over a week. It started by disabling my Webroot Anti-virus.

I ran Malwarebytes, and it came back saying a registry key was infected:

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\{F9197A7E-CE10-458e-85F8-5B0CE6DF2BBE} (Trojan.Agent) -> Quarantined and deleted successfully.

It appears to be deleted, but it is still in my registry. I went into REGEDIT and deleted it manually, and as soon as I restart, it is back (I turned off system restore)

I ran AVG, and it comes back with this:

"C:\Windows\System32\drivers\kbdclass.sys";"Trojan horse BackDoor.Generic12.AAVT";"Object is white-listed (critical/system file that should not be removed)"

I researched this, and it appears to be something attached to my wireless keyboard driver??? I am afraid to delete it for fear I will not have my keyboard.

I infected my computer with the 2010 virus trying to get rid of the others. I think I have gotten that one off, though.

I tried to run your system restore download before running this log, but it would not run.

I ran Ad-Aware and it did not find anything

Here is the HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:19 AM, on 1/30/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] "C:\PROGRA~1\AVG\AVG9\avgtray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: MRI_DISABLED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6781 bytes

Edited by whoover409, 30 January 2010 - 04:13 PM.


#2 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 30 January 2010 - 05:08 PM

hi

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#3 whoover409

whoover409

    Member

  • Members
  • PipPip
  • 22 posts

Posted 30 January 2010 - 06:26 PM

hi

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.



#4 whoover409

whoover409

    Member

  • Members
  • PipPip
  • 22 posts

Posted 30 January 2010 - 06:58 PM

K, tried that and got the blue screen of death. I did take a picture of it with my camera if you need to know what it says...

#5 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 30 January 2010 - 07:38 PM

no its ok


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    CREATERESTOREPOINT
    %PROGRAMFILES%\*.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BootVerificationProgram /s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug /s


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#6 whoover409

whoover409

    Member

  • Members
  • PipPip
  • 22 posts

Posted 31 January 2010 - 04:29 PM

Well, I tried the GMER suggestion again, and it ran this time. A box popped up saying "GMER has found system modification caused by ROOTKIT activity. The only option was ok. I am posting the results of that here. Should I still go on to your next suggestion?

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-30 15:08:07
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kwlcapow.sys


---- System - GMER 1.0.15 ----

SSDT 85492BE8 ZwAllocateVirtualMemory
SSDT 87D150A0 ZwCreateKey
SSDT 87D14320 ZwCreateProcess
SSDT 87D145E0 ZwCreateProcessEx
SSDT 87D15D60 ZwCreateSection
SSDT 87D163E0 ZwCreateThread
SSDT 87D15620 ZwDeleteKey
SSDT 87D158E0 ZwDeleteValueKey
SSDT 87D16720 ZwLoadDriver
SSDT 87D160A0 ZwMapViewOfSection
SSDT 87D14B20 ZwOpenProcess
SSDT 87D15F00 ZwOpenSection
SSDT 85492C60 ZwQueueApcThread
SSDT 85492AF8 ZwReadVirtualMemory
SSDT 85492D50 ZwSetContextThread
SSDT 85492FA8 ZwSetInformationProcess
SSDT 85492DC8 ZwSetInformationThread
SSDT 87D15360 ZwSetValueKey
SSDT 85492F30 ZwSuspendProcess
SSDT 85492CD8 ZwSuspendThread
SSDT 87D14DE0 ZwTerminateProcess
SSDT 85492E40 ZwTerminateThread
SSDT 87D16240 ZwWriteVirtualMemory
SSDT 87D16580 ZwCreateThreadEx
SSDT 87D148A0 ZwCreateUserProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 321 82073958 4 Bytes CALL BB8C8288
.text ntoskrnl.exe!KeInsertQueue + 3D9 82073A10 4 Bytes [A0, 50, D1, 87]
.text ntoskrnl.exe!KeInsertQueue + 3F9 82073A30 8 Bytes [20, 43, D1, 87, E0, 45, D1, ...]
.text ntoskrnl.exe!KeInsertQueue + 405 82073A3C 4 Bytes [60, 5D, D1, 87]
.text ntoskrnl.exe!KeInsertQueue + 411 82073A48 4 Bytes [E0, 63, D1, 87]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F407000, 0x205494, 0xE8000020]
.text kbdclass.sys 9030A000 37 Bytes [00, 00, 00, 00, 00, 00, 8B, ...]
.text kbdclass.sys 9030A026 36 Bytes [B8, 95, 00, 00, C0, 5D, C2, ...]
.text kbdclass.sys 9030A04B 34 Bytes [15, 3C, C0, 30, 90, 8D, 5F, ...]
.text kbdclass.sys 9030A06E 78 Bytes [30, 90, 32, D2, 8B, CE, C7, ...]
.text kbdclass.sys 9030A0BD 200 Bytes [43, 70, 8B, 08, 3B, C8, 74, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ObfDereferenceObject] 4731F899
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ExAllocatePool] 11D171CB
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ExFreePoolWithTag] A0002CA5
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwClose] 102906C9
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwSetSystemInformation] [9030D000] \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!swprintf] 00000001
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!RtlInitUnicodeString] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoCreateDriver] [9030C17C] \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ObMakeTemporaryObject] 00000001
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ExUuidCreate] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!RtlStringFromGUID] [9030D5CF] \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!sprintf] 6FCF2A30
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!RtlFreeUnicodeString] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwSetInformationFile] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwWriteFile] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwCreateFile] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwQueryInformationFile] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!KeQuerySystemTime] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!RtlTimeToTimeFields] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwDeleteFile] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwOpenFile] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwReadFile] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!RtlIpv4StringToAddressExA] 00000001
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!KeInsertQueue] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!KeRemoveQueue] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!KeRundownQueue] 00040001
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoFreeIrp] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!KeInitializeQueue] [9030D06C] \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ObfReferenceObject] [9030D06C] \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!PsCreateSystemThread] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ObReferenceObjectByHandle] 00000001
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 00000001
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IofCallDriver] 00000003
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwOpenSection] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwMapViewOfSection] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!MmAllocatePagesForMdl] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!MmUnmapLockedPages] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!MmFreePagesFromMdl] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwUnmapViewOfSection] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!RtlHashUnicodeString] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!KeSetEvent] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!RtlPrefixUnicodeString] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoGetRelatedDeviceObject] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoAllocateIrp] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!KeInitializeEvent] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ExAllocatePoolWithTag] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!PoStartNextPowerIrp] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IofCompleteRequest] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!PoCallDriver] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ObReferenceObjectByName] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoDriverObjectType] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoEnumerateDeviceObjectList] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoCreateDevice] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwCreateSection] 000004B0
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwFlushVirtualMemory] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwOpenKey] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwEnumerateKey] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwDeleteKey] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwQueryKey] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoQueueWorkItem] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwLoadDriver] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwQueryDirectoryFile] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwFsControlFile] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoDeleteDevice] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwOpenDirectoryObject] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!ZwQueryDirectoryObject] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!wcsrchr] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoAllocateWorkItem] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!KeInitializeTimer] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!KeInitializeDpc] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!KeSetTimerEx] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!_allmul] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!_allshr] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!_aullrem] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!memset] 00000000
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!memcpy] 00000000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[12] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[12] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\System32\spoolsv.exe[208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\System32\spoolsv.exe[208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\svchost.exe[304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\svchost.exe[304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\wininit.exe[600] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\wininit.exe[600] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\services.exe[688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\lsass.exe[948] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\lsass.exe[948] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\svchost.exe[1296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\svchost.exe[1296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\System32\svchost.exe[1456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\System32\svchost.exe[1456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\svchost.exe[1496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\svchost.exe[1496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\svchost.exe[1752] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\svchost.exe[1752] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\svchost.exe[1900] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\svchost.exe[1900] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\AVG\AVG9\avgemc.exe[2276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Program Files\AVG\AVG9\avgemc.exe[2276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73977817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [739CA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7397BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7396F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [739775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7396E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [739A8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7397DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7396FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7396FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [739671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [739FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7399C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7396D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73966853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7396687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2292] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73972AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\svchost.exe[2748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\System32\svchost.exe[2748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\svchost.exe[3012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [356729F4] \\74.117.114.86\max++.x86.dll
IAT C:\Windows\system32\svchost.exe[3012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [3567297E] \\74.117.114.86\max++.x86.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \Driver\kbdclass \Device\KeyboardClass0 [9030E7F8] \SystemRoot\system32\DRIVERS\kbdclass.sys[unknown section] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; SUB ESP, 0x14; MOV EAX, [EBP+0x8]}

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\disk \GLOBAL??\C2CAD972#4079#4fd3#A68D#AD34CC121074 902FEBDE

---- Threads - GMER 1.0.15 ----

Thread System [4:260] 902FF93A
---- Processes - GMER 1.0.15 ----

Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [12] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Windows\System32\spoolsv.exe [208] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [304] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Windows\system32\wininit.exe [600] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Windows\system32\services.exe [688] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Windows\system32\lsass.exe [948] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [1256] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1296] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1456] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1496] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1752] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1900] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\AVG\AVG9\avgemc.exe [2276] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [2748] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [3012] 0x35670000

---- EOF - GMER 1.0.15 ----

#7 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 31 January 2010 - 04:39 PM

yes go ahead with the OTL step

you have a new infection so we will both need some patience


First, you must verify that you can access the Vista Recovery Environment.
To do so, restart your computer and begin tapping the F8 key to enable the Advanced Start menu.
If the option 'Repair your computer' is available, select it.

If not available, you will need to insert your Vista installation dvd and restart, then press any key when prompted to boot from the cd.
At the Install Windows screen, select Repair your computer. (image below)

Posted Image

Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Environment.
Once you get to the System Recovery Options screen, first take note of the drive letter assigned to the operating system, then select Command Prompt.

Posted Image

Type the following bolded command at the x:\sources> prompt (or x:\windows\system32>) then hit Enter.

cd /d x:\windows <--- the red x represents your operating system drive letter, as shown in the image below


Posted Image

At the C:\Windows> prompt type the following command then hit Enter

look.bat

You will see many files copied then return to the x:\windows> prompt.
Type Exit then restart your computer and logon in normal mode.
Please run maxlook.exe again now. Note - you must run it only once!
It will produce looklog.txt on the desktop and open it.
Please post the results here.
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#8 whoover409

whoover409

    Member

  • Members
  • PipPip
  • 22 posts

Posted 31 January 2010 - 08:26 PM

I am a little confused. I restarted and hit F8, and the option did come up to Repair your computer. It then went into the System Recovery Options screen. I was not sure what to do, because I have not yet downloaded maxlook. Should I have done that first? Also, when I tried to get through the system repair, it kept asking for my Administrator Password, but when I entered it, it said my Administrator account was disabled. I went in and verified that I am the administrator (I knew I was) and changed the password and restarted, but got the same thing. I am not sure what I should do next. Download maxlook and restart?

#9 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 01 February 2010 - 12:35 AM

yes go and download that
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#10 whoover409

whoover409

    Member

  • Members
  • PipPip
  • 22 posts

Posted 01 February 2010 - 01:24 AM

Ok, I will do the maxlook next...

Here are the results of the OTL:

OTL Text:

OTL logfile created on: 1/31/2010 4:23:17 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.04 Gb Total Space | 243.30 Gb Free Space | 84.17% Space Free | Partition Type: NTFS
Drive D: | 9.05 Gb Total Space | 1.26 Gb Free Space | 13.88% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 297.98 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/31 16:19:21 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/01/28 21:18:08 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/28 21:18:08 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/24 13:20:32 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/24 13:20:32 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/24 13:20:32 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/24 13:20:32 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/24 13:20:32 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/24 13:20:30 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/24 13:20:30 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/05/18 09:52:43 | 001,181,040 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/04/11 01:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/02 13:29:58 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2008/06/03 02:33:18 | 000,684,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/01/19 02:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/10/18 14:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/01/31 16:19:21 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/01/24 13:20:43 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/28 21:18:08 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/28 19:26:05 | 002,431,024 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3647.dll -- (Akamai)
SRV - [2010/01/24 13:20:30 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/24 13:20:30 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/18 09:52:43 | 001,181,040 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/04/02 13:29:58 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/29 14:28:10 | 000,698,888 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2008/06/03 02:33:18 | 000,684,032 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008/05/03 14:39:02 | 000,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/02/26 13:10:56 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/24 17:41:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2007/10/18 14:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/05/29 10:19:08 | 000,198,240 | ---- | M] () [Disabled | Stopped] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2007/05/24 15:13:54 | 000,061,440 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/05/15 19:20:12 | 000,079,400 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/05/11 13:15:20 | 000,887,544 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/05/03 15:31:12 | 000,074,656 | R--- | M] (MicroVision Development, Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/03/11 22:02:52 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/03/11 21:24:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/01/25 12:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/08 16:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/09/11 18:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 18:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 17:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 01:47:56 | 000,026,624 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 11:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/24 13:20:41 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/24 13:20:36 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/24 13:20:34 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/02 08:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/02 13:30:12 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/04/02 13:30:10 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/04/02 13:30:08 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/02/11 11:38:14 | 002,324,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/03 21:20:16 | 001,426,304 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2008/08/16 03:00:52 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/08/16 03:00:46 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/08/16 02:53:50 | 001,195,448 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/06/03 05:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 05:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/05/08 12:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 12:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 12:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/02/26 08:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2008/02/15 22:37:50 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/01/14 23:56:30 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/12/24 17:37:20 | 000,052,496 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2007/12/24 17:37:12 | 000,052,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/10/18 14:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/02/02 05:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/25 12:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/19 09:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2004/04/26 23:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/24 13:20:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/21 06:27:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 09:39:30 | 000,000,000 | ---D | M]

[2009/01/07 19:50:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/01/31 10:03:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s077am6k.default\extensions
[2009/01/07 19:50:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/03/03 13:08:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: epsi.com ([vpn] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/23 08:01:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/08/22 21:03:52 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - Services: "AlertService"
MsConfig - Services: "Automatic LiveUpdate Scheduler"
MsConfig - Services: "ccEvtMgr"
MsConfig - Services: "ccSetMgr"
MsConfig - Services: "CLTNetCnService"
MsConfig - Services: "comHost"
MsConfig - Services: "DQLWinService"
MsConfig - Services: "HP Health Check Service"
MsConfig - Services: "HPBtnSrv"
MsConfig - Services: "IDriverT"
MsConfig - Services: "IntelDHSvcConf"
MsConfig - Services: "ISPwdSvc"
MsConfig - Services: "ISSM"
MsConfig - Services: "LightScribeService"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "M1 Server"
MsConfig - Services: "MCLServiceATL"
MsConfig - Services: "Remote UI Service"
MsConfig - Services: "RoxMediaDB9"
MsConfig - Services: "stllssvr"
MsConfig - Services: "Symantec Core LC"
MsConfig - Services: "SymAppCore"
MsConfig - Services: "XAudioService"
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe - (Nikon Corporation)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim6 - hkey= - key= - C:\Program Files\AIM6\aim6.exe (AOL LLC)
MsConfig - StartUpReg: ccApp - hkey= - key= - c:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found
MsConfig - StartUpReg: CCUTRAYICON - hkey= - key= - File not found
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: Gamevance - hkey= - key= - C:\Program Files\Gamevance\gamevance32.exe File not found
MsConfig - StartUpReg: HP Health Check Scheduler - hkey= - key= - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: hpsysdrv - hkey= - key= - c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: IS CfgWiz - hkey= - key= - c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe File not found
MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\KbdStub.exe ()
MsConfig - StartUpReg: Launcher - hkey= - key= - C:\Windows\SMINST\Launcher.exe (soft thinks)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: MySpaceIM - hkey= - key= - C:\Program Files\MySpace\IM\MySpaceIM.exe ()
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: NvSvc - hkey= - key= - File not found
MsConfig - StartUpReg: OsdMaestro - hkey= - key= - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
MsConfig - StartUpReg: PCDrProfiler - hkey= - key= - C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe (PC-Doctor, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: RunSpySweeperScheduleAtStartup - hkey= - key= - C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe (Hewlett-Packard)
MsConfig - StartUpReg: scvhost - hkey= - key= - C:\Program Files\Over\Over.exe File not found
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SpySweeper - hkey= - key= - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
MsConfig - StartUpReg: SunJavaUpdateReg - hkey= - key= - File not found
MsConfig - StartUpReg: UfSeAgnt.exe - hkey= - key= - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/01/31 16:19:18 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/01/28 21:18:37 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/01/28 21:18:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/01/28 21:15:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/28 21:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/01/28 21:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/01/28 09:43:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/28 09:43:46 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/28 09:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/28 09:42:54 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe
[2010/01/28 09:33:43 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/01/26 17:35:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Antivirus
[2010/01/24 13:20:44 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/01/24 13:20:43 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/24 13:20:41 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/01/24 13:20:36 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/24 13:20:34 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/24 13:20:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/01/24 13:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/01/21 23:12:08 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/21 23:12:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/21 23:12:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/21 23:12:07 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/21 23:12:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/21 23:12:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/21 23:12:07 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/21 23:12:07 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/21 23:12:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/21 23:12:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/21 23:12:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/21 23:12:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/21 23:12:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/21 23:12:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/20 17:01:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\linksys docs
[2010/01/12 18:04:48 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/12 18:04:48 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

========== Files - Modified Within 30 Days ==========

[2010/01/31 16:21:32 | 003,932,160 | -HS- | M] () -- C:\Users\Owner\ntuser.dat
[2010/01/31 16:19:21 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/01/31 16:17:13 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/31 16:17:13 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/31 14:22:03 | 001,029,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/31 14:22:03 | 000,248,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/31 14:22:03 | 000,004,884 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/31 14:17:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/31 14:17:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/31 14:13:11 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/31 14:13:11 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/31 14:13:07 | 003,251,670 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/01/31 11:34:50 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
[2010/01/31 09:30:01 | 054,915,603 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/30 11:27:21 | 000,293,376 | ---- | M] () -- C:\Users\Owner\Desktop\gmer.exe
[2010/01/30 09:39:30 | 000,001,876 | ---- | M] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2010/01/29 20:42:42 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/01/29 03:00:03 | 000,001,700 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L7544C85F3EFA460E90F72BE4AB5E762B.job
[2010/01/28 21:18:29 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/01/28 21:15:56 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/01/28 18:02:20 | 000,018,432 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/28 09:43:52 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/28 09:33:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/01/28 09:33:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/28 09:33:43 | 000,002,855 | ---- | M] () -- C:\Users\Owner\Desktop\rkill - Shortcut.pif
[2010/01/28 05:06:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\21726.exe
[2010/01/28 04:46:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\5447.exe
[2010/01/28 04:26:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\19895.exe
[2010/01/28 04:06:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\19718.exe
[2010/01/28 03:46:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\18716.exe
[2010/01/28 03:26:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\17421.exe
[2010/01/28 03:06:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\12382.exe
[2010/01/28 02:46:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\292.exe
[2010/01/28 02:26:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\153.exe
[2010/01/28 02:06:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\3902.exe
[2010/01/28 01:46:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\14604.exe
[2010/01/28 01:26:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\32391.exe
[2010/01/28 01:06:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\5436.exe
[2010/01/28 00:46:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\4827.exe
[2010/01/28 00:26:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\11942.exe
[2010/01/28 00:06:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\2995.exe
[2010/01/27 23:46:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\491.exe
[2010/01/27 23:26:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\9961.exe
[2010/01/27 23:06:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\16827.exe
[2010/01/27 22:46:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\23281.exe
[2010/01/27 22:26:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\28145.exe
[2010/01/27 22:06:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\5705.exe
[2010/01/27 21:46:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\24464.exe
[2010/01/27 21:26:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\26962.exe
[2010/01/27 21:06:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\29358.exe
[2010/01/27 20:46:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\11478.exe
[2010/01/27 20:26:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\15724.exe
[2010/01/27 20:24:24 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe
[2010/01/27 20:06:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\19169.exe
[2010/01/27 19:46:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\26500.exe
[2010/01/27 19:26:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\6334.exe
[2010/01/27 19:06:27 | 000,000,000 | ---- | M] () -- C:\Windows\System32\18467.exe
[2010/01/27 18:34:30 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/01/27 17:05:48 | 000,000,667 | ---- | M] () -- C:\Users\Owner\Desktop\taskmgr - Shortcut.lnk
[2010/01/26 18:55:22 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2010/01/24 13:20:43 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/24 13:20:43 | 000,001,649 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/01/24 13:20:41 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/01/24 13:20:36 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/24 13:20:34 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/01/24 13:20:34 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/01/24 13:20:34 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/24 13:20:34 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/24 13:20:34 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/19 17:43:41 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/05 19:03:46 | 004,798,882 | ---- | M] () -- C:\Users\Owner\Documents\Koloski LPQ.dat
[2010/01/02 01:33:32 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/02 01:33:32 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/02 01:32:51 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/02 01:32:46 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/02 01:32:33 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/02 01:32:33 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/02 01:32:33 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/02 01:32:32 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/02 01:32:32 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/02 01:32:26 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/01 23:57:00 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/01 23:56:50 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/01 23:56:14 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/01 23:55:54 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files Created - No Company Name ==========

[2010/01/30 09:39:30 | 000,001,876 | ---- | C] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2010/01/28 22:17:34 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/01/28 21:15:56 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/01/28 17:50:14 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
[2010/01/28 09:43:52 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/28 09:33:58 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/01/28 09:33:58 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/01/28 09:33:43 | 000,002,855 | ---- | C] () -- C:\Users\Owner\Desktop\rkill - Shortcut.pif
[2010/01/28 05:06:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\21726.exe
[2010/01/28 04:46:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\5447.exe
[2010/01/28 04:26:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\19895.exe
[2010/01/28 04:06:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\19718.exe
[2010/01/28 03:46:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\18716.exe
[2010/01/28 03:26:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\17421.exe
[2010/01/28 03:06:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\12382.exe
[2010/01/28 02:46:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\292.exe
[2010/01/28 02:26:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\153.exe
[2010/01/28 02:06:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\3902.exe
[2010/01/28 01:46:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\14604.exe
[2010/01/27 17:05:48 | 000,000,667 | ---- | C] () -- C:\Users\Owner\Desktop\taskmgr - Shortcut.lnk
[2010/01/27 16:09:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\32391.exe
[2010/01/27 15:49:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\5436.exe
[2010/01/27 15:29:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\4827.exe
[2010/01/27 15:09:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\11942.exe
[2010/01/27 14:49:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\2995.exe
[2010/01/27 14:29:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\491.exe
[2010/01/27 14:09:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\9961.exe
[2010/01/27 13:49:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\16827.exe
[2010/01/27 13:29:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\23281.exe
[2010/01/27 13:09:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\28145.exe
[2010/01/27 12:49:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\5705.exe
[2010/01/27 12:29:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\24464.exe
[2010/01/27 12:09:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\26962.exe
[2010/01/27 11:49:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\29358.exe
[2010/01/27 11:29:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\11478.exe
[2010/01/27 11:09:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\15724.exe
[2010/01/27 10:49:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\19169.exe
[2010/01/27 10:29:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\26500.exe
[2010/01/27 08:38:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\6334.exe
[2010/01/26 19:55:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\18467.exe
[2010/01/24 13:20:43 | 000,001,649 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/01/24 13:20:34 | 054,915,603 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/24 13:20:34 | 006,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/01/24 13:20:34 | 000,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/01/24 13:20:34 | 000,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/24 13:20:34 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/05 19:03:45 | 004,798,882 | ---- | C] () -- C:\Users\Owner\Documents\Koloski LPQ.dat
[2009/08/18 14:33:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/02 13:30:04 | 000,031,088 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2009/02/23 06:57:28 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/10/09 17:18:51 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Jazz
[2008/10/09 17:18:51 | 000,000,268 | RH-- | C] () -- C:\Users\Owner\AppData\Roaming\Instrument Library
[2008/10/09 17:18:51 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008/10/09 17:18:51 | 000,000,012 | RH-- | C] () -- C:\ProgramData\LaserPrinter
[2008/01/02 19:46:09 | 000,018,432 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/25 08:28:15 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2007/08/23 07:51:12 | 000,002,825 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/08/23 07:38:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/08/23 07:25:09 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/08/23 07:25:09 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/05/14 07:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/25 12:31:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 12:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2004/03/26 09:56:40 | 000,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/31 14:17:07 | 000,000,892 | ---- | M] () -- C:\aaw7boot.log
[2007/08/23 08:01:29 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/08/23 08:10:25 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/08/09 12:53:34 | 000,000,164 | ---- | M] () -- C:\install.dat
[2010/01/28 09:33:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/01/15 20:24:27 | 000,000,428 | -H-- | M] () -- C:\IPH.PH
[2010/01/28 09:33:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/01/31 14:17:07 | 3534,303,232 | -HS- | M] () -- C:\pagefile.sys
[2008/08/09 12:45:23 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2008/08/09 12:45:23 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
[2008/08/27 17:09:58 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2008/07/27 12:03:51 | 000,000,158 | ---- | M] () -- C:\YServer.txt


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 03:05:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 03:05:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 03:05:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/04/02 13:30:04 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/02/02 13:46:42 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/09/21 08:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2008/01/15 20:24:26 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2009/01/23 21:14:45 | 000,000,000 | ---D | M] -- C:\Program Files\Almeza
[2008/08/04 17:42:22 | 000,000,000 | ---D | M] -- C:\Program Files\AskSBar
[2010/01/24 13:20:30 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/01/26 20:15:37 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/08/23 07:20:19 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2007/08/23 08:14:33 | 000,000,000 | ---D | M] -- C:\Program Files\earthlink totalaccess
[2008/05/03 14:39:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/08/23 08:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2007/12/25 12:49:07 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2007/08/23 07:51:02 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2009/03/03 09:07:31 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/08/23 07:40:19 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/01/27 03:00:12 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/08/23 08:04:03 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/09/03 18:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Kuma Games
[2010/01/28 21:15:37 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/01/28 09:43:52 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/10 14:04:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/01/23 03:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/01/22 19:52:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/01/20 17:50:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/10/16 02:02:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/01/22 19:52:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/09/02 07:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/01/31 16:18:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/03 09:28:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSECACHE
[2007/11/27 20:13:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/08/23 08:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2008/01/09 22:08:39 | 000,000,000 | ---D | M] -- C:\Program Files\MySpace
[2008/10/09 17:29:40 | 000,000,000 | ---D | M] -- C:\Program Files\Nikon
[2009/07/31 08:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2007/08/23 08:16:39 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/02/03 12:18:44 | 000,000,000 | ---D | M] -- C:\Program Files\Over
[2007/08/23 08:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2008/10/09 17:14:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/08/23 07:59:54 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/08/27 17:08:31 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/09/02 08:24:44 | 000,000,000 | ---D | M] -- C:\Program Files\Rhapsody
[2007/08/23 07:56:58 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2007/08/23 08:03:02 | 000,000,000 | ---D | M] -- C:\Program Files\Snapfish Picture Mover
[2010/01/30 09:39:29 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/01/15 20:23:34 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/03/03 13:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Webroot
[2009/09/02 07:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/09/02 07:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/09/02 07:34:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/03/03 09:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2009/09/02 07:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/01/13 03:02:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/28 16:07:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/09/02 07:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/26 03:22:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/09/02 07:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/01/29 00:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\WinPcap
[2009/03/03 09:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-27 08:00:13

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BootVerificationProgram /s >

< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug /s >
"UserDebuggerHotKey" = 0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\AutoExclusionList]
"DWM.exe" = 1

========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:507FBB4F
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >


Extras.Txt

OTL Extras logfile created on: 1/31/2010 4:23:17 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.04 Gb Total Space | 243.30 Gb Free Space | 84.17% Space Free | Partition Type: NTFS
Drive D: | 9.05 Gb Total Space | 1.26 Gb Free Space | 13.88% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 297.98 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3758282295-4290223519-2431552612-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0241D432-CCFE-4404-8612-0BDFEE48A5C5}" = lport=50995 | protocol=6 | dir=in | name=akamai netsession interface |
"{0DF1C974-4AA6-4F1E-8939-A984D82704E4}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{1290E55F-174D-4ECB-A910-D970DD8CA075}" = lport=9420 | protocol=6 | dir=in | name=akamai netsession interface |
"{1456A945-41AD-42A2-99B2-D812FFAAB470}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{14DEE5E8-5F93-4CB1-9B1D-06F95A63F23C}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{1836F6E4-259A-4CE6-A980-88BD45260F4C}" = lport=52728 | protocol=6 | dir=in | name=akamai netsession interface |
"{1B71ECFE-F1BE-43DC-B5B3-DDD28CD6B24F}" = lport=49157 | protocol=6 | dir=in | name=akamai netsession interface |
"{20406036-C4E9-4DE7-8F28-127866688CEA}" = lport=56990 | protocol=6 | dir=in | name=akamai netsession interface |
"{25D4E4BB-CFC7-451E-98EB-F8679589B36E}" = lport=55185 | protocol=6 | dir=in | name=akamai netsession interface |
"{27A02746-96A8-4682-ADA9-F23B79E121B0}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{27A04496-F734-4763-BB1C-A4BAAC4EB672}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{2A9F0611-A29B-4D9B-A2FF-149D2CDEB969}" = lport=49661 | protocol=6 | dir=in | name=akamai netsession interface |
"{2B72F5A6-7257-4791-B4DF-24432F06EDF7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{2DF2CF5F-F1EE-4ADF-99E5-F3F6DF4F4516}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{3130AC6C-CD8D-4C31-89E4-47B08F3706C1}" = lport=49171 | protocol=6 | dir=in | name=akamai netsession interface |
"{32587E7B-5A44-4150-8A0E-40E63F51F0F7}" = lport=50044 | protocol=6 | dir=in | name=akamai netsession interface |
"{3670EF2D-0C77-4FBE-B64E-F4FE52341B93}" = lport=49207 | protocol=6 | dir=in | name=akamai netsession interface |
"{3F9C49FA-2F76-4F10-B969-A9CF7A5CFF35}" = lport=49168 | protocol=6 | dir=in | name=akamai netsession interface |
"{41AD9AD1-539E-44C5-AE82-D303BE1AAB8E}" = lport=59627 | protocol=6 | dir=in | name=akamai netsession interface |
"{4C154F90-1F4A-48C2-8F79-20A8F86725D8}" = lport=53170 | protocol=6 | dir=in | name=akamai netsession interface |
"{4FBCD749-3FEE-41B9-92DE-DBB84549097E}" = lport=54162 | protocol=6 | dir=in | name=akamai netsession interface |
"{5EF99E04-13FD-4276-BB10-7B4E4FA55E1A}" = lport=49681 | protocol=6 | dir=in | name=akamai netsession interface |
"{6086F54F-D6C3-4B60-B12B-9C7869E056F9}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface |
"{6272151D-CF6A-4D24-86AB-B67C441860E5}" = lport=51891 | protocol=6 | dir=in | name=akamai netsession interface |
"{641F0D33-E5D5-4662-8A1D-FFB59CCA7B06}" = lport=50054 | protocol=6 | dir=in | name=akamai netsession interface |
"{643CCED9-3335-47A7-86FA-25E2A71E3EF4}" = lport=56179 | protocol=6 | dir=in | name=akamai netsession interface |
"{650A03D2-313F-4EC9-A69A-A67F7B962851}" = lport=50584 | protocol=6 | dir=in | name=akamai netsession interface |
"{68508964-2DE3-4B5F-ACB4-7E284B87EAFF}" = lport=52253 | protocol=6 | dir=in | name=akamai netsession interface |
"{6A6C52DD-A2F0-4908-B4CF-1A0B9DDA3B63}" = lport=52805 | protocol=6 | dir=in | name=akamai netsession interface |
"{6BDCBE3D-11E8-4929-9DD5-3C7113D81292}" = lport=9420 | protocol=6 | dir=in | name=akamai netsession interface |
"{6EDA511F-6A06-4DB7-A802-DC22E41B384F}" = lport=49682 | protocol=6 | dir=in | name=akamai netsession interface |
"{6FC2D11D-E05D-41D1-B821-7361A899FF16}" = lport=54145 | protocol=6 | dir=in | name=akamai netsession interface |
"{714646A4-0382-440A-BBD6-B5E52324CCD0}" = lport=59652 | protocol=6 | dir=in | name=akamai netsession interface |
"{7582075A-60D9-4167-8210-848E7CADD10B}" = lport=49174 | protocol=6 | dir=in | name=akamai netsession interface |
"{7CB735FA-67B2-42AE-8C0F-F03931AC2A33}" = lport=63737 | protocol=6 | dir=in | name=akamai netsession interface |
"{84D54EB1-1886-4849-8F54-B32A579D7634}" = lport=49175 | protocol=6 | dir=in | name=akamai netsession interface |
"{87DB51CC-CD37-4101-816C-40B7C347F2B6}" = lport=50037 | protocol=6 | dir=in | name=akamai netsession interface |
"{8E69E43E-EB1D-4DF4-9EB2-AF35175D3B55}" = lport=49207 | protocol=6 | dir=in | name=akamai netsession interface |
"{9135DDB7-8631-425C-9857-0DDBF902FBD6}" = lport=51079 | protocol=6 | dir=in | name=akamai netsession interface |
"{93070931-4651-46AD-B746-3375E84BE954}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{9680A592-7B51-40DD-89E9-7B63A20C6590}" = lport=50580 | protocol=6 | dir=in | name=akamai netsession interface |
"{9BABB693-4D3E-43D1-A56E-921B5BD72D16}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{A828BF4D-4738-4263-A35B-B961218792C3}" = lport=49664 | protocol=6 | dir=in | name=akamai netsession interface |
"{B7162FA7-A61D-4E54-A4D4-A1D6432EFEA4}" = lport=58879 | protocol=6 | dir=in | name=akamai netsession interface |
"{BA362B12-F198-429D-BCC4-DFE9F8768755}" = lport=55202 | protocol=6 | dir=in | name=akamai netsession interface |
"{CAC45828-1BEB-405A-ADCE-5F0FB0EE20CE}" = lport=64629 | protocol=6 | dir=in | name=akamai netsession interface |
"{CD54F9A1-AAF6-44C6-B9B4-BCE4C2F6927A}" = lport=50154 | protocol=6 | dir=in | name=akamai netsession interface |
"{CED41BBC-CF90-4C20-B452-87BF80D62BE7}" = lport=49157 | protocol=6 | dir=in | name=akamai netsession interface |
"{D67BAB9A-958C-4645-8BD0-1691D14196FB}" = lport=51021 | protocol=6 | dir=in | name=akamai netsession interface |
"{DB2A66DB-80E5-4950-A921-05EF8BD93056}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface |
"{DBA419D8-721F-4B65-A9A7-61AF411A3E70}" = lport=50050 | protocol=6 | dir=in | name=akamai netsession interface |
"{DCFB0311-69D4-4FD6-BBCA-2A50EB8494DE}" = lport=49470 | protocol=6 | dir=in | name=akamai netsession interface |
"{E11FA671-A6BE-430F-A753-40B13E6E44F0}" = lport=50397 | protocol=6 | dir=in | name=akamai netsession interface |
"{E7513FFC-80F0-49C1-9E20-A795127E75AE}" = lport=49193 | protocol=6 | dir=in | name=akamai netsession interface |
"{E8B1B842-71FB-4F7F-9CED-B560E778FC68}" = lport=51072 | protocol=6 | dir=in | name=akamai netsession interface |
"{EAE563BB-CA44-46D0-8676-E87C571BAC30}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{EB411166-20D7-4E1E-B7AE-B7E4FD667643}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface |
"{EB559A6E-D9BE-41BF-8622-830D77FCA2DF}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{EE2C886E-A7C1-4FCA-B034-ACF5DF6212BB}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{EE9FE057-B327-49DF-88F3-B7AFCCC4ABAD}" = lport=49172 | protocol=6 | dir=in | name=akamai netsession interface |
"{F4A7F270-66B6-499E-BFA1-3F6E5756B452}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{F4AF270B-F7A4-4BEF-8D9F-3C92797200C5}" = lport=52220 | protocol=6 | dir=in | name=akamai netsession interface |
"{F7B4B6C3-3638-4E6E-B5FA-E767998C4799}" = lport=49255 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011E587B-E51C-49BA-B14A-2DFF32D015B7}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{0678D8B9-D657-4C8D-8FA1-8BBE24EC10C1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0B35845D-A227-45A2-8A58-58FD7B62102E}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{0C5D768E-3EC7-451F-A12C-4EA322CF9D73}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0F7AAEF7-62B5-43A8-A277-8438166667DC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{1A013EAD-CAB1-4AA7-8900-B9E47E0716D2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{1ABBCBCB-6E09-471D-BE32-6971BC6DEBDA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{280FE1A3-3849-485B-80A7-0FD103E35CA2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3041B941-63CD-486A-968A-600DED330A10}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{30E72723-FDCA-461D-B20C-0346C56B343F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{32ACEB1E-D944-4C17-9341-3813FA77DD55}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{340C16FF-04A7-4645-9DEC-930CF285E933}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4CFC6B29-9EB2-4D9F-B7D7-860A3F971441}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5448DF4B-7068-49AE-9368-E2DAB0C4A9DE}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{85081B59-42E0-44F2-8877-F53B1D4758BE}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{92890800-14CA-4F71-BA84-AEDDE4231654}" = protocol=17 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{ACE91CA3-E5AE-4086-A8D0-23198E7B918A}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{B4BE37DE-6D46-4D45-BE85-E72399B51251}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B62A101A-BA0F-479A-AEF9-ACFAA394CB5D}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{B849DA94-D8C8-409F-91A6-56742B1AA2D2}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{D0995B3A-8EA9-4E31-932C-1BC9F0FC414C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D31692C9-2D81-4742-9251-51CFC3580674}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F0C86948-4532-4D91-BEFD-A7E5A06B52E1}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{F64D54EA-4003-46B8-9E84-214C96162E8F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{4BCEF171-95FA-4068-BB6B-428158FD13A9}C:\program files\myspace\im\myspaceim.exe" = protocol=6 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"TCP Query User{6C7A17ED-CA8B-4CE4-819C-AABEBC15E34D}C:\users\owner\appdata\local\xenocode\appliancecaches\kumaclient.exe_v60664c46\native\stubexe\@programfiles@\kuma games\kuma.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\xenocode\appliancecaches\kumaclient.exe_v60664c46\native\stubexe\@programfiles@\kuma games\kuma.exe |
"TCP Query User{988ECF2C-5B45-45D0-9F29-CE2A4B3A14E5}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{3F5FD793-65C3-43B2-9CB1-FCA56C7608EE}C:\users\owner\appdata\local\xenocode\appliancecaches\kumaclient.exe_v60664c46\native\stubexe\@programfiles@\kuma games\kuma.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\xenocode\appliancecaches\kumaclient.exe_v60664c46\native\stubexe\@programfiles@\kuma games\kuma.exe |
"UDP Query User{89CC9805-0B2B-4E3B-BD10-C4A7F8A2B4B3}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{C47AAC40-EB83-4DDC-8B99-214CE06C79DB}C:\program files\myspace\im\myspaceim.exe" = protocol=17 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}" = HP Total Care Advisor
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Webroot AntiVirus with AntiSpyware
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775B9052-3517-47FA-817D-1BB28363D43A}" = muvee autoProducer 6.0
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro AntiVirus
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{B6B69D92-6CD8-4086-8D1D-7945BDA4AE5A}" = F4100_Help
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9D88AF8-7B0A-4200-BFBC-7827A7535096}" = F4100_doccd
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8FED11D-3584-4a72-8B26-E0951B655797}" = F4100
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"AskSBar Uninstall" = Ask Toolbar
"AVG9Uninstall" = AVG Free 9.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Intel® Configuration Center" = Intel® Viiv™ Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MySpaceIM" = MySpaceIM
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PROSet" = Intel® Network Connections Drivers
"Rhapsody" = Rhapsody
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinPcapInst" = WinPcap 4.0
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2010 8:41:19 PM | Computer Name = Owner-PC | Source = Perflib | ID = 1010
Description =

Error - 1/26/2010 8:41:19 PM | Computer Name = Owner-PC | Source = Perflib | ID = 1008
Description =

Error - 1/26/2010 8:45:24 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/26/2010 8:49:37 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/26/2010 8:49:57 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/26/2010 9:20:17 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3012
Description =

Error - 1/26/2010 9:20:17 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3011
Description =

Error - 1/27/2010 10:07:11 AM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3012
Description =

Error - 1/27/2010 10:07:11 AM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3011
Description =

Error - 1/27/2010 10:28:43 AM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =

[ IntelDH Events ]
Error - 4/5/2009 4:27:32 PM | Computer Name = Owner-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 8/23/2009 5:44:26 PM | Computer Name = Owner-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 8/23/2009 5:44:26 PM | Computer Name = Owner-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 9/2/2009 9:16:10 AM | Computer Name = Owner-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 9/2/2009 9:16:10 AM | Computer Name = Owner-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 9/2/2009 9:27:13 AM | Computer Name = Owner-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 9/2/2009 9:27:13 AM | Computer Name = Owner-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 9/10/2009 11:17:00 AM | Computer Name = Owner-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 9/10/2009 11:17:00 AM | Computer Name = Owner-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 9/14/2009 9:28:33 AM | Computer Name = Owner-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

[ Media Center Events ]
Error - 5/31/2008 2:30:09 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/4/2008 9:59:49 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/6/2008 8:22:31 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 9:53:00 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/30/2009 12:14:56 AM | Computer Name = Owner-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/24/2009 10:23:29 PM | Computer Name = Owner-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/16/2009 7:54:02 PM | Computer Name = Owner-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/10/2009 11:08:40 AM | Computer Name = Owner-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 10/9/2009 5:07:33 PM | Computer Name = Owner-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 10/9/2009 5:07:35 PM | Computer Name = Owner-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 1/30/2010 1:19:40 PM | Computer Name = Owner-PC | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.

Error - 1/31/2010 3:03:34 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 45062
Description = CRT invalid display type

Error - 1/31/2010 3:08:43 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 45062
Description = CRT invalid display type

Error - 1/31/2010 3:09:16 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/31/2010 3:09:16 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/31/2010 3:13:08 PM | Computer Name = Owner-PC | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.

Error - 1/31/2010 3:17:10 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 45062
Description = CRT invalid display type

Error - 1/31/2010 3:17:33 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/31/2010 3:17:33 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/31/2010 5:21:12 PM | Computer Name = Owner-PC | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.


< End of report >


#11 whoover409

whoover409

    Member

  • Members
  • PipPip
  • 22 posts

Posted 01 February 2010 - 12:53 PM

I performed the maxlook instructions:


Run from C:\Users\Owner\Desktop\maxlook.exe on Mon 02/01/2010 at 6:48:23.56

No infected file found

Rogue configuration file = C:\Windows\system32\config\ttssiiai.sav



While it was running, a threat box popped up from AVG saying threat detected - C:\windows\maxdriver\kbdclass.sys.

#12 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 01 February 2010 - 01:31 PM

hi

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    &#58;Processes
    
    &#58;Services
    
    &#58;Reg
    
    
    &#58;Files
    C&#58;\Windows\System32\21726.exe
    C&#58;\Windows\System32\5447.exe
    C&#58;\Windows\System32\19895.exe
    C&#58;\Windows\System32\19718.exe
    C&#58;\Windows\System32\18716.exe
    C&#58;\Windows\System32\17421.exe
    C&#58;\Windows\System32\12382.exe
    C&#58;\Windows\System32\292.exe
    C&#58;\Windows\System32\153.exe
    C&#58;\Windows\System32\3902.exe
    C&#58;\Windows\System32\14604.exe
    C&#58;\Windows\System32\32391.exe
    C&#58;\Windows\System32\5436.exe
    C&#58;\Windows\System32\4827.exe
    C&#58;\Windows\System32\11942.exe
    C&#58;\Windows\System32\2995.exe
    C&#58;\Windows\System32\491.exe
    C&#58;\Windows\System32\9961.exe
    C&#58;\Windows\System32\16827.exe
    C&#58;\Windows\System32\23281.exe
    C&#58;\Windows\System32\28145.exe
    C&#58;\Windows\System32\5705.exe
    C&#58;\Windows\System32\24464.exe
    C&#58;\Windows\System32\26962.exe
    C&#58;\Windows\System32\29358.exe
    C&#58;\Windows\System32\11478.exe
    C&#58;\Windows\System32\15724.exe
    C&#58;\Windows\System32\19169.exe
    C&#58;\Windows\System32\26500.exe
    C&#58;\Windows\System32\6334.exe
    C&#58;\Windows\System32\18467.exe
    C&#58;\ProgramData\PKP_DLdu.DAT
    
    
    &#58;Commands
    &#91;purity&#93;
    &#91;resethosts&#93;
    &#91;emptytemp&#93;
    &#91;Reboot&#93;
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Open OTL click the none button, paste this in the custom scan box


/md5start
kbdclass.sys
/md5stop
C:\Windows\system32\config\*.sav


click run scan post that log
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#13 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 01 February 2010 - 01:37 PM

Also do this

Click Start > Run > type maxlook -sig > Click ok

Let the program run, post the log it gives you.
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#14 whoover409

whoover409

    Member

  • Members
  • PipPip
  • 22 posts

Posted 01 February 2010 - 02:57 PM

OTM:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\Windows\System32\21726.exe not found.
File/Folder C:\Windows\System32\5447.exe not found.
File/Folder C:\Windows\System32\19895.exe not found.
File/Folder C:\Windows\System32\19718.exe not found.
File/Folder C:\Windows\System32\18716.exe not found.
File/Folder C:\Windows\System32\17421.exe not found.
File/Folder C:\Windows\System32\12382.exe not found.
File/Folder C:\Windows\System32\292.exe not found.
File/Folder C:\Windows\System32\153.exe not found.
File/Folder C:\Windows\System32\3902.exe not found.
File/Folder C:\Windows\System32\14604.exe not found.
File/Folder C:\Windows\System32\32391.exe not found.
File/Folder C:\Windows\System32\5436.exe not found.
File/Folder C:\Windows\System32\4827.exe not found.
File/Folder C:\Windows\System32\11942.exe not found.
File/Folder C:\Windows\System32\2995.exe not found.
File/Folder C:\Windows\System32\491.exe not found.
File/Folder C:\Windows\System32\9961.exe not found.
File/Folder C:\Windows\System32\16827.exe not found.
File/Folder C:\Windows\System32\23281.exe not found.
File/Folder C:\Windows\System32\28145.exe not found.
File/Folder C:\Windows\System32\5705.exe not found.
File/Folder C:\Windows\System32\24464.exe not found.
File/Folder C:\Windows\System32\26962.exe not found.
File/Folder C:\Windows\System32\29358.exe not found.
File/Folder C:\Windows\System32\11478.exe not found.
File/Folder C:\Windows\System32\15724.exe not found.
File/Folder C:\Windows\System32\19169.exe not found.
File/Folder C:\Windows\System32\26500.exe not found.
File/Folder C:\Windows\System32\6334.exe not found.
File/Folder C:\Windows\System32\18467.exe not found.
File/Folder C:\ProgramData\PKP_DLdu.DAT not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

#15 whoover409

whoover409

    Member

  • Members
  • PipPip
  • 22 posts

Posted 01 February 2010 - 03:00 PM

OTL - which none button...there are several

Thanks :)

#16 whoover409

whoover409

    Member

  • Members
  • PipPip
  • 22 posts

Posted 01 February 2010 - 04:31 PM

K, cancel last question...clicked None button at top.

Results of OTL from last instruction:

OTL logfile created on: 2/1/2010 10:21:42 AM - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.04 Gb Total Space | 244.08 Gb Free Space | 84.44% Space Free | Partition Type: NTFS
Drive D: | 9.05 Gb Total Space | 1.26 Gb Free Space | 13.88% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 297.98 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========



< MD5 for: KBDCLASS.SYS >
[2006/11/02 04:49:57 | 000,032,872 | ---- | M] (Microsoft Corporation) MD5=1A48765F92BA1A88445FC25C9C9D94FC -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\kbdclass.sys
[2008/01/19 02:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=37605E0A8CF00CBBA538E753E4344C6E -- C:\Windows\System32\drivers\kbdclass.sys
[2008/01/19 02:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=37605E0A8CF00CBBA538E753E4344C6E -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdclass.sys
[2008/01/19 02:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=37605E0A8CF00CBBA538E753E4344C6E -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\kbdclass.sys
[2008/01/19 02:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=37605E0A8CF00CBBA538E753E4344C6E -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\kbdclass.sys
[2008/01/19 02:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=37605E0A8CF00CBBA538E753E4344C6E -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6002.18005_none_9939e6e4d61ab7ca\kbdclass.sys
[2008/02/13 03:08:59 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=B076B2AB806B3F696DAB21375389101C -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\kbdclass.sys
[2008/02/13 03:08:59 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=B076B2AB806B3F696DAB21375389101C -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\kbdclass.sys
[2008/02/13 03:08:58 | 000,035,384 | ---- | M] (Microsoft Corporation) MD5=C9B0CF786D5F151A43C7BE8E243F2819 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\kbdclass.sys
[2008/01/19 02:41:52 | 000,035,384 | ---- | M] () Unable to obtain MD5 -- C:\Windows\maxdriver\kbdclass.sys

< C:\Windows\system32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
[2010/02/01 08:48:53 | 016,777,216 | -HS- | M] () -- C:\Windows\System32\config\ttssiiai.sav
< End of report >

#17 whoover409

whoover409

    Member

  • Members
  • PipPip
  • 22 posts

Posted 01 February 2010 - 04:34 PM

BTW...When performing the last OTL, an AVG warning box came up - C:\Windows\maxdriver\dbdclass.sys.

#18 whoover409

whoover409

    Member

  • Members
  • PipPip
  • 22 posts

Posted 01 February 2010 - 04:39 PM

When performing maxlook -sig, another AVG warning window came up - C:\Windows\maxdriver\kbdclass.sys - I clicked X

Results from maxlook -sig:

Run from C:\Users\Owner\Desktop\maxlook.exe on Mon 02/01/2010 at 10:37:07.88

--------- maxlook unsigned files ---------

c:\windows\maxdriver\cdr4_xp.sys:
Verified: Unsigned
File date: 5:00 AM 10/18/2006
Publisher: Sonic Solutions
Description: CDR4 CD and DVD Place Holder Driver (see PxHelp)
Product: Drag-to-Disc
Version: 8.0.0.212
File version: 8.0.0.212
c:\windows\maxdriver\cdralw2k.sys:
Verified: Unsigned
File date: 5:00 AM 10/18/2006
Publisher: Sonic Solutions
Description: CDRAL Place Holder Driver (see PxHelp)
Product: Drag-to-Disc
Version: 8.0.0.212
File version: 8.0.0.212
c:\windows\maxdriver\HSXHWBS2.sys:
Verified: Unsigned
File date: 12:05 PM 5/8/2008
Publisher: Conexant Systems, Inc.
Description: HSF_HWB2 WDM driver
Product: SoftK56 Modem Driver
Version: 7.74.00
File version: 7.74.00 built by: WinDDK
c:\windows\maxdriver\HSX_CNXT.sys:
Verified: Unsigned
File date: 12:04 PM 5/8/2008
Publisher: Conexant Systems, Inc.
Description: HSF_CNXT driver
Product: SoftK56 Modem Driver
Version: 7.74.00
File version: 7.74.00 built by: WinDDK
c:\windows\maxdriver\HSX_DP.sys:
Verified: Unsigned
File date: 12:03 PM 5/8/2008
Publisher: Conexant Systems, Inc.
Description: HSF_DP driver
Product: SoftK56 Modem Driver
Version: 7.74.00
File version: 7.74.00 built by: WinDDK
Verified: Invalid Signature
Signing date: 2:41 AM 1/19/2008
Publisher: n/a
Description: n/a
Product: n/a
Version: n/a
File version: n/a
c:\windows\maxdriver\XAudio.sys:
Verified: Unsigned
File date: 2:36 PM 10/18/2007
Publisher: Conexant Systems, Inc.
Description: Modem Audio Device Driver
Product: SoftK56 Modem Driver
Version: 1.00.15.00
File version: 1.00.15.00 built by: WinDDK

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\cdr4_xp.sys:
Verified: Unsigned
File date: 5:00 AM 10/18/2006
Publisher: Sonic Solutions
Description: CDR4 CD and DVD Place Holder Driver (see PxHelp)
Product: Drag-to-Disc
Version: 8.0.0.212
File version: 8.0.0.212
c:\windows\system32\drivers\cdralw2k.sys:
Verified: Unsigned
File date: 5:00 AM 10/18/2006
Publisher: Sonic Solutions
Description: CDRAL Place Holder Driver (see PxHelp)
Product: Drag-to-Disc
Version: 8.0.0.212
File version: 8.0.0.212
c:\windows\system32\drivers\HSXHWBS2.sys:
Verified: Unsigned
File date: 12:05 PM 5/8/2008
Publisher: Conexant Systems, Inc.
Description: HSF_HWB2 WDM driver
Product: SoftK56 Modem Driver
Version: 7.74.00
File version: 7.74.00 built by: WinDDK
c:\windows\system32\drivers\HSX_CNXT.sys:
Verified: Unsigned
File date: 12:04 PM 5/8/2008
Publisher: Conexant Systems, Inc.
Description: HSF_CNXT driver
Product: SoftK56 Modem Driver
Version: 7.74.00
File version: 7.74.00 built by: WinDDK
c:\windows\system32\drivers\HSX_DP.sys:
Verified: Unsigned
File date: 12:03 PM 5/8/2008
Publisher: Conexant Systems, Inc.
Description: HSF_DP driver
Product: SoftK56 Modem Driver
Version: 7.74.00
File version: 7.74.00 built by: WinDDK
c:\windows\system32\drivers\XAudio.sys:
Verified: Unsigned
File date: 2:36 PM 10/18/2007
Publisher: Conexant Systems, Inc.
Description: Modem Audio Device Driver
Product: SoftK56 Modem Driver
Version: 1.00.15.00
File version: 1.00.15.00 built by: WinDDK


Rogue configuration file = C:\Windows\system32\config\ttssiiai.sav

#19 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 01 February 2010 - 05:01 PM

hold on tight while I create a fix

don't let AVG remove anything to be safe
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here

#20 Rorschach112

Rorschach112

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 2180 posts

Posted 02 February 2010 - 02:16 PM

hi

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the Avenger folder to your desktop
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here&#58;
Files to move&#58;
C&#58;\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdclass.sys | C&#58;\Windows\System32\drivers\kbdclass.sys 
Files to delete&#58;
C&#58;\Windows\System32\config\ttssiiai.sav

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply
By the power of truth, I, while living, have conquered the universe.

~Scratch~

My help is always free, but if you want to donate to help me continue my fight against malware then click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users