Solved Computer taken over by virus

I'd be glad to do that for you but I cannot get an internet connection in normal mode except for a very few sites, however Outlook Express is handling e-mail quite nicely. I need to download an Anti Virus program but cannot do that.

Any suggestions?

I'll do the GMER thing in the morning, I gotta get some rest.

 

The text that you have entered is too long (72393 characters). Please shorten it to 55000 characters long.

The above is the error message I get when trying to post the entire GMER
log in one piece. Is there a way to work around this problem. It is very difficult, for me, in Safe Mode, to split the log into two pieces which is what I tried to do with the previous posting of it that you found unacceptable.

I have tried to paste the log into Microsoft Word but that doesn't seem to work for me.

I still cannot work in Normal Mode as VERY FEW websites are available so it appears the Malware, that caused me to make this post in the first place, is still with me.

I await your further advice.

 

GMER Log - Page 1

Log
---- System - GMER 1.0.8 ----SSDT 8182860A ZwEnumerateKeySSDT 818298B6 ZwQueryDirectoryFile---- Devices - GMER 1.0.8 ----Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 81828CEEDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 81828CEEDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 81828CEEDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 81828CEEDevice \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 81828CEE---- Services - GMER 1.0.8 ----Service D:\WINDOWS\System32\DRIVERS\sysbus32.sys (*** hidden *** ) [AUTO] sysbus32---- Registry - GMER 1.0.8 ----Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@Type 1Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ErrorControl 1Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@Start 2Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ImagePath System32\DRIVERS\sysbus32.sysReg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32@ExtParam 0xF1 0x15 0x28 0xD4 ...Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@Type 1Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ErrorControl 1Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@Start 2Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ImagePath System32\DRIVERS\sysbus32.sysReg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32@ExtParam 0xF1 0x15 0x28 0xD4 ...Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@Type 1Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ErrorControl 1Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@Start 2Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ImagePath System32\DRIVERS\sysbus32.sysReg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32@ExtParam 0xF1 0x15 0x28 0xD4 ...---- Files - GMER 1.0.8 ----File D:\WINDOWS\system32\drivers\sysbus32.sys
---- System - GMER 1.0.7 ----SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwCreateProcessSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwCreateProcessExSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwOpenProcessSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwOpenThreadSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwQueryDirectoryFileSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwQuerySystemInformation---- Processes - GMER 1.0.7 ----Process explorer.exe (*** hidden *** ) 1596File D:\WINDOWS\system32\avpe32.dll File D:\WINDOWS\system32\drivers\avpe64.sys File D:\WINDOWS\system32\klgcptini.dat File D:\WINDOWS\system32\stt82.ini
---- System - GMER 1.0.6 ----SSDT 81F7FA16 ZwEnumerateKeySSDT 81F7FABA ZwEnumerateValueKeySSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys ZwOpenProcessSSDT 81F7F532 ZwQueryDirectoryFile---- Devices - GMER 1.0.6 ----Device \Driver\Tcpip IRP_MJ_CREATE 81F8057ADevice \Driver\i386p IRP_MJ_CREATE 81F7F3A4File C:\99e21c81d36497c0228b\data\EURGEOM.DAT File C:\99e21c81d36497c0228b\data\EURROUTE.DAT File C:\99e21c81d36497c0228b\data\EURROUTE.DCT File C:\99e21c81d36497c0228b\data\EURROUTE.VLF File C:\99e21c81d36497c0228b\data\EUR_HD.MAD File C:\99e21c81d36497c0228b\data\MSCREATE.DIR File C:\99e21c81d36497c0228b\sp1\spmsg.dll File C:\99e21c81d36497c0228b\sp1\spuninst.exe File C:\99e21c81d36497c0228b\sp1\update File C:\99e21c81d36497c0228b\sp1\update\eula.txt File C:\99e21c81d36497c0228b\sp1\update\spcustom.dll File C:\99e21c81d36497c0228b\sp1\update\update.exe File C:\99e21c81d36497c0228b\sp2\spmsg.dll File C:\99e21c81d36497c0228b\sp2\spuninst.exe File C:\99e21c81d36497c0228b\sp2\update File C:\99e21c81d36497c0228b\sp2\update\eula.txt File C:\99e21c81d36497c0228b\sp2\update\spcustom.dll File C:\99e21c81d36497c0228b\sp2\update\update.exe File C:\99e21c81d36497c0228b\system\AM70407.DLL File C:\99e21c81d36497c0228b\system\AUTOMAP7.EXE File C:\99e21c81d36497c0228b\system\EUR70407.CHM File C:\99e21c81d36497c0228b\system\EUR70407.DLL File C:\99e21c81d36497c0228b\system\EUR70407.HLP File C:\99e21c81d36497c0228b\system\MSCREATE.DIR File C:\99e21c81d36497c0228b\system\MVUT21N.DLL
---- System - GMER 1.0.6 ----SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwEnumerateKeySSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwEnumerateValueKeySSDT \SystemRoot\system32\DRIVERS\netpt.sys ZwOpenProcessSSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwQueryDirectoryFileSSDT \SystemRoot\system32\DRIVERS\netpt.sys ZwQuerySystemInformation---- Devices - GMER 1.0.6 ----Device \Driver\Tcpip IRP_MJ_CREATE isa32.sysDevice \Driver\Tcpip IRP_MJ_CLOSEIRP_MJ_READ isa32.sysDevice \Driver\Tcpip IRP_MJ_INTERNAL_DEVICE_CONTROL isa32.sys---- Processes - GMER 1.0.6 ----Process svchost.exe (*** hidden *** ) 828Process perfont.exe (*** hidden *** ) 1276File C:\WINDOWS\system32\drivers\isa32.sys File C:\WINDOWS\system32\main6.exe File C:\WINDOWS\Prefetch\MAIN6.EXE-2CC0C9E7.pf
GMER 1.0.9.8110 - http://www.gmer.netWindows 5.1.2600 Service Pack 2---- System - GMER 1.0.9 ----SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwCreateProcess <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwCreateProcessEx <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwQueryDirectoryFile <-- ROOTKIT !!!---- Processes - GMER 1.0.9 ----Process ogolrs.exe (*** hidden *** ) 1928 <-- ROOTKIT !!!Process epfpr.exe (*** hidden *** ) 1972 <-- ROOTKIT !!!Process epfpr.exe (*** hidden *** ) 2032 <-- ROOTKIT !!!Process epfpr.exe (*** hidden *** ) 2040 <-- ROOTKIT !!!---- Registry - GMER 1.0.9 ----Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@nxsdrq C:\WINDOWS\system32\ogolrs.exe reg_runReg \Registry\USER\S-1-5-21-2000478354-764733703-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Run@kuaes C:\WINDOWS\system32\ogolrs.exe reg_run---- Files - GMER 1.0.9 ----File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gobmx.exe File C:\WINDOWS\mcusi.dll File C:\WINDOWS\system32\epfpr.exe File C:\WINDOWS\system32\ogolrs.exe File C:\WINDOWS\system32\plmtcxj.exe File C:\WINDOWS\system32\unolibu.dll File C:\WINDOWS\system32\zopenssl.dll File C:\WINDOWS\system32\zopenssld.sys <-- ROOTKIT !!!---- Services - GMER 1.0.9 ----Service C:\WINDOWS\system32\zopenssld.sys [SYSTEM] zopenssld <-- ROOTKIT !!!---- EOF - GMER 1.0.9 ----
GMER 1.0.10.9819 - http://www.gmer.netRootkit 2006-05-04 18:30:25Windows 5.1.2600 Dodatek Service Pack 2---- Processes - GMER 1.0.10 ----Process C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) 3004 <-- ROOTKIT !!!Library C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) @ C:\WINDOWS\system32\VT100.EXE [3004] 0x00400000 <-- ROOTKIT !!!---- Registry - GMER 1.0.10 ----Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@VT100 Emulator C:\WINDOWS\system32\VT100.EXE---- Files - GMER 1.0.10 ----File C:\WINDOWS\system32\VT100.EXE---- EOF - GMER 1.0.10 ----
GMER 1.0.9.8110 - http://www.gmer.netWindows 5.1.2600 Dodatek Service Pack. 1---- System - GMER 1.0.9 ----SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwCreateFile <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwEnumerateKey <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwEnumerateValueKey <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQueryDirectoryFile <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQueryKey <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQuerySystemInformation <-- ROOTKIT !!!---- Processes - GMER 1.0.9 ----Process wintems.exe (*** hidden *** ) 1656 <-- ROOTKIT !!!---- Registry - GMER 1.0.9 ----Reg \\Registry\\USER\\S-1-5-21-839522115-1303643608-725345543-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Run@german.exe C:\\WINDOWS\\System32\\wintems.exeReg \\Registry\\USER\\S-1-5-21-839522115-1303643608-725345543-500\\Software\\Microsoft\\Windows\\CurrentVersion\\Run@drvsyskit C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\hidr.exe---- Files - GMER 1.0.9 ----File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidiresFile C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\hidr.exeFile C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys <-- ROOTKIT !!!File C:\\WINDOWS\\system32\\wintems.exe---- Services - GMER 1.0.9 ----Service C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys [MANUAL] m_hook <-- ROOTKIT !!!---- EOF - GMER 1.0.9 ----
GMER 1.0.9.8110 - http://www.gmer.netWindows 5.1.2600 Dodatek Service Pack. 1---- System - GMER 1.0.9 ----SSDT \SystemRoot\System32\drivers\klif.sys ZwCloseSSDT d347bus.sys ZwCreateKeySSDT d347bus.sys ZwCreatePagingFileSSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessSSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessExSSDT \SystemRoot\System32\drivers\klif.sys ZwCreateSectionSSDT \SystemRoot\System32\drivers\klif.sys ZwCreateThreadSSDT d347bus.sys ZwEnumerateKeySSDT d347bus.sys ZwEnumerateValueKeySSDT kl1.sys ZwOpenFileSSDT d347bus.sys ZwOpenKeySSDT \SystemRoot\System32\drivers\klif.sys ZwOpenProcessSSDT \SystemRoot\System32\drivers\klif.sys ZwQueryInformationFileSSDT d347bus.sys ZwQueryKeySSDT \SystemRoot\System32\drivers\klif.sys ZwQuerySystemInformationSSDT d347bus.sys ZwQueryValueKeySSDT \SystemRoot\System32\drivers\klif.sys ZwResumeThreadSSDT \SystemRoot\System32\drivers\klif.sys ZwSetInformationProcessSSDT d347bus.sys ZwSetSystemPowerStateSSDT \SystemRoot\System32\drivers\klif.sys ZwSuspendThreadSSDT \SystemRoot\System32\drivers\klif.sys ZwTerminateProcessSSDT \SystemRoot\System32\drivers\klif.sys SSDT[284]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[285]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[286]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[287]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[288]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[289]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[290]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[291]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[292]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[293]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[294]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[295]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[296]---- Devices - GMER 1.0.9 ----Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_CREATE [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_CLOSEIRP_MJ_READ [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_WRITE [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_QUERY_INFORMATION [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_INTERNAL_DEVICE_CONTROL [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_SHUTDOWN [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_SYSTEM_CONTROL [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_DEVICE_CHANGE [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_PNP_POWER [F865776A] HIDCLASS.SYSDevice \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 81EDBB50Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP_POWER 82113F00Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 81EDBB50Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\adpsSvc \Device\perRAME IRP_MJ_CREATE 81C721E7Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 82147AD8---- Processes - GMER 1.0.9 ----Process UXTAKSIE.EXE (*** hidden *** ) 1208 <-- ROOTKIT !!!Process ADSPTSVC.EXE (*** hidden *** ) 1216 <-- ROOTKIT !!!---- Modules - GMER 1.0.9 ----Module _________ F846A000---- Services - GMER 1.0.9 ----Service C:\WINDOWS\System32\drivers\drmpdate.sys (*** hidden *** ) [SYSTEM] adpsSvc <-- ROOTKIT !!!---- Registry - GMER 1.0.9 ----Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCICReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Device \\.\perRAMEReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverPath C:\WINDOWS\System32\drivers\drmpdate.sysReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverName adpsSvcReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@HideUninstallerName C:\Program Files\Inturacy\lzedw400.exeReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerPath C:\WINDOWS\System32\qosccr32.exeReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerRegKey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?965B0857-18E7-45F1-BC59-D59CE7AFA7D4?Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerParams /CTUNReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@HDll C:\WINDOWS\System32\dxdstyle.dllReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ServerAddress adchannel.contextplus.netReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@LegalNote http://adchannel.contextplus.net/legal-note/nonbranded.htmlReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@PartnerId CP.IST2Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@InstallationId ?X613cfc5-155c-47f2-44fb-b8bd7a7e0703?Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@PageFiltering 1Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ClientName C:\Program Files\Inturacy\uxtaksie.exeReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@AutoUpdater C:\WINDOWS\System32\adsptsvc.exeReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Version 2.0.131Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@CrMnTmt 3600000Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@NxRestTm 2006:03:25-14:32:01:192Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@LastAURestoreMsgTS 2006:03:25-13:32:01:442Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCICReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Device \\.\perRAMEReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverPath C:\WINDOWS\System32\drivers\drmpdate.sysReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverName adpsSvcReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@HideUninstallerName C:\Program Files\Inturacy\lzedw400.exeReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerPath C:\WINDOWS\System32\qosccr32.exeReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerRegKey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?965B0857-18E7-45F1-BC59-D59CE7AFA7D4?Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@UninstallerParams /CTUNReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@HDll C:\WINDOWS\System32\dxdstyle.dllReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ServerAddress adchannel.contextplus.netReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@LegalNote http://adchannel.contextplus.net/legal-note/nonbranded.htmlReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@PartnerId CP.IST2Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@InstallationId ?X613cfc5-155c-47f2-44fb-b8bd7a7e0703?Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@PageFiltering 1Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ClientName C:\Program Files\Inturacy\uxtaksie.exeReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@AutoUpdater C:\WINDOWS\System32\adsptsvc.exeReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Version 2.0.131Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@CrMnTmt 3600000Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@NxRestTm 2006:03:25-14:32:01:192Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@LastAURestoreMsgTS 2006:03:25-13:32:01:442Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm\AU2 Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@ y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCICReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@Device \\.\perRAMEReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverPath C:\WINDOWS\System32\drivers\drmpdate.sysReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm@DriverName

 

GMER Log - Page 2
ivdmt16.sys winlow.sys GMER 1.0.9.8110 - http://www.gmer.net
Windows 5.1.2600


---- System - GMER 1.0.9 ----

SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwCreateProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwCreateProcessEx <-- ROOTKIT !!!
SSDT FF7B1820 ZwEnumerateKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenKey
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwOpenProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
SSDT a347bus.sys ZwQueryKey
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwQuerySystemInformation <-- ROOTKIT !!!
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState

---- Services - GMER 1.0.9 ----

Service C:\WINDOWS\System32\Drivers\sysbus32.sys (*** hidden *** ) [AUTO] sysbus32 <-- ROOTKIT !!!

---- Files - GMER 1.0.9 ----

File C:\!KillBox\drct16.dll
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\WINDOWS\system32\cz.dll
File C:\WINDOWS\system32\drct16.dll
File C:\WINDOWS\system32\fltr.a3d
File C:\WINDOWS\system32\hz.sys
File C:\WINDOWS\system32\i.a3d
File C:\WINDOWS\system32\klogini.dll
File C:\WINDOWS\system32\mszx23.exe
File C:\WINDOWS\system32\p2.ini
File C:\WINDOWS\system32\redir.a3d
File C:\WINDOWS\system32\tnfl.a3d
File C:\WINDOWS\system32\vdmt16.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\winlow.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\wz.sys
File D:\System Volume Information\tracking.log

---- Services - GMER 1.0.9 ----

Service C:\WINDOWS\System32\vdmt16.sys [SYSTEM] vdmt16 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\winlow.sys [AUTO] winlow <-- ROOTKIT !!!

---- EOF - GMER 1.0.9 ----



imaslip.sys GMER 1.0.9.8110 - {http://www.gmer.net}
Windows 5.1.2600 Dodatek Service Pack 2


---- Devices - GMER 1.0.9 ----

Device \Driver\Volvice \Device\aswtMgr IRP_MJ_CREATE 81BBB8C3
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1950828
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E100D390

---- Processes - GMER 1.0.9 ----

Process msvcji32.exe (*** hidden *** ) 1480 <-- ROOTKIT !!!
Process lsacap32.exe (*** hidden *** ) 1488 <-- ROOTKIT !!!

---- Files - GMER 1.0.9 ----

File C:\WINDOWS\system32\drivers\imaslip.sys
File C:\WINDOWS\system32\lsacap32.exe

---- EOF - GMER 1.0.9 ----



alco8drv.sys GMER 1.0.9.8110 - http://www.gmer.net
Windows 5.1.2600 Dodatek Service Pack 2


---- System - GMER 1.0.9 ----


---- Devices - GMER 1.0.9 ----

Device \Driver\WmiDisk \Device\G69uQQGr IRP_MJ_CREATE 83E50A11

---- Processes - GMER 1.0.9 ----

Process synbdusx.exe (*** hidden *** ) 1848 <-- ROOTKIT !!!

---- Files - GMER 1.0.9 ----

File C:\WINDOWS\system32\drivers\alco8drv.sys
File C:\WINDOWS\system32\synbdusx.exe

---- EOF - GMER 1.0.9 ----


xdudmm.sys
xdudtt.dll GMER 1.0.10.10108 - http://www.gmer.net
Rootkit 2006-05-24 00:29:02
Windows 5.1.2600


---- System - GMER 1.0.10 ----

SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwCreateProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwCreateProcessEx <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwOpenProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwOpenThread <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwQuerySystemInformation <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F88DF300] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [F88DF520] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DF610] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F88DF640] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F88DF300] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [F88DF520] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DF610] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F88DF640] wpsdrvnt.sys
---- Processes - GMER 1.0.10 ----

Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Apache Group\Apache2\bin\Apache.exe [244] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [300] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\nvsvc32.exe [308] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe [332] 0x00E50000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe [492] 0x00950000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [572] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\RECYCLER\lsass.exe [600] 0x10000000 <-- ROOTKIT !!!

Process C:\WINDOWS\SYSTEM32\winlogon.exe (*** hidden *** ) 796 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\SYSTEM32\winlogon.exe [796] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [1636] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [1696] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\system32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1820] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Apache Group\Apache2\bin\Apache.exe [1956] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\GEARSec.exe [1996] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2024] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE [2388] 0x00C00000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe [2412] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Winamp\winamp.exe [2556] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\QuickTime\qttask.exe [2616] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2656] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\wccx.exe [2796] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\d13a4e75.exe [2804] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\SpeedFan\speedfan.exe [3080] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [3084] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\rundll32.exe [3212] 0x00950000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Canon\CAL\CALMAIN.exe [3564] 0x10000000 <-- ROOTKIT !!!

Process C:\WINDOWS\explorer.exe (*** hidden *** ) 3808 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [3808] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [4196] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\PowerArchiver\POWERARC.EXE [4836] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Gadu-Gadu\gg.exe [5140] 0x00D00000 <-- ROOTKIT !!!
Library C:\WINDOWS\system32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\system32\notepad.exe [5400] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\_PA459\gmer.exe [6008] 0x10000000 <-- ROOTKIT !!!

---- Services - GMER 1.0.10 ----

Service C:\WINDOWS\System32\xdudmm.sys (*** hidden *** ) [SYSTEM] xdudmm <-- ROOTKIT !!!
Service C:\WINDOWS\System32\xdudmm.sys (*** hidden *** ) [AUTO] xdudtt <-- ROOTKIT !!!

---- EOF - GMER 1.0.10 ----



pe386 GMER 1.0.10.10108 - http://www.gmer.net
Rootkit 2006-05-25 14:32:07
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.10 ----


SYSENTER ? 00810005

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 81732520
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 817310C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 817310C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 817310C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 817310C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 817310C0

---- Services - GMER 1.0.10 ----

Service D:\WINDOWS\System32:18467 (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!

---- EOF - GMER 1.0.10 ----


Gromozon Rootkit GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-31 14:25:26
Windows 5.1.2600 Service Pack 2

---- Processes - GMER 1.0.10 ----

Library C:\WINDOWS\mdoom1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [2500] 0x01F20000 <-- ROOTKIT !!!
Library C:\WINDOWS\mdoom1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [4036] 0x01F20000 <-- ROOTKIT !!!

---- Files - GMER 1.0.10 ----

File C:\WINDOWS\mdoom1.dll
File C:\WINDOWS\system32\lpt4.hzq

---- EOF - GMER 1.0.10 ----


GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-31 14:27:47
Windows 5.1.2600 Service Pack 2

...

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\system32\lpt4.hzq

...

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
SrvXdx /*SrvXdx*/@ = "C:\Programmi\File comuni\System\mfxS.exe"

...

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{D4ED03F3-6672-F05B-77C2-859151625148}C:\WINDOWS\mdoom1.dll = C:\WINDOWS\mdoom1.dll

...


---- EOF - GMER 1.0.10 ----


lzx32 GMER 1.0.11.11310 - http://www.gmer.net
Rootkit 2006-09-14 09:31:21
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SYSENTER ? F60FDFAF

---- Modules - GMER 1.0.11 ----

Module (noname) (*** hidden *** ) F60F9000

---- Threads - GMER 1.0.11 ----

Thread 4:1224 F60FC08A

---- Services - GMER 1.0.11 ----

Service D:\WINDOWS\system32:lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!

---- Files - GMER 1.0.11 ----

ADS D:\WINDOWS\system32:lzx32.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.11 ----


wincom32.sys GMER 1.0.12.12012 - http://www.gmer.net
Rootkit scan 2007-02-04 13:46:33
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwEnumerateKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwEnumerateValueKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwQueryDirectoryFile <-- ROOTKIT !!!

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 009B083C
.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 009B07B6
.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009B05E4
.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009B045D
.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 009B0505
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 011E083C
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 011E07B6
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 011E05E4
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 011E045D
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 011E0505
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E1083C
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E107B6
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E105E4
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E1045D
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E10505
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A1083C
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A107B6
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A105E4
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A1045D
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A10505
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00D0083C
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D007B6
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D005E4
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D0045D
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D00505
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 008E083C
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 008E07B6
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 008E05E4
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008E045D
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 008E0505
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0196083C
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 019607B6
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 019605E4
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0196045D
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01960505
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0077083C
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 007707B6
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 007705E4
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0077045D
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00770505
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A4083C
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A407B6
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A405E4
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A4045D
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A40505
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00DB083C
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00DB07B6
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DB05E4
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DB045D
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00DB0505
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E3083C
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E307B6
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E305E4
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E3045D
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E30505
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys

---- Processes - GMER 1.0.12 ----

Process C:\WINDOWS\system32\taskdir.exe (*** hidden *** ) 1248

---- Services - GMER 1.0.12 ----

Service C:\WINDOWS\system32\wincom32.sys (*** hidden *** ) [AUTO] wincom32 <-- ROOTKIT !!!

---- Files - GMER 1.0.12 ----

File C:\WINDOWS\Prefetch\TASKDIR.EXE-02B5617A.pf
File C:\WINDOWS\system32\adir.dll
File C:\WINDOWS\system32\adirss.exe
File C:\WINDOWS\system32\taskdir.exe
File C:\WINDOWS\system32\wincom32.ini
File C:\WINDOWS\system32\wincom32.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\WindowsLogon.manifest

---- EOF - GMER 1.0.12 ----


VideoAti0.sys GMER 1.0.12.12070 - http://www.gmer.net
Rootkit scan 2007-02-26 15:38:06
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.12 ----

PAGE ntoskrnl.exe!ZwQueryKey + 201 8056F674 6 Bytes PUSH FC8152D4; RET
? C:\WINDOWS\system32\drivers\Ntfs.sys Access denied.

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE FC814E94
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL FC815084
Device \Driver\VideoAti0 \Device\VideoAti0 IRP_MJ_CREATE FC8144AC
Device \Driver\VideoAti0 \Device\VideoAti0 IRP_MJ_CLOSE FC8144AC

---- Modules - GMER 1.0.12 ----

Module \SystemRoot\System32\drivers\VideoAti0.sys (*** hidden *** ) FC814000

---- Files - GMER 1.0.12 ----

File C:\WINDOWS\system32\drivers\VideoAti0.sys
File C:\WINDOWS\system32\VideoAti0.dll
File C:\WINDOWS\system32\VideoAti0.exe

---- EOF - GMER 1.0.12 ----


RioDrvs.sys GMER 1.0.13.12482 - http://www.gmer.net
Rootkit scan 2007-06-15 08:55:07
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \WINDOWS\system32\ntkrnlpa.exe [805460D8] PUSH F7912914; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwClose
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460D8] ZwClose
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460EA] PUSH F79133AA; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwDeleteKey
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460EA] ZwDeleteKey
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460F0] PUSH F7913432; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwDeleteValueKey
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460F0] ZwDeleteValueKey
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460D2] PUSH F7912888; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwEnumerateKey
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460D2] ZwEnumerateKey
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460CC] PUSH F7913140; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwLoadDriver
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460CC] ZwLoadDriver
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460DE] PUSH F7912A40; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwQueryDirectoryFile
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460DE] ZwQueryDirectoryFile
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460E4] PUSH F7913320; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwSaveKey
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460E4] ZwSaveKey

---- Processes - GMER 1.0.13 ----

Library C:\WINDOWS\LINKINFO.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1932] 0x10000000
Library C:\WINDOWS\system32\linkinfo.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1932] 0x76960000

---- Files - GMER 1.0.13 ----

File C:\WINDOWS\linkinfo.dll
File C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll
File C:\WINDOWS\system32\drivers\RioDrvs.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\linkinfo.dll

---- Services - GMER 1.0.13 ----

Service C:\WINDOWS\system32\DRIVERS\RioDrvs.sys [AUTO] RioDrvs <-- ROOTKIT !!!

---- EOF - GMER 1.0.13 ----


MBR rootkit/Mebroot/Sinowal GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-24 07:50:49
Windows 5.1.2600 Service Pack 3


---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit code detected <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x25429800 size 0x2c4
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Kernel code sections - GMER 1.0.14 ----

PAGE CLASSPNP.SYS!ClassInitialize + F4 F9A934B2 4 Bytes [ 7E, C8, 84, 81 ]
PAGE CLASSPNP.SYS!ClassInitialize + FF F9A934BD 4 Bytes [ 28, 74, 84, 81 ]
PAGE CLASSPNP.SYS!ClassInitialize + 10A F9A934C8 4 Bytes [ 90, C8, 84, 81 ]
PAGE CLASSPNP.SYS!ClassInitialize + 111 F9A934CF 4 Bytes [ 84, C8, 84, 81 ]
PAGE CLASSPNP.SYS!ClassInitialize + 118 F9A934D6 4 Bytes [ 8A, C8, 84, 81 ]
PAGE ...

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptDestroyKey 77DDA544 7 Bytes JMP 00D52B9A
.text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 00D52B57
.text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 00D52B1B
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!send 71A5428A 5 Bytes JMP 00D5298C
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 00D52A7E
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!recv 71A5615A 5 Bytes JMP 00D529C4
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00D529FC
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00D52B00

---- Devices - GMER 1.0.14 ----

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 855A1410
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 855A1410

---- Threads - GMER 1.0.14 ----

Thread 4:796 855BBC80
Thread 4:800 855A8D80
Thread 4:804 85663DC0
Thread 4:808 85594E00
Thread 4:2856 855BBC80
Thread 4:2860 855A8D80
Thread 4:2864 85663DC0
Thread 4:2868 85594E00

---- EOF - GMER 1.0.14 ----

C:\>mbr.exe -t
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85938E90]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x85938e90
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x8593fc20
NDIS: Intel(R) 82566DM-2 Gigabit Network Connection -> SendCompleteHandler -> 0x8596e700
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0100A757
malicious code @ sector 0x0100A75A !
PE file found in sector at 0x0100A770 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.


Tigger/Syzor GMER 1.0.15.14918 - http://www.gmer.net
Rootkit scan 2009-01-12 15:18:21
Windows 5.1.2600 Dodatek Service Pack 2


---- Kernel code sections - GMER 1.0.15 ----

PAGEKD KDCOM.DLL!KdSendPacket F9F4D1B2 8 Bytes [FF, 35, 00, F0, 8F, 81, 9B, ...] {PUSH DWORD [0x818ff000]; WAIT ; RET }

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestA 771B76B8 1 Byte [55]
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestA 771B76B8 7 Bytes [55, FF, 25, 00, 00, F6, 00] {PUSH EBP; JMP [0xf60000]}
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestW 77201808 1 Byte [55]
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestW 77201808 7 Bytes [55, FF, 25, 00, 00, 1F, 01] {PUSH EBP; JMP [0x11f0000]}

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE F8B98880
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ F8B99E54
Device \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ F8B99E54
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ F8B992DC
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE F8B9932E
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN F8B99FA0

---- Threads - GMER 1.0.15 ----

Thread System [4:300] F8B99EB4
Thread System [4:1164] F8B99490
Thread System [4:1740] F8B98988
Thread System [4:1388] F8B9A022

---- EOF - GMER 1.0.15 ----


TDSS GMER 1.0.15.15121 - http://www.gmer.net
Rootkit scan 2009-10-03 13:54:24
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF74CB380]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 [F74BE9F2] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort1 [F74BE9F2] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F74BE9F2] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort2 [F74BE9F2] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F74BE9F2] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort3 [F74BE9F2] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort4 [F74BE9F2] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort5 [F74BE9F2] atapi.sys[unknown section]

---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\Ide\IdePort5\kbwwiibi\kbwwiibi\tdlwsp.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1736] 0x10000000

---- EOF - GMER 1.0.15 ----




Copyright (c) GMER 2004 - 2009

 

I was finally able to split the GMER log into two pages, I sincerely hope it is intact this way.

I still cannot have full internet access in Normal Mode therefore I cannot run the other scan you wanted me to run in Normal Mode.

 

OTL Extras logfile created on: 9/9/2010 8:14:42 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 290.00 Mb Available Physical Memory | 57.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.27 Gb Total Space | 13.12 Gb Free Space | 34.28% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-KVJPCI4PIU
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08067AFD-4ECE-4454-80B4-31C859D4EDC1}" = F4400
"{0DA76892-D849-422B-80D0-E4FC26009AB9}" = FixCleaner
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DCB031C-6BCE-4AEE-AAF8-5F14148D0803}" = Diskeeper Home Edition
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A53AB160-8DC1-11D6-B494-008048C29C40}" = USB CF
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.04.28
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C122BC95-2CA8-4214-84F2-A43B6D57EAE7}" = F4400_NCL_Help
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avery Wizard 2.1 MSW2000" = Avery® Wizard 2.1 forMicrosoft® Word 2000
"Belarc Advisor" = Belarc Advisor 7.2
"Branding" =
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"DYMO Label Software" = DYMO Label Software
"EOS Utility" = Canon Utilities EOS Utility
"fotkipub" = Fotki XP Publishing Wizard
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.5
"Gadwin PrintScreen" = Gadwin PrintScreen
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"NetPal" = Cookie Pal
"NTI CD-Maker 2000 Standard" = NTI CD-Maker 2000 Standard
"PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0
"PCHealth" =
"PhotoRecord" = Canon PhotoRecord
"PhotoStitch" = Canon Utilities PhotoStitch
"PPTView97" = Microsoft PowerPoint Viewer 97
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Shop for HP Supplies" = Shop for HP Supplies
"TClockEx_is1" = TClockEx
"Uninstall_is1" = Uninstall 1.0.0.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works" = Microsoft Works 4.5
"Works99Setup" = Microsoft Works Setup Launcher
"Yahoo! Companion" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2010 2:35:30 PM | Computer Name = HOME-KVJPCI4PIU | Source = MsiInstaller | ID = 10005
Description = Product: HPSSupply -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2732. The arguments are: 0, ,

Error - 9/6/2010 2:35:38 PM | Computer Name = HOME-KVJPCI4PIU | Source = MsiInstaller | ID = 10005
Description = Product: F4400 -- Internal Error 2732. 0

Error - 9/6/2010 2:35:55 PM | Computer Name = HOME-KVJPCI4PIU | Source = MsiInstaller | ID = 11500
Description = Product: F4400_NCL_Help -- Error 1500. Another installation is in
progress. You must complete that installation before continuing this one.

Error - 9/8/2010 11:33:39 AM | Computer Name = HOME-KVJPCI4PIU | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d560.

Error - 9/8/2010 12:08:20 PM | Computer Name = HOME-KVJPCI4PIU | Source = Application Error | ID = 1000
Description = Faulting application avastui.exe, version 5.0.677.0, faulting module
msvcr90.dll, version 9.0.30729.4148, fault address 0x0003753d.

Error - 9/8/2010 12:08:27 PM | Computer Name = HOME-KVJPCI4PIU | Source = Application Error | ID = 1001
Description = Fault bucket 2022132209.

Error - 9/8/2010 2:13:42 PM | Computer Name = HOME-KVJPCI4PIU | Source = Application Error | ID = 1000
Description = Faulting application freesolitaire.exe, version 5.0.0.3, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 9/8/2010 2:14:54 PM | Computer Name = HOME-KVJPCI4PIU | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/9/2010 12:23:48 PM | Computer Name = HOME-KVJPCI4PIU | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 9.0.0.2717, faulting module
mso9.dll, version 9.0.0.2720, fault address 0x0000faf8.

Error - 9/9/2010 12:23:51 PM | Computer Name = HOME-KVJPCI4PIU | Source = Application Error | ID = 1001
Description = Fault bucket 00134595.

[ Application Events ]
Error - 9/6/2010 2:35:30 PM | Computer Name = HOME-KVJPCI4PIU | Source = MsiInstaller | ID = 10005
Description = Product: HPSSupply -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2732. The arguments are: 0, ,

Error - 9/6/2010 2:35:38 PM | Computer Name = HOME-KVJPCI4PIU | Source = MsiInstaller | ID = 10005
Description = Product: F4400 -- Internal Error 2732. 0

Error - 9/6/2010 2:35:55 PM | Computer Name = HOME-KVJPCI4PIU | Source = MsiInstaller | ID = 11500
Description = Product: F4400_NCL_Help -- Error 1500. Another installation is in
progress. You must complete that installation before continuing this one.

Error - 9/8/2010 11:33:39 AM | Computer Name = HOME-KVJPCI4PIU | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d560.

Error - 9/8/2010 12:08:20 PM | Computer Name = HOME-KVJPCI4PIU | Source = Application Error | ID = 1000
Description = Faulting application avastui.exe, version 5.0.677.0, faulting module
msvcr90.dll, version 9.0.30729.4148, fault address 0x0003753d.

Error - 9/8/2010 12:08:27 PM | Computer Name = HOME-KVJPCI4PIU | Source = Application Error | ID = 1001
Description = Fault bucket 2022132209.

Error - 9/8/2010 2:13:42 PM | Computer Name = HOME-KVJPCI4PIU | Source = Application Error | ID = 1000
Description = Faulting application freesolitaire.exe, version 5.0.0.3, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 9/8/2010 2:14:54 PM | Computer Name = HOME-KVJPCI4PIU | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/9/2010 12:23:48 PM | Computer Name = HOME-KVJPCI4PIU | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 9.0.0.2717, faulting module
mso9.dll, version 9.0.0.2720, fault address 0x0000faf8.

Error - 9/9/2010 12:23:51 PM | Computer Name = HOME-KVJPCI4PIU | Source = Application Error | ID = 1001
Description = Fault bucket 00134595.

[ System Events ]
Error - 9/9/2010 12:24:11 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 12:27:07 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 12:27:07 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 12:27:07 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 1:02:43 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 1:02:43 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 1:02:43 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 1:04:01 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 1:04:01 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 1:04:01 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

[ System Events ]
Error - 9/9/2010 12:24:11 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 12:27:07 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 12:27:07 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 12:27:07 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 1:02:43 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 1:02:43 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 1:02:43 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 1:04:01 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 1:04:01 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 9/9/2010 1:04:01 PM | Computer Name = HOME-KVJPCI4PIU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}


< End of report >

 

Isn't this it? You said running that program would create two files and I posted both of them that were created. The other one was Extras Log File.

OTL logfile created on: 9/9/2010 8:14:42 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 290.00 Mb Available Physical Memory | 57.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.27 Gb Total Space | 13.12 Gb Free Space | 34.28% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-KVJPCI4PIU
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/09 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2010/09/09 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 23:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpShHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OBWUXECJY.exe -- (OBWUXECJY)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/04/26 14:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Auto | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/01/28 13:42:04 | 000,262,144 | ---- | M] (Executive Software International, Inc.) [Auto | Stopped] -- C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe -- (Diskeeper)
SRV - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\RICHAR~1.HOM\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/04/23 19:14:58 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2007/11/13 16:06:50 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/11/13 16:06:50 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 23:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/01/24 11:23:40 | 000,013,545 | ---- | M] (SCM Microsystems Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\STLTRK2K.sys -- (Stltrk2k)
DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/06 13:52:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/08 21:25:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.85.229.110 76.85.229.111
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/03/16 21:31:28 | 000,000,024 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/09 20:11:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/09 20:07:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/09 00:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Unzipped
[2010/09/08 21:52:13 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/09/08 21:27:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/08 17:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2010/09/08 13:14:41 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Administrator\My Documents\My Stationery
[2010/09/08 12:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/09/08 11:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/09/08 10:29:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/08 10:29:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/08 10:29:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/08 10:29:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/08 10:21:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/07 23:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010/09/07 16:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/09/06 13:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WEBREG
[2010/09/06 13:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2010/09/06 13:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/09/06 13:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2010/09/06 13:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP Photo Creations
[2010/09/06 13:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP Product Assistant
[2010/09/06 13:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/09/06 13:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
[2010/07/16 16:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/16 16:39:42 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/16 16:39:42 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/16 16:39:42 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/16 16:39:41 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/15 19:52:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/15 19:52:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/11 15:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/07/10 19:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/10 19:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/07/10 19:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/07/10 19:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/07/10 19:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\microsoft
[2010/07/10 19:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/07/10 19:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/07/10 19:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/07/10 16:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/10 16:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/07/09 20:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2010/07/09 19:12:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2010/07/09 15:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/07/09 15:07:15 | 036,597,872 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Administrator\My Documents\sdsetup_aff.exe
[2010/07/09 14:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FixCleaner
[2010/07/09 14:18:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/07/09 14:18:08 | 000,000,000 | ---D | C] -- C:\0ff30b331f6ef8766e8e82859b84f973
[2010/06/16 00:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\IE New Window Maximizer

========== Files - Modified Within 90 Days ==========

[2010/09/09 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/09 11:25:06 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/09/09 11:19:16 | 000,205,824 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\GMER Scan.doc
[2010/09/09 10:16:30 | 000,212,480 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Scan results.doc
[2010/09/09 10:14:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/09 10:10:52 | 000,013,738 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/09 10:10:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/09 10:09:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/09 10:08:02 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7712294E-F94B-4110-8CC7-2F0C256BC9C4}.job
[2010/09/09 10:05:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/09 10:05:34 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/09/09 00:46:22 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9913872E-C5A8-4D8F-83A3-237CEECEEC63}.job
[2010/09/08 23:57:40 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2010/09/08 22:55:48 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$alware.html
[2010/09/08 22:55:26 | 000,098,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Malware.html
[2010/09/08 21:52:44 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/08 21:32:36 | 000,000,472 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to CFScript.lnk
[2010/09/08 21:25:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/08 21:15:52 | 003,840,723 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/09/08 21:11:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/08 13:13:42 | 000,002,860 | ---- | M] () -- C:\WINDOWS\Solitaire.ini
[2010/09/07 23:08:46 | 000,002,221 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\FixCleaner.lnk
[2010/09/07 12:05:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/07 11:01:44 | 000,125,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/06 13:55:16 | 000,172,174 | ---- | M] () -- C:\WINDOWS\hpoins37.dat
[2010/09/06 13:55:06 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/06 13:51:58 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Photo Creations.lnk
[2010/09/06 13:51:26 | 000,000,922 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Solution Center.lnk
[2010/09/06 13:50:18 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/09/05 16:29:06 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2010/09/05 15:10:18 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2010/09/03 22:28:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/01 14:37:16 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/09/01 13:55:18 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Addrfixr.ini
[2010/08/24 12:34:32 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2010/08/12 16:10:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/16 16:39:34 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/16 16:39:34 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/16 16:39:34 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/16 16:39:34 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/15 12:40:18 | 535,707,648 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/11 13:36:42 | 000,509,392 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/11 13:36:42 | 000,433,326 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/11 13:36:42 | 000,067,980 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/10 00:17:30 | 000,000,306 | RHS- | M] () -- C:\boot.ini
[2010/07/09 19:12:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2010/07/09 15:07:16 | 036,597,872 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Administrator\My Documents\sdsetup_aff.exe

========== Files Created - No Company Name ==========

[2010/09/09 11:19:14 | 000,205,824 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\GMER Scan.doc
[2010/09/09 10:16:28 | 000,212,480 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Scan results.doc
[2010/09/08 23:57:38 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2010/09/08 22:55:47 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$alware.html
[2010/09/08 22:55:25 | 000,098,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Malware.html
[2010/09/08 21:32:35 | 000,000,472 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to CFScript.lnk
[2010/09/08 10:29:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/08 10:29:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/08 10:29:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/08 10:29:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/07 23:57:09 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7712294E-F94B-4110-8CC7-2F0C256BC9C4}.job
[2010/09/07 23:33:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/06 13:51:56 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Photo Creations.lnk
[2010/09/06 13:51:24 | 000,000,922 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Solution Center.lnk
[2010/09/06 13:50:17 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/09/06 13:45:14 | 000,172,174 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/09/06 13:45:13 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2010/09/05 15:10:16 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2010/07/16 14:23:30 | 003,840,723 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/07/12 20:40:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/10 19:15:52 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/10 19:13:36 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/03/26 23:27:13 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/09/07 15:32:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2008/04/28 12:50:27 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/28 12:50:27 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/28 15:47:44 | 000,000,124 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/12/20 16:12:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hndlt.ini
[2007/11/29 16:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/29 14:33:50 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/11/28 15:52:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/23 16:35:41 | 000,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini
[2007/11/23 16:24:59 | 000,001,422 | ---- | C] () -- C:\Program Files\ReadMe.txt
[2007/08/08 12:02:13 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/02/14 12:45:44 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/02/13 15:34:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/11/13 10:07:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/08/24 23:31:22 | 000,002,860 | ---- | C] () -- C:\WINDOWS\Solitaire.ini
[2006/07/20 15:07:40 | 000,018,801 | ---- | C] () -- C:\Program Files\IE70BlockerHelp.htm
[2006/05/08 17:07:36 | 000,028,142 | ---- | C] () -- C:\Program Files\IE70BlockerHelp-GPFilteringDialog.jpg
[2006/05/08 16:13:06 | 000,003,730 | ---- | C] () -- C:\Program Files\IE70Blocker.adm
[2006/05/08 16:13:06 | 000,001,809 | ---- | C] () -- C:\Program Files\IE70Blocker.cmd
[2006/01/17 23:07:40 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2006/01/17 23:07:40 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/01/17 23:00:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/15 16:52:43 | 000,000,026 | ---- | C] () -- C:\WINDOWS\DfrgUIEx.INI
[2006/01/15 15:21:34 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/01/15 15:00:12 | 000,006,071 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
[2006/01/15 13:29:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2002/12/10 00:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2002/12/10 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1998/05/14 00:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL

========== LOP Check ==========

[2006/11/15 19:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2006/12/18 23:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\INAC
[2007/06/11 11:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2007/11/13 16:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2009/10/28 11:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCPitstop
[2009/10/28 16:17:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010/05/10 16:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Applications
[2010/05/19 16:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DYMO
[2010/07/10 16:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/07/09 14:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FixCleaner
[2010/09/09 10:14:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/09/09 00:46:22 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9913872E-C5A8-4D8F-83A3-237CEECEEC63}.job
[2010/09/09 10:08:02 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7712294E-F94B-4110-8CC7-2F0C256BC9C4}.job
[2007/01/20 23:30:34 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1137559368.job

========== Purity Check ==========


< End of report >

 

All processes killed
========== OTL ==========
Service OBWUXECJY stopped successfully!
Service OBWUXECJY deleted successfully!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OBWUXECJY.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Richard Doenges
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users.WINDOWS

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 1792 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 53220 bytes

User: Richard Doenges.HOME-KVJPCI4PIU
->Temp folder emptied: 2100564 bytes
->Temporary Internet Files folder emptied: 6547970 bytes
->Java cache emptied: 129370 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 69204 bytes

User: RICHAR~1~HOM

User: Administrator
->Temp folder emptied: 520848 bytes
->Temporary Internet Files folder emptied: 40806977 bytes
->Java cache emptied: 124365 bytes
->Flash cache emptied: 3024 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11178 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 293376 bytes

Total Files Cleaned = 48.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Richard Doenges

User: Default User.WINDOWS

User: All Users.WINDOWS

User: NetworkService.NT AUTHORITY

User: LocalService.NT AUTHORITY

User: Richard Doenges.HOME-KVJPCI4PIU
->Flash cache emptied: 0 bytes

User: RICHAR~1~HOM

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

========== OTL ==========
Error: No service named OBWUXECJY was found to stop!
Service\Driver key OBWUXECJY not found.
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OBWUXECJY.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Richard Doenges
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users.WINDOWS

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Richard Doenges.HOME-KVJPCI4PIU
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: RICHAR~1~HOM

User: Administrator
->Temp folder emptied: 66560 bytes
->Temporary Internet Files folder emptied: 6743362 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Richard Doenges

User: Default User.WINDOWS

User: All Users.WINDOWS

User: NetworkService.NT AUTHORITY

User: LocalService.NT AUTHORITY

User: Richard Doenges.HOME-KVJPCI4PIU
->Flash cache emptied: 0 bytes

User: RICHAR~1~HOM

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

========== OTL ==========
Error: No service named OBWUXECJY was found to stop!
Service\Driver key OBWUXECJY not found.
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OBWUXECJY.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Richard Doenges
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users.WINDOWS

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Richard Doenges.HOME-KVJPCI4PIU
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: RICHAR~1~HOM

User: Administrator
->Temp folder emptied: 66560 bytes
->Temporary Internet Files folder emptied: 6743362 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Richard Doenges

User: Default User.WINDOWS

User: All Users.WINDOWS

User: NetworkService.NT AUTHORITY

User: LocalService.NT AUTHORITY

User: Richard Doenges.HOME-KVJPCI4PIU
->Flash cache emptied: 0 bytes

User: RICHAR~1~HOM

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <V:OTL> in the current context!
Error: Unable to interpret <SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OBWUXECJY.exe -- (OBWUXECJY)> in the current context!
Error: Unable to interpret <O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present> in the current context!
Error: Unable to interpret <O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!
Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Richard Doenges
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users.WINDOWS

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Richard Doenges.HOME-KVJPCI4PIU
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: RICHAR~1~HOM

User: Administrator
->Temp folder emptied: 66560 bytes
->Temporary Internet Files folder emptied: 6743362 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Richard Doenges

User: Default User.WINDOWS

User: All Users.WINDOWS

User: NetworkService.NT AUTHORITY

User: LocalService.NT AUTHORITY

User: Richard Doenges.HOME-KVJPCI4PIU
->Flash cache emptied: 0 bytes

User: RICHAR~1~HOM

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

========== OTL ==========
Error: No service named OBWUXECJY was found to stop!
Service\Driver key OBWUXECJY not found.
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OBWUXECJY.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Richard Doenges
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users.WINDOWS

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Richard Doenges.HOME-KVJPCI4PIU
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: RICHAR~1~HOM

User: Administrator
->Temp folder emptied: 66560 bytes
->Temporary Internet Files folder emptied: 6743362 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Richard Doenges

User: Default User.WINDOWS

User: All Users.WINDOWS

User: NetworkService.NT AUTHORITY

User: LocalService.NT AUTHORITY

User: Richard Doenges.HOME-KVJPCI4PIU
->Flash cache emptied: 0 bytes

User: RICHAR~1~HOM

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09102010_100125

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD5DF.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD5E6.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD60B.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD612.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\A7U4SCP1\95026-active-computer-taken-over-virus[2].html moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFB8F8.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFB902.tmp not found!

Registry entries deleted on Reboot...

 

OTL logfile created on: 9/10/2010 10:06:41 AM - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 299.00 Mb Available Physical Memory | 59.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.27 Gb Total Space | 13.19 Gb Free Space | 34.48% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-KVJPCI4PIU
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/09 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2010/09/09 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/04/26 14:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Auto | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/01/28 13:42:04 | 000,262,144 | ---- | M] (Executive Software International, Inc.) [Auto | Stopped] -- C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe -- (Diskeeper)
SRV - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\RICHAR~1.HOM\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/04/23 19:14:58 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2007/11/13 16:06:50 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/11/13 16:06:50 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 23:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/01/24 11:23:40 | 000,013,545 | ---- | M] (SCM Microsystems Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\STLTRK2K.sys -- (Stltrk2k)
DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/06 13:52:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/08 21:25:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.85.229.110 76.85.229.111
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/03/16 21:31:28 | 000,000,024 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/09 20:11:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/09 20:07:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/09 00:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Unzipped
[2010/09/08 21:52:13 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/09/08 21:27:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/08 17:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2010/09/08 13:14:41 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Administrator\My Documents\My Stationery
[2010/09/08 12:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/09/08 11:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/09/08 10:29:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/08 10:29:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/08 10:29:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/08 10:29:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/08 10:21:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/07 23:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010/09/07 16:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/09/06 13:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WEBREG
[2010/09/06 13:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2010/09/06 13:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/09/06 13:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2010/09/06 13:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP Photo Creations
[2010/09/06 13:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP Product Assistant
[2010/09/06 13:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/09/06 13:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
[2010/07/16 16:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/16 16:39:42 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/16 16:39:42 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/16 16:39:42 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/16 16:39:41 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/15 19:52:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/15 19:52:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/11 15:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/07/10 19:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/10 19:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/07/10 19:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/07/10 19:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/07/10 19:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\microsoft
[2010/07/10 19:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/07/10 19:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/07/10 19:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/07/10 16:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/10 16:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/07/09 20:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2010/07/09 19:12:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2010/07/09 15:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/07/09 15:07:15 | 036,597,872 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Administrator\My Documents\sdsetup_aff.exe
[2010/07/09 14:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FixCleaner
[2010/07/09 14:18:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/07/09 14:18:08 | 000,000,000 | ---D | C] -- C:\0ff30b331f6ef8766e8e82859b84f973
[2010/06/16 00:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\IE New Window Maximizer

========== Files - Modified Within 90 Days ==========

[2010/09/10 10:06:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/10 10:03:08 | 000,013,738 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/10 10:02:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/10 10:01:56 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/10 10:01:54 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/09/09 21:24:38 | 000,020,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/09 20:06:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/09 11:19:16 | 000,205,824 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\GMER Scan.doc
[2010/09/09 10:16:30 | 000,212,480 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Scan results.doc
[2010/09/09 10:09:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/09 10:08:02 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7712294E-F94B-4110-8CC7-2F0C256BC9C4}.job
[2010/09/09 10:05:34 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/09/09 00:46:22 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9913872E-C5A8-4D8F-83A3-237CEECEEC63}.job
[2010/09/08 23:57:40 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2010/09/08 22:55:48 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$alware.html
[2010/09/08 22:55:26 | 000,098,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Malware.html
[2010/09/08 21:52:44 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/08 21:32:36 | 000,000,472 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to CFScript.lnk
[2010/09/08 21:25:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/08 21:15:52 | 003,840,723 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/09/08 21:11:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/08 13:13:42 | 000,002,860 | ---- | M] () -- C:\WINDOWS\Solitaire.ini
[2010/09/07 23:08:46 | 000,002,221 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\FixCleaner.lnk
[2010/09/07 12:05:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/07 11:01:44 | 000,125,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/06 13:55:16 | 000,172,174 | ---- | M] () -- C:\WINDOWS\hpoins37.dat
[2010/09/06 13:55:06 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/06 13:51:58 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Photo Creations.lnk
[2010/09/06 13:51:26 | 000,000,922 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Solution Center.lnk
[2010/09/06 13:50:18 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/09/05 16:29:06 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2010/09/05 15:10:18 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2010/09/03 22:28:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/01 14:37:16 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/09/01 13:55:18 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Addrfixr.ini
[2010/08/24 12:34:32 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2010/08/12 16:10:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/16 16:39:34 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/16 16:39:34 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/16 16:39:34 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/16 16:39:34 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/15 12:40:18 | 535,707,648 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/11 13:36:42 | 000,509,392 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/11 13:36:42 | 000,433,326 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/11 13:36:42 | 000,067,980 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/10 00:17:30 | 000,000,306 | RHS- | M] () -- C:\boot.ini
[2010/07/09 19:12:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2010/07/09 15:07:16 | 036,597,872 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Administrator\My Documents\sdsetup_aff.exe

========== Files Created - No Company Name ==========

[2010/09/09 11:19:14 | 000,205,824 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\GMER Scan.doc
[2010/09/09 10:16:28 | 000,212,480 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Scan results.doc
[2010/09/08 23:57:38 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2010/09/08 22:55:47 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$alware.html
[2010/09/08 22:55:25 | 000,098,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Malware.html
[2010/09/08 21:32:35 | 000,000,472 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to CFScript.lnk
[2010/09/08 10:29:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/08 10:29:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/08 10:29:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/08 10:29:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/07 23:57:09 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7712294E-F94B-4110-8CC7-2F0C256BC9C4}.job
[2010/09/07 23:33:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/06 13:51:56 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Photo Creations.lnk
[2010/09/06 13:51:24 | 000,000,922 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HP Solution Center.lnk
[2010/09/06 13:50:17 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/09/06 13:45:14 | 000,172,174 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2010/09/06 13:45:13 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2010/09/05 15:10:16 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2010/07/16 14:23:30 | 003,840,723 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/07/12 20:40:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/10 19:15:52 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/10 19:13:36 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/03/26 23:27:13 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/09/07 15:32:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2008/04/28 12:50:27 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/28 12:50:27 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/28 15:47:44 | 000,000,124 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/12/20 16:12:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hndlt.ini
[2007/11/29 16:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/29 14:33:50 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/11/28 15:52:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/23 16:35:41 | 000,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini
[2007/11/23 16:24:59 | 000,001,422 | ---- | C] () -- C:\Program Files\ReadMe.txt
[2007/08/08 12:02:13 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/02/14 12:45:44 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/02/13 15:34:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/11/13 10:07:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/08/24 23:31:22 | 000,002,860 | ---- | C] () -- C:\WINDOWS\Solitaire.ini
[2006/07/20 15:07:40 | 000,018,801 | ---- | C] () -- C:\Program Files\IE70BlockerHelp.htm
[2006/05/08 17:07:36 | 000,028,142 | ---- | C] () -- C:\Program Files\IE70BlockerHelp-GPFilteringDialog.jpg
[2006/05/08 16:13:06 | 000,003,730 | ---- | C] () -- C:\Program Files\IE70Blocker.adm
[2006/05/08 16:13:06 | 000,001,809 | ---- | C] () -- C:\Program Files\IE70Blocker.cmd
[2006/01/17 23:07:40 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2006/01/17 23:07:40 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/01/17 23:00:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/15 16:52:43 | 000,000,026 | ---- | C] () -- C:\WINDOWS\DfrgUIEx.INI
[2006/01/15 15:21:34 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/01/15 15:00:12 | 000,006,071 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
[2006/01/15 13:29:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2002/12/10 00:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2002/12/10 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1998/05/14 00:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL

========== LOP Check ==========

[2006/11/15 19:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2006/12/18 23:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\INAC
[2007/06/11 11:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2007/11/13 16:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2009/10/28 11:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCPitstop
[2009/10/28 16:17:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010/05/10 16:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Applications
[2010/05/19 16:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DYMO
[2010/07/10 16:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/07/09 14:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FixCleaner
[2010/09/10 10:06:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/09/09 00:46:22 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9913872E-C5A8-4D8F-83A3-237CEECEEC63}.job
[2010/09/09 10:08:02 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7712294E-F94B-4110-8CC7-2F0C256BC9C4}.job
[2007/01/20 23:30:34 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1137559368.job

========== Purity Check ==========


< End of report >

 

I still cannot operate in Normal Mode. Cannot access the Internet. The "virus" Security Suite is still listed in Task Master.

No further ahead than when we started, sorry.

 

Following is the ComboFix log - I must say that while this program was running there were three error messages, two while it was scanning and one while log ws being prepared. These were the usual "Internet Explorer has encountered a problem and must close" error messages.

ComboFix 10-09-09.04 - Administrator 09/10/2010 20:27:57.19.1 - FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.336 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

2010-09-10 01:11 . 2010-09-10 01:11 -------- d-----w- C:\_OTL
2010-09-08 22:35 . 2010-09-08 22:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-09-08 17:45 . 2010-09-08 17:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-09-08 16:10 . 2010-09-08 16:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-08 04:33 . 2010-09-10 20:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-07 21:02 . 2010-09-07 21:02 -------- d-----w- c:\program files\MSXML 4.0
2010-09-06 20:52 . 2010-09-06 20:52 -------- d-----w- c:\documents and settings\Richard Doenges.HOME-KVJPCI4PIU\Local Settings\Application Data\HP
2010-09-06 19:04 . 2010-09-06 19:05 -------- d-----w- c:\documents and settings\Richard Doenges.HOME-KVJPCI4PIU\Application Data\HPAppData
2010-09-06 18:56 . 2010-09-06 18:56 1148400 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\HP Photo Creations\RocketEngine.dll
2010-09-06 18:56 . 2010-09-06 18:56 341488 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\HP Photo Creations\PhotoProductCore.exe
2010-09-06 18:56 . 2010-09-06 18:56 255472 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\HP Photo Creations\ContentMan.dll
2010-09-06 18:56 . 2010-09-06 18:56 158240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\HP Photo Creations\PhotoProductReg.exe
2010-09-06 18:56 . 2010-09-06 18:56 140784 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\HP Photo Creations\RLPNUpload.dll
2010-09-06 18:56 . 2010-09-06 18:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WEBREG
2010-09-06 18:55 . 2010-09-06 18:55 -------- d-----w- c:\documents and settings\Richard Doenges.HOME-KVJPCI4PIU\Application Data\HP
2010-09-06 18:53 . 2010-09-06 18:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2010-09-06 18:52 . 2010-09-06 18:52 -------- d-----w- c:\program files\Coupons
2010-09-06 18:51 . 2010-09-06 18:51 -------- d-----w- c:\program files\HP Photo Creations
2010-09-06 18:51 . 2010-09-06 18:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HP Photo Creations
2010-09-06 18:51 . 2010-09-06 18:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HP Product Assistant
2010-09-06 18:49 . 2010-09-06 18:49 -------- d-----w- c:\program files\Common Files\HP
2010-09-06 18:49 . 2010-09-06 18:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HP
2010-09-06 18:45 . 2010-09-06 18:55 172174 ----a-w- c:\windows\hpoins37.dat
2010-09-06 18:45 . 2010-02-02 20:05 558 ------w- c:\windows\hpomdl37.dat
2010-09-06 18:39 . 2008-10-06 20:37 315392 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp083.dll
2010-09-06 18:39 . 2008-10-06 20:38 121344 ----a-w- c:\windows\system32\hpf3l083.dll
2010-09-06 18:39 . 2008-10-29 17:35 271704 ----a-r- c:\windows\system32\hpzids01.dll
2010-09-06 18:38 . 2008-10-28 09:31 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-09-06 18:38 . 2008-10-28 09:31 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-09-06 18:38 . 2008-10-29 17:37 307200 ----a-r- c:\windows\system32\hposc_d02a.dll
2010-09-06 18:38 . 2008-10-29 17:37 737280 ----a-r- c:\windows\system32\hposwia_d02a.dll
2010-09-06 18:38 . 2008-10-29 17:37 598016 ----a-r- c:\windows\system32\hpost_d02a.dll
2010-09-06 18:17 . 2010-09-06 18:17 -------- d-----w- c:\documents and settings\Richard Doenges.HOME-KVJPCI4PIU\Application Data\HpUpdate
2010-09-03 21:35 . 2010-09-03 21:35 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-02 20:25 . 2010-09-02 20:25 10134 ----a-r- c:\documents and settings\Richard Doenges.HOME-KVJPCI4PIU\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 02:24 . 2007-11-05 23:32 20144 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-06 19:05 . 2006-01-15 21:37 20144 ----a-w- c:\documents and settings\Richard Doenges.HOME-KVJPCI4PIU\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-09 21:09 . 2010-08-09 21:09 503808 ----a-w- c:\documents and settings\Richard Doenges.HOME-KVJPCI4PIU\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-13bb0c4e-n\msvcp71.dll
2010-08-09 21:09 . 2010-08-09 21:09 61440 ----a-w- c:\documents and settings\Richard Doenges.HOME-KVJPCI4PIU\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1401b338-n\decora-sse.dll
2010-08-09 21:09 . 2010-08-09 21:09 499712 ----a-w- c:\documents and settings\Richard Doenges.HOME-KVJPCI4PIU\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-13bb0c4e-n\jmc.dll
2010-08-09 21:09 . 2010-08-09 21:09 348160 ----a-w- c:\documents and settings\Richard Doenges.HOME-KVJPCI4PIU\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-13bb0c4e-n\msvcr71.dll
2010-08-09 21:09 . 2010-08-09 21:09 12800 ----a-w- c:\documents and settings\Richard Doenges.HOME-KVJPCI4PIU\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1401b338-n\decora-d3d.dll
2010-07-16 21:40 . 2010-07-16 21:40 -------- d-----w- c:\program files\Common Files\Java
2010-07-15 19:10 . 2010-07-15 19:10 170 ---ha-w- c:\documents and settings\Richard Doenges\hpothb07.dat
2010-07-15 19:10 . 2006-08-21 19:26 367 ---ha-w- c:\documents and settings\Richard Doenges.HOME-KVJPCI4PIU\hpothb07.dat
2010-06-30 12:31 . 2003-03-31 17:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-03-31 17:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-03-31 17:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-03-31 17:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-11-24 19:58 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\HelpSvc.exe
2010-06-14 07:41 . 2006-09-13 04:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2006-07-20 20:07 . 2006-07-20 20:07 18801 ------w- c:\program files\IE70BlockerHelp.htm
2006-05-08 22:07 . 2006-05-08 22:07 28142 ------w- c:\program files\IE70BlockerHelp-GPFilteringDialog.jpg
2006-05-08 21:13 . 2006-05-08 21:13 3730 ------w- c:\program files\IE70Blocker.adm
2006-05-08 21:13 . 2006-05-08 21:13 1809 ------w- c:\program files\IE70Blocker.cmd
2005-05-26 19:35 . 2007-11-23 21:24 1422 ------w- c:\program files\ReadMe.txt
.

((((((((((((((((((((((((((((( SnapShot@2010-09-08_15.38.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-11 00:23 . 2010-09-11 00:23 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2010-09-11 00:23 . 2010-09-11 00:23 429568 c:\windows\Installer\2d1e3.msi
+ 2010-09-09 05:32 . 2010-09-09 05:32 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\1d0e95615ff5f717ea2a1d51b0159ee5\WindowsFormsIntegration.ni.dll
- 2010-09-07 21:29 . 2010-09-07 21:29 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\1d0e95615ff5f717ea2a1d51b0159ee5\WindowsFormsIntegration.ni.dll
+ 2010-09-09 05:26 . 2010-09-09 05:26 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f5284d51729f47804d1b3c57f412b42e\PresentationFramework.Luna.ni.dll
- 2010-09-07 21:12 . 2010-09-07 21:12 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f5284d51729f47804d1b3c57f412b42e\PresentationFramework.Luna.ni.dll
+ 2010-09-09 05:26 . 2010-09-09 05:26 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e73ac6d2129a7d8bedcf95434313b9bd\PresentationFramework.Classic.ni.dll
- 2010-09-07 21:12 . 2010-09-07 21:12 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e73ac6d2129a7d8bedcf95434313b9bd\PresentationFramework.Classic.ni.dll
+ 2010-09-09 05:27 . 2010-09-09 05:27 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e1f8801a986cc1681428145bd9030f10\PresentationFramework.Royale.ni.dll
- 2010-09-07 21:22 . 2010-09-07 21:22 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e1f8801a986cc1681428145bd9030f10\PresentationFramework.Royale.ni.dll
+ 2010-09-09 05:26 . 2010-09-09 05:26 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43d7a9a529f269171a1337adfc2cc691\PresentationFramework.Aero.ni.dll
- 2010-09-07 21:11 . 2010-09-07 21:11 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43d7a9a529f269171a1337adfc2cc691\PresentationFramework.Aero.ni.dll
+ 2009-07-21 05:03 . 2009-07-21 05:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\system32\msxml4.dll
- 2010-09-07 21:28 . 2010-09-07 21:28 1036288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\51bab056dd2752e1b24ae61a6d19bbe7\System.Printing.ni.dll
+ 2010-09-09 05:30 . 2010-09-09 05:31 1036288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\51bab056dd2752e1b24ae61a6d19bbe7\System.Printing.ni.dll
- 2010-09-07 21:25 . 2010-09-07 21:25 2129920 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\b2a7b070e1db61595813a9a463374c31\ReachFramework.ni.dll
+ 2010-09-09 05:28 . 2010-09-09 05:28 2129920 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\b2a7b070e1db61595813a9a463374c31\ReachFramework.ni.dll
- 2010-09-07 21:24 . 2010-09-07 21:24 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a89720335f8170a3adec2d70b4665aed\PresentationUI.ni.dll
+ 2010-09-09 05:28 . 2010-09-09 05:28 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a89720335f8170a3adec2d70b4665aed\PresentationUI.ni.dll
- 2010-09-08 04:28 . 2010-06-16 21:27 15946608 c:\windows\SoftwareDistribution\Download\Install\NDP30SP2-KB977354-v2-x86.exe
+ 2010-09-09 05:26 . 2010-09-09 05:26 14451712 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\451953f73bc26b08c28c2719927bf878\PresentationFramework.ni.dll
- 2010-09-07 21:10 . 2010-09-07 21:10 14451712 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\451953f73bc26b08c28c2719927bf878\PresentationFramework.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-14 53760]
"tscuninstall "= "c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\Richard Doenges.HOME-KVJPCI4PIU\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2006-1-6 18480224]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache "= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe "=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe "=

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/23/2010 7:14 PM 95024]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [10/28/2009 11:29 AM 90352]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [3/31/2003 12:00 PM 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - STLTRK2K

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2010-09-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-06 21:27]

2010-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{9913872E-C5A8-4D8F-83A3-237CEECEEC63}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{7712294E-F94B-4110-8CC7-2F0C256BC9C4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

2007-01-21 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8137559368.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe "
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 20:34
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-527237240-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,c8,30,34,50,25,11,4a,96,a7,04,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,c8,30,34,50,25,11,4a,96,a7,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1324)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-09-10 20:36:34
ComboFix-quarantined-files.txt 2010-09-11 01:36
ComboFix2.txt 2010-09-09 02:27
ComboFix3.txt 2010-09-08 15:40

Pre-Run: 14,407,499,776 bytes free
Post-Run: 14,497,284,096 bytes free

Current=5 Default=5 Failed=2 LastKnownGood=3 Sets=1,2,3,5
- - End Of File - - 62F2748EAADD40A8F6BB27131DB42B7E

 

I can only connect to one site, American Express.

This is with Internet Explorer. I cannot connect with my home page, Google.

I have no other browser.

Not having any connection I cannot say if there are any other problems. I can say that I seem to be having no problems with Outlook Express as all my e-mails seem to be coming in. This, in and of itself, makes no sense as both Internet Explorer and Outlook Express are coming from the same ISP. I have not spoken to my ISP, perhaps I should, what do you think?

 

Well, it turns out that I had a Winsock problem. I talked to my ISP, Time-Warner Cable who determined I had a Winsock problem, I, then had to speak to someone with Microsoft Security who further verified my PC was virus free and then resolved the Winsock problem, gave me a link to Microsoft Security Essentials, which I downloaded, and now all is well. I am back on line.

Thank you aso much for all your hard work.