Solved blue screen of death

[Resolved] blue screen of death

Hello,

I have posted on here a few times before, so I'm hoping my computer info is somewhere under my name because I am now posting from my son's computer. On MY computer, I went onto MySpace last night and immediately heard the computer start running hard in a way it doesn't normally do. I went off the site and then started getting pop ups like crazy. I ran MBAM quick scan and it found two trojans. Removed them and restarted. Still having pop ups so ran the full scan of MBAM which came up with nothing. Restarted anyway. Within 30sec of being online I got the blue screen of death. Turned off and turned back on. 30 sec, another blue screen of death. Turned off and on one more time hoping to make it here....blue screen. So here I am on my son's computer and I am very stuck. I can't get you the MBAM log or anything. Please help.

 

more info

I was able to get into the Event log and it shows these errors: 0x000000a, 0x00000023, 0x0000002, 0x0000000, 0x8050c653. Another place said "boot start failed to load.....nvatabus, nvraid. I followed some MS site instructions to go into Safe Mode and then reset to last good configuration or something like that. Things seemed to be better then. I could go online. I left everything as is and went to work. Came home to the blue screen. Turned off and turned back on. It went thru much of its start up and then an AVAST box popped up that said "rootkit blocked" and then blue screen again. Please help.

 

how?

I'm doing this from my son's computer, tho. I can't even get past start-up on my computer so be able to download something.

????

 

otl

OTL logfile created on: 12/11/2010 12:21:43 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 727.00 Mb Available Physical Memory | 76.00% Memory free
858.00 Mb Paging File | 766.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.78 Gb Total Space | 91.58 Gb Free Space | 62.82% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/19 17:42:27 | 001,247,600 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/01/19 10:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) [Auto] -- C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -- (PinnacleSys.MediaServer)
SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/26 10:55:46 | 000,015,784 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2007/10/26 10:55:44 | 000,162,344 | ---- | M] (CyberLink Corporation.) [File_System | Auto] -- C:\WINDOWS\System32\drivers\CLBUDF.sys -- (CLBUDF)
DRV - [2006/11/28 22:31:32 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/08/23 13:12:38 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/08/15 04:00:18 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 07:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/05 08:00:48 | 000,089,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm)
DRV - [2006/08/05 08:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/06/18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/05/09 00:27:22 | 000,426,624 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MarvinUsb.sys -- (PinnacleMarvinUsb)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/13 16:55:22 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/05/27 04:46:20 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 04:37:58 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 04:31:26 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/02/23 19:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005/02/09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061128
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Melanie_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Melanie_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKU\Melanie_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Melanie_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\Melanie_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKU\Melanie_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Melanie_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\Melanie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Melanie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;localhost

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/04 21:14:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/04 21:14:25 | 000,000,000 | ---D | M]

[2010/10/12 19:16:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/26 13:13:08 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/20 15:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/12/02 17:14:22 | 001,933,312 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
[2009/11/20 15:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/04/01 21:39:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKU\Melanie_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Melanie_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Melanie_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [InstantBurn] F:\INSTAN~1\Win2K\IBurn.exe File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

 

more otl

O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] F:\DVD Suite\MUITransfer\MUIStartMenu.exe File not found
O4 - HKLM..\Run: [UpdatePPShortCut] F:\PowerProducer\MUITransfer\MUIStartMenu.exe File not found
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Melanie_ON_C..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKU\Melanie_ON_C..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\Melanie_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\Melanie_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Melanie_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Melanie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKU\Melanie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.avataritag.com/app/Plugin/DFusionHomeWebPlugIn.Installer.exe (CDFusionActiveXCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (appcache.dll) - C:\WINDOWS\System32\appcache.dll ()
O20 - AppInit_DLLs: (syncpack.dll) - C:\WINDOWS\System32\syncpack.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (xlibgfl254.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/21 13:58:22 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[65 C:\Documents and Settings\Melanie\My Documents\*.tmp files -> C:\Documents and Settings\Melanie\My Documents\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/11 13:12:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/11 13:12:12 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/12/11 13:10:23 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/11 13:10:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/11 13:10:05 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/11 11:46:41 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/12/11 11:45:00 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D849E1C1-B3CC-4887-B7C7-344812599166}.job
[2010/12/10 09:43:57 | 000,481,768 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/10 09:43:57 | 000,088,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/09 20:26:24 | 000,478,208 | -HS- | M] () -- C:\WINDOWS\System32\bootstream.dll
[2010/12/09 20:26:22 | 000,478,208 | ---- | M] () -- C:\WINDOWS\System32\syncpack.dll
[2010/12/09 20:26:17 | 000,063,488 | ---- | M] () -- C:\WINDOWS\System32\appcache.dll
[2010/12/09 20:26:16 | 000,063,488 | -HS- | M] () -- C:\WINDOWS\System32\diagres.dll
[2010/12/09 12:09:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/09 10:00:03 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Melanie\Desktop\Microsoft Office Word 2003.lnk
[2010/12/07 08:32:19 | 000,240,640 | ---- | M] () -- C:\Documents and Settings\Melanie\My Documents\calendar2010.doc
[2010/12/06 20:13:32 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Melanie\My Documents\chore chart luke on my weekend.xls
[2010/12/06 16:17:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/29 18:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 18:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/19 10:48:49 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Melanie\My Documents\11.doc
[2010/11/17 18:27:18 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Melanie\My Documents\chore chart luke.xls
[2010/11/14 18:05:59 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Melanie\My Documents\Fax list of MDs.xls
[2010/11/13 20:20:09 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Melanie\My Documents\New ADL log.xls
[65 C:\Documents and Settings\Melanie\My Documents\*.tmp files -> C:\Documents and Settings\Melanie\My Documents\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/11 11:43:34 | 1005,047,808 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/09 20:26:24 | 000,478,208 | -HS- | C] () -- C:\WINDOWS\System32\bootstream.dll
[2010/12/09 20:26:22 | 000,478,208 | ---- | C] () -- C:\WINDOWS\System32\syncpack.dll
[2010/12/09 20:26:18 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\appcache.dll
[2010/12/09 20:26:17 | 000,063,488 | -HS- | C] () -- C:\WINDOWS\System32\diagres.dll
[2010/11/19 10:48:48 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Melanie\My Documents\11.doc
[2010/11/14 16:26:28 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Melanie\My Documents\Fax list of MDs.xls
[2010/11/13 19:28:05 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Melanie\My Documents\New ADL log.xls
[2010/02/21 14:05:28 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2009/11/14 22:56:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2009/09/12 19:37:34 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/09/16 18:01:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/09/03 17:53:54 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/03/17 16:27:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/01/20 21:55:38 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/01/20 21:55:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/20 21:55:36 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/01/20 21:55:34 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/01/20 21:55:33 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007/11/06 16:42:36 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Melanie\presets.ini
[2007/06/22 12:18:25 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/06/10 16:05:34 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2007/06/10 16:05:34 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/06/10 16:05:34 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2007/06/10 16:05:34 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2007/06/10 16:05:34 | 000,000,359 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2007/06/10 16:05:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2007/05/18 01:07:21 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Melanie\Application Data\dvd.bmk
[2007/05/18 00:33:02 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Melanie\Local Settings\Application Data\fusioncache.dat
[2007/03/22 18:56:27 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/24 17:23:24 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2007/02/24 17:23:24 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2007/02/24 17:23:24 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2006/12/24 00:52:15 | 000,002,672 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/24 00:52:15 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5712CB1F76.sys
[2006/12/23 23:02:00 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/12/17 20:43:49 | 000,075,088 | ---- | C] () -- C:\WINDOWS\System32\adwfil.dll
[2006/12/17 20:43:49 | 000,013,034 | ---- | C] () -- C:\WINDOWS\System32\gblfil.dll
[2006/12/17 20:43:49 | 000,010,834 | ---- | C] () -- C:\WINDOWS\System32\chtfil.dll
[2006/12/17 20:43:49 | 000,005,338 | ---- | C] () -- C:\WINDOWS\System32\wfileu.drv
[2006/12/17 20:43:49 | 000,005,142 | ---- | C] () -- C:\WINDOWS\System32\iawfil.dll
[2006/12/17 20:43:49 | 000,004,826 | ---- | C] () -- C:\WINDOWS\System32\vgamfil.dll
[2006/12/17 20:43:49 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\hatfil.dll
[2006/12/17 20:43:49 | 000,003,818 | ---- | C] () -- C:\WINDOWS\System32\viofil.dll
[2006/12/17 20:43:49 | 000,003,444 | ---- | C] () -- C:\WINDOWS\System32\srchin.dll
[2006/12/17 20:43:49 | 000,002,782 | ---- | C] () -- C:\WINDOWS\System32\lgwfil.dll
[2006/12/17 20:43:49 | 000,001,830 | ---- | C] () -- C:\WINDOWS\System32\cultfil.dll
[2006/12/17 20:43:49 | 000,001,378 | ---- | C] () -- C:\WINDOWS\System32\gdwfil.dll
[2006/12/17 20:43:49 | 000,000,980 | ---- | C] () -- C:\WINDOWS\System32\imgfil.dll
[2006/12/17 20:43:49 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\snetfil.dll
[2006/12/17 20:43:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\bsnlst.dll
[2006/12/17 20:43:49 | 000,000,306 | ---- | C] () -- C:\WINDOWS\System32\picsfil.dll
[2006/12/17 20:43:49 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\srchout.dll
[2006/12/17 20:43:47 | 000,334,174 | ---- | C] () -- C:\WINDOWS\sqlite3.dll
[2006/12/17 20:40:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/17 20:15:15 | 000,116,224 | ---- | C] () -- C:\Documents and Settings\Melanie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/28 22:44:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/28 22:33:30 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/28 22:27:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/28 22:07:32 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/11/28 22:07:32 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/11/28 22:07:32 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/11/28 22:07:32 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/11/28 22:07:32 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/11/28 22:07:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/11/28 22:07:31 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/11/28 22:06:35 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 02:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/07/26 13:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\E-centives
[2006/12/23 22:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\FotoWire
[2010/08/12 18:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\FUJIFILM
[2010/03/25 11:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\GetRightToGo
[2006/12/24 00:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\Leadertech
[2010/02/21 13:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\Pinnacle Systems
[2008/03/26 11:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\SmartDraw
[2009/12/13 15:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\Total Immersion
[2010/02/09 18:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\Uniblue
[2010/12/11 11:46:41 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/12/11 13:12:12 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
[2010/12/11 11:45:00 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D849E1C1-B3CC-4887-B7C7-344812599166}.job

========== Purity Check ==========


< End of report >

 

new otl, now rebooting

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Viewpoint Manager Service deleted successfully.
File C:\Program Files\Viewpoint\Common\ViewpointService.exe not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Symantec Core LC deleted successfully.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\symlcbrd deleted successfully.
C:\WINDOWS\system32\drivers\symlcbrd.sys moved successfully.
HKU\Melanie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Melanie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\Melanie_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\Melanie_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Melanie_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Melanie_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Melanie_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurityProviders\\SecurityProviders:xlibgfl254.dll deleted successfully.
C:\Documents and Settings\Melanie\My Documents\Jmw152.tmp\VIDEO_TS folder deleted successfully.
C:\Documents and Settings\Melanie\My Documents\Jmw152.tmp folder deleted successfully.
C:\Documents and Settings\Melanie\My Documents\Jmw153.tmp folder deleted successfully.
C:\Documents and Settings\Melanie\My Documents\Jmw182.tmp folder deleted successfully.
C:\Documents and Settings\Melanie\My Documents\Jmw4869.tmp folder deleted successfully.
C:\Documents and Settings\Melanie\My Documents\Jmw48CF.tmp\VIDEO_TS folder deleted successfully.
C:\Documents and Settings\Melanie\My Documents\Jmw48CF.tmp folder deleted successfully.
C:\Documents and Settings\Melanie\My Documents\Jmw48D0.tmp folder deleted successfully.
C:\Documents and Settings\Melanie\My Documents\Jmw75E3.tmp\VIDEO_TS folder deleted successfully.
C:\Documents and Settings\Melanie\My Documents\Jmw75E3.tmp folder deleted successfully.
C:\Documents and Settings\Melanie\My Documents\Jmw75E4.tmp folder deleted successfully.
C:\Documents and Settings\Melanie\My Documents\JmwE8.tmp folder deleted successfully.
C:\Documents and Settings\Melanie\My Documents\PP_ROTATE_SLIDE.TMP folder deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL0193.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL0203.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL0573.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL0614.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL0668.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL0775.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL0900.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL0911.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL1033.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL1065.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL1100.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL1266.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL1322.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL1421.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL1506.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL1528.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL1557.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL1655.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL1814.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL1815.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL1996.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2007.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2306.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2362.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2399.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2439.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2485.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2500.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2568.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2573.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2574.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2646.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2650.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2661.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2675.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2724.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2803.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2806.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2866.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL2947.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL3173.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL3297.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL3510.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL3551.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL3619.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL3659.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL3688.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL3695.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL3706.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL3826.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL3884.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL3927.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL3975.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL3991.tmp deleted successfully.
C:\Documents and Settings\Melanie\My Documents\~WRL4051.tmp deleted successfully.
C:\WINDOWS\System32\SET7A.tmp deleted successfully.
C:\WINDOWS\System32\SET95.tmp deleted successfully.
C:\WINDOWS\System32\SET97.tmp deleted successfully.
C:\WINDOWS\System32\SETA5.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\system32\5712CB1F76.sys moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Melanie
->Temp folder emptied: 929651799 bytes
->Temporary Internet Files folder emptied: 128844075 bytes
->Java cache emptied: 1902230 bytes
->FireFox cache emptied: 104927232 bytes
->Flash cache emptied: 85465 bytes

User: NetworkService
->Temp folder emptied: 335792 bytes
->Temporary Internet Files folder emptied: 1719322 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 111203289 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 41765018 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 1,259.00 mb


OTLPE by OldTimer - Version 3.1.43.0 log created on 12112010_130032

 

after normal reboot

I took out the OTL disk and then rebooted normally. It went to blue screen. I just rebooted again and AVAST popped up and said rootkit blocked, windows 32, rootkit-gen. It said no further action is needed and something was blocked and it is now suddenly letting me get back on here.

What's next?

 

mbam log

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5297

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/11/2010 6:26:49 PM
mbam-log-2010-12-11 (18-26-49).txt

Scan type: Quick scan
Objects scanned: 144449
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

mbrcheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7497000 MountMgr.sys
0xF7328000 ftdisk.sys
0xF74A7000 \WINDOWS\system32\drivers\CLASSPNP.SYS
0xF770F000 PartMgr.sys
0xF74B7000 VolSnap.sys
0xF72FA000 atapi.sys
0xF74C7000 disk.sys
0xF72C0000 fltmgr.sys
0xF72AE000 sr.sys
0xF7298000 DRVMCDB.SYS
0xF74D7000 PxHelp20.sys
0xF7281000 KSecDD.sys
0xF726E000 WudfPf.sys
0xF71E1000 Ntfs.sys
0xF71B4000 NDIS.sys
0xF719A000 Mup.sys
0xF7567000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF6661000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF664D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7837000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6629000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF783F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7577000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7963000 \SystemRoot\System32\Drivers\CLBStor.SYS
0xF7847000 \SystemRoot\System32\Drivers\ASAPIW2K.sys
0xF79CD000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF7587000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7597000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6606000 \SystemRoot\system32\DRIVERS\ks.sys
0xF784F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF65DE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7A91000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7607000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7977000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF65C7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7617000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7627000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF785F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF65B6000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7637000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7867000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF786F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7877000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF787F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79E1000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6558000 \SystemRoot\system32\DRIVERS\update.sys
0xF7176000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF652A000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0xF6406000 \SystemRoot\system32\drivers\sthda.sys
0xF63E2000 \SystemRoot\system32\drivers\portcls.sys
0xF7667000 \SystemRoot\system32\drivers\drmk.sys
0xF7677000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7687000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79F1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF792F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79FB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BAC000 \SystemRoot\System32\Drivers\Null.SYS
0xF79FD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7757000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF775F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7767000 \SystemRoot\System32\drivers\vga.sys
0xF7A01000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A03000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF776F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7777000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF793B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3D51000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3CF8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF76C7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF3CD2000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF3CAA000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF794B000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF3C88000 \SystemRoot\System32\drivers\afd.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3C5D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF795F000 \??\C:\WINDOWS\system32\drivers\pclepci.sys
0xF3BC5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6AB8000 \SystemRoot\System32\Drivers\Fips.SYS
0xF777F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF3AFE000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF778F000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF6A28000 \SystemRoot\system32\drivers\lvusbsta.sys
0xF7973000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF7797000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF779F000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7557000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF3DD5000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF75E7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF398E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7647000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF3972000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF395E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF3260000 \SystemRoot\system32\DRIVERS\LV302AV.SYS
0xF76A7000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF3045000 \SystemRoot\system32\DRIVERS\lvsvf2.sys
0xF7A39000 \SystemRoot\system32\DRIVERS\lv302af.sys
0xF3BB5000 \SystemRoot\system32\drivers\usbaudio.sys
0xF6AA8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF1DF7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79B9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF3962000 \SystemRoot\System32\drivers\Dxapi.sys
0xF38B4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B1B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF3ADA000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF1E88000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7AE6000 \SystemRoot\System32\DLA\DLADResN.SYS
0xBA5EA000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF3A7E000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7A0B000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA5C3000 \SystemRoot\System32\Drivers\CLBUDF.SYS
0xBA5B2000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF1E57000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xBA59A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xBA584000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xF396E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9C2D000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB8953000 \SystemRoot\system32\drivers\wdmaud.sys
0xB8A20000 \SystemRoot\system32\drivers\sysaudio.sys
0xB8660000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8518000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7EBF000 \SystemRoot\System32\Drivers\HTTP.sys
0xF3A26000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB68A5000 \??\C:\DOCUME~1\Melanie\LOCALS~1\Temp\pxtdypow.sys
0xB6881000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB678B000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
564 C:\WINDOWS\system32\smss.exe
616 csrss.exe
640 C:\WINDOWS\system32\winlogon.exe
684 C:\WINDOWS\system32\services.exe
704 C:\WINDOWS\system32\lsass.exe
900 C:\WINDOWS\system32\svchost.exe
968 svchost.exe
1080 C:\Program Files\Windows Defender\MsMpEng.exe
1140 C:\WINDOWS\system32\svchost.exe
1184 C:\WINDOWS\system32\svchost.exe
1304 svchost.exe
1388 svchost.exe
1492 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1720 C:\WINDOWS\explorer.exe
1868 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
1876 C:\WINDOWS\stsystra.exe
1884 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
1892 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1900 C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
1956 C:\Program Files\Windows Defender\MSASCui.exe
1980 C:\WINDOWS\system32\LVCOMSX.EXE
1988 C:\Program Files\Logitech\Video\LogiTray.exe
2020 C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
2032 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
116 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
140 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
260 C:\Program Files\iTunes\iTunesHelper.exe
328 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
432 C:\WINDOWS\system32\ctfmon.exe
496 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
612 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
620 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
1028 C:\Program Files\FinePixViewer\QuickDCF2.exe
1060 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1272 C:\Program Files\Logitech\Video\FxSvr2.exe
1576 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
1684 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2328 C:\WINDOWS\system32\spoolsv.exe
3108 svchost.exe
3140 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
3156 C:\Program Files\Bonjour\mDNSResponder.exe
3204 C:\Program Files\Java\jre6\bin\jqs.exe
3344 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
3404 C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
3536 C:\WINDOWS\system32\nvsvc32.exe
3552 C:\WINDOWS\system32\HPZipm12.exe
3628 C:\Program Files\CyberLink\Shared files\RichVideo.exe
3684 C:\WINDOWS\system32\svchost.exe
3728 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3984 C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
3084 C:\Program Files\iPod\bin\iPodService.exe
3400 wmiprvse.exe
3848 alg.exe
768 C:\WINDOWS\system32\wscntfy.exe
592 C:\Documents and Settings\Melanie\Desktop\0kub6k4w.exe
2648 C:\Program Files\Internet Explorer\iexplore.exe
2416 C:\Program Files\Internet Explorer\iexplore.exe
3276 C:\WINDOWS\system32\rundll32.exe
3908 C:\Program Files\Internet Explorer\iexplore.exe
1436 C:\Documents and Settings\Melanie\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: <error opening>

Size Device Name MBR Status
--------------------------------------------
ERROR Opening: \\.\PhysicalDrive0 (32)


Done!

 

attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/17/2006 6:59:02 PM
System Uptime: 12/11/2010 5:22:15 PM (4 hours ago)

Motherboard: Dell Inc | | 0CT103
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket M2 | 2204/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 92.805 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1618: 9/13/2010 4:37:08 AM - System Checkpoint
RP1619: 9/14/2010 2:27:32 AM - Software Distribution Service 3.0
RP1620: 9/15/2010 2:37:11 AM - System Checkpoint
RP1621: 9/16/2010 3:00:18 AM - Software Distribution Service 3.0
RP1622: 9/17/2010 2:19:33 AM - Software Distribution Service 3.0
RP1623: 9/18/2010 2:24:44 AM - System Checkpoint
RP1624: 9/19/2010 2:35:48 AM - System Checkpoint
RP1625: 9/20/2010 3:24:46 AM - System Checkpoint
RP1626: 9/21/2010 2:19:39 AM - Software Distribution Service 3.0
RP1627: 9/22/2010 2:24:45 AM - System Checkpoint
RP1628: 9/23/2010 3:24:29 AM - System Checkpoint
RP1629: 9/24/2010 2:19:34 AM - Software Distribution Service 3.0
RP1630: 9/25/2010 2:24:30 AM - System Checkpoint
RP1631: 9/26/2010 3:24:28 AM - System Checkpoint
RP1632: 9/27/2010 4:24:30 AM - System Checkpoint
RP1633: 9/28/2010 1:44:35 AM - Software Distribution Service 3.0
RP1634: 9/29/2010 2:30:22 AM - System Checkpoint
RP1635: 9/29/2010 3:00:14 AM - Software Distribution Service 3.0
RP1636: 9/30/2010 3:30:16 AM - System Checkpoint
RP1637: 10/1/2010 1:44:31 AM - Software Distribution Service 3.0
RP1638: 10/2/2010 1:44:32 AM - Software Distribution Service 3.0
RP1639: 10/3/2010 2:30:16 AM - System Checkpoint
RP1640: 10/4/2010 3:30:16 AM - System Checkpoint
RP1641: 10/5/2010 1:44:31 AM - Software Distribution Service 3.0
RP1642: 10/6/2010 2:30:16 AM - System Checkpoint
RP1643: 10/7/2010 3:30:16 AM - System Checkpoint
RP1644: 10/8/2010 1:44:37 AM - Software Distribution Service 3.0
RP1645: 10/8/2010 3:00:14 AM - Software Distribution Service 3.0
RP1646: 10/9/2010 3:25:52 AM - System Checkpoint
RP1647: 10/10/2010 4:25:52 AM - System Checkpoint
RP1648: 10/11/2010 5:25:53 AM - System Checkpoint
RP1649: 10/12/2010 2:05:44 AM - Software Distribution Service 3.0
RP1650: 10/13/2010 2:25:52 AM - System Checkpoint
RP1651: 10/13/2010 10:36:18 PM - Software Distribution Service 3.0
RP1652: 10/14/2010 10:51:26 PM - System Checkpoint
RP1653: 10/15/2010 1:52:37 AM - Software Distribution Service 3.0
RP1654: 10/16/2010 2:51:18 AM - System Checkpoint
RP1655: 10/17/2010 3:51:18 AM - System Checkpoint
RP1656: 10/18/2010 4:51:20 AM - System Checkpoint
RP1657: 10/19/2010 1:52:36 AM - Software Distribution Service 3.0
RP1658: 10/20/2010 2:51:18 AM - System Checkpoint
RP1659: 10/21/2010 3:51:18 AM - System Checkpoint
RP1660: 10/22/2010 1:52:34 AM - Software Distribution Service 3.0
RP1661: 10/23/2010 2:51:08 AM - System Checkpoint
RP1662: 10/24/2010 3:51:09 AM - System Checkpoint
RP1663: 10/25/2010 4:51:08 AM - System Checkpoint
RP1664: 10/26/2010 1:52:37 AM - Software Distribution Service 3.0
RP1665: 10/26/2010 6:27:16 AM - Software Distribution Service 3.0
RP1666: 10/27/2010 7:20:01 AM - System Checkpoint
RP1667: 10/28/2010 8:25:39 AM - System Checkpoint
RP1668: 10/29/2010 1:56:42 AM - Software Distribution Service 3.0
RP1669: 10/30/2010 2:20:00 AM - System Checkpoint
RP1670: 10/31/2010 3:20:01 AM - System Checkpoint
RP1671: 11/1/2010 3:48:36 AM - System Checkpoint
RP1672: 11/2/2010 2:05:37 AM - Software Distribution Service 3.0
RP1673: 11/3/2010 2:48:29 AM - System Checkpoint
RP1674: 11/4/2010 2:05:34 AM - Software Distribution Service 3.0
RP1675: 11/5/2010 2:05:39 AM - Software Distribution Service 3.0
RP1676: 11/6/2010 2:48:29 AM - System Checkpoint
RP1677: 11/7/2010 2:48:29 AM - System Checkpoint
RP1678: 11/8/2010 3:48:31 AM - System Checkpoint
RP1679: 11/9/2010 2:05:40 AM - Software Distribution Service 3.0
RP1680: 11/10/2010 2:48:21 AM - System Checkpoint
RP1681: 11/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP1682: 11/11/2010 3:48:21 AM - System Checkpoint
RP1683: 11/12/2010 2:05:32 AM - Software Distribution Service 3.0
RP1684: 11/13/2010 2:48:18 AM - System Checkpoint
RP1685: 11/14/2010 3:48:20 AM - System Checkpoint
RP1686: 11/15/2010 4:48:22 AM - System Checkpoint
RP1687: 11/16/2010 12:59:27 AM - Software Distribution Service 3.0
RP1688: 11/17/2010 1:48:10 AM - System Checkpoint
RP1689: 11/18/2010 2:48:13 AM - System Checkpoint
RP1690: 11/19/2010 2:05:50 AM - Software Distribution Service 3.0
RP1691: 11/20/2010 2:48:11 AM - System Checkpoint
RP1692: 11/21/2010 3:48:13 AM - System Checkpoint
RP1693: 11/22/2010 4:48:15 AM - System Checkpoint
RP1694: 11/23/2010 2:05:29 AM - Software Distribution Service 3.0
RP1695: 11/24/2010 2:48:04 AM - System Checkpoint
RP1696: 11/25/2010 3:48:08 AM - System Checkpoint
RP1697: 11/26/2010 1:34:48 AM - Software Distribution Service 3.0
RP1698: 11/27/2010 1:44:42 AM - System Checkpoint
RP1699: 11/28/2010 2:43:37 AM - System Checkpoint
RP1700: 11/29/2010 3:00:18 AM - System Checkpoint
RP1701: 11/29/2010 11:48:28 PM - Software Distribution Service 3.0
RP1702: 12/1/2010 12:00:17 AM - System Checkpoint
RP1703: 12/2/2010 1:00:17 AM - System Checkpoint
RP1704: 12/3/2010 2:00:18 AM - System Checkpoint
RP1705: 12/3/2010 2:22:40 AM - Software Distribution Service 3.0
RP1706: 12/4/2010 3:00:14 AM - System Checkpoint
RP1707: 12/5/2010 4:00:17 AM - System Checkpoint
RP1708: 12/6/2010 5:00:18 AM - System Checkpoint
RP1709: 12/7/2010 2:01:40 AM - Software Distribution Service 3.0
RP1710: 12/8/2010 2:28:11 AM - System Checkpoint
RP1711: 12/9/2010 3:28:11 AM - System Checkpoint
RP1712: 12/9/2010 7:26:59 PM - Windows Defender Checkpoint
RP1713: 12/10/2010 1:47:42 AM - Software Distribution Service 3.0
RP1714: 12/11/2010 1:30:46 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
avast! Free Antivirus
Coupon Printer for Windows
CyberLink BD Advisor 2.0
CyberLink DVD Suite
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink MediaShow
CyberLink PhotoNow
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDVD Copy
CyberLink PowerProducer
DiscAPI (Studio 10)
ESET Online Scanner v3
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.5
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Product Assistant
HP Update
iTunes
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB973688)
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
QuickTime
RAPID (Studio 10)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SmartDraw 2007
Studio 10
Total Immersion D'Fusion @Home Web Plug-In
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/11/2010 10:38:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT nvatabus nvraid PCLEPCI RasAcd Rdbss Tcpip WS2IFSL
12/11/2010 10:38:51 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 10:38:51 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 10:38:51 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 10:38:51 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 10:38:51 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 10:38:51 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/11/2010 10:38:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/10/2010 8:12:24 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pinnacle Systems Media Service service to connect.
12/10/2010 8:12:24 AM, error: Service Control Manager [7000] - The Pinnacle Systems Media Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2010 7:44:44 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3 00000000, parameter4 8050c653.
12/10/2010 7:44:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid

==== End Of File ===========================

 

dds

DDS (Ver_10-12-12.01) - NTFSx86
Run by Melanie at 21:01:14.93 on Sat 12/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.255 [GMT -6:00]

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Melanie\Desktop\0kub6k4w.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Melanie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll ",CheckUSBController
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe "
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [InstantBurn] f:\instan~1\win2k\IBurn.exe
mRun: [UpdatePDRShortCut] "f:\dvd suite\muitransfer\muistartmenu.exe" "f:\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter "
mRun: [UpdatePPShortCut] "f:\powerproducer\muitransfer\muistartmenu.exe" "f:\powerproducer" update "software\cyberlink\powerproducer\5.0 "
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: Add to Google Photos Screensa&ver
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.avataritag.com/app/Plugin/DFusionHomeWebPlugIn.Installer.exe
Filter: text/html - {37d23bef-b1a4-4c04-a966-84d9b27a7d85} -
AppInit_DLLs: appcache.dll syncpack.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll,schannel.dll,digest.dll,msnsspc.dll,
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\melanie\applic~1\mozilla\firefox\profiles\531rj6m2.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\melanie\applic~1\mozilla\firefox\profiles\531rj6m2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-27 165584]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2009-11-14 15784]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-27 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-29 40384]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2009-11-14 162344]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-29 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-29 40384]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-10-4 17408]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

=============== Created Last 30 ================

2010-12-10 07:47:46 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{c7d6923b-0745-408d-9d3a-43d1fb5032e6}\mpengine.dll
2010-12-10 01:26:22 478208 ----a-w- c:\windows\system32\syncpack.dll
2010-12-10 01:26:18 63488 ----a-w- c:\windows\system32\appcache.dll

==================== Find3M ====================

2010-10-25 03:52:12 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-14 18:32:12 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2002-07-26 23:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE

============= FINISH: 21:02:16.31 ===============

 

gmer log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-11 20:57:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160812AS rev.3.ADH
Running: 0kub6k4w.exe; Driver: C:\DOCUME~1\Melanie\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xF3B06CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xF3B06BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xF3B07160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xF3B0708A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xF3B06782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xF3B06C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xF3B066C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xF3B06726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xF3B06DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF3B0722E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xF3B06D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xF3B06EE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF3B13BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xF3B139D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xF3B13B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP F3B13B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP F3B139D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP F3B0F5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP F3B10FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP F3B13BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6661360, 0x2456AE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1492] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005C0002
IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005C0000
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[776] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Udfs \UdfsCdRom CLBUDF.SYS (UDF File System Driver /CyberLink Corporation.)
Device \FileSystem\Udfs \UdfsDisk CLBUDF.SYS (UDF File System Driver /CyberLink Corporation.)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat B6888D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Cdfs \Cdfs CLBUDF.SYS (UDF File System Driver /CyberLink Corporation.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

 

tdds

2010/12/11 21:42:20.0078 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/11 21:42:20.0078 ================================================================================
2010/12/11 21:42:20.0078 SystemInfo:
2010/12/11 21:42:20.0078
2010/12/11 21:42:20.0078 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/11 21:42:20.0078 Product type: Workstation
2010/12/11 21:42:20.0078 ComputerName: M
2010/12/11 21:42:20.0078 UserName: Melanie
2010/12/11 21:42:20.0078 Windows directory: C:\WINDOWS
2010/12/11 21:42:20.0078 System windows directory: C:\WINDOWS
2010/12/11 21:42:20.0078 Processor architecture: Intel x86
2010/12/11 21:42:20.0078 Number of processors: 2
2010/12/11 21:42:20.0078 Page size: 0x1000
2010/12/11 21:42:20.0078 Boot type: Normal boot
2010/12/11 21:42:20.0078 ================================================================================
2010/12/11 21:42:20.0203 Initialize success
2010/12/11 21:42:21.0656 ================================================================================
2010/12/11 21:42:21.0656 Scan started
2010/12/11 21:42:21.0656 Mode: Manual;
2010/12/11 21:42:21.0656 ================================================================================
2010/12/11 21:42:22.0312 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/11 21:42:22.0515 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/11 21:42:22.0578 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/11 21:42:22.0609 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/11 21:42:22.0625 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/11 21:42:22.0656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/11 21:42:22.0703 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/11 21:42:22.0734 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/11 21:42:22.0750 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/11 21:42:22.0796 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/11 21:42:22.0812 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/11 21:42:22.0828 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/11 21:42:22.0875 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/11 21:42:22.0906 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/11 21:42:22.0968 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/11 21:42:23.0015 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/12/11 21:42:23.0031 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/11 21:42:23.0093 ASAPIW2K (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
2010/12/11 21:42:23.0156 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/11 21:42:23.0203 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/11 21:42:23.0265 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/11 21:42:23.0312 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/11 21:42:23.0343 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/11 21:42:23.0375 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/11 21:42:23.0406 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/11 21:42:23.0453 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/11 21:42:23.0531 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/11 21:42:23.0562 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/11 21:42:23.0609 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/11 21:42:23.0671 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/11 21:42:23.0734 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/12/11 21:42:23.0750 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/11 21:42:23.0781 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/11 21:42:23.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/11 21:42:23.0812 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/11 21:42:23.0828 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/11 21:42:23.0875 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/11 21:42:23.0906 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/11 21:42:23.0968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/11 21:42:24.0062 CLBStor (eae645ef188964355fc03167a05177f3) C:\WINDOWS\system32\drivers\CLBStor.sys
2010/12/11 21:42:24.0109 CLBUDF (ff88c416df8457174f3a04b07457ea0d) C:\WINDOWS\system32\drivers\CLBUDF.sys
2010/12/11 21:42:24.0171 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/11 21:42:24.0218 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/11 21:42:24.0281 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/11 21:42:24.0359 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/11 21:42:24.0453 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/11 21:42:24.0562 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/12/11 21:42:24.0593 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/12/11 21:42:24.0625 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/12/11 21:42:24.0640 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/12/11 21:42:24.0656 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/12/11 21:42:24.0671 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/12/11 21:42:24.0734 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/12/11 21:42:24.0781 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/12/11 21:42:24.0796 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/12/11 21:42:24.0875 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/11 21:42:24.0906 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/11 21:42:24.0921 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/11 21:42:24.0968 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/11 21:42:25.0031 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/11 21:42:25.0093 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/11 21:42:25.0171 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/12/11 21:42:25.0250 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/12/11 21:42:25.0625 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/11 21:42:25.0687 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/11 21:42:25.0703 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/11 21:42:25.0812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/11 21:42:25.0859 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/11 21:42:25.0937 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/11 21:42:25.0968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/11 21:42:25.0984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/11 21:42:26.0015 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/11 21:42:26.0046 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/11 21:42:26.0093 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/11 21:42:26.0140 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/11 21:42:26.0187 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/11 21:42:26.0281 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/11 21:42:26.0343 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/11 21:42:26.0406 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/11 21:42:26.0453 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/11 21:42:26.0500 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/11 21:42:26.0546 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/11 21:42:26.0578 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/11 21:42:26.0625 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/11 21:42:26.0656 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/11 21:42:26.0703 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/11 21:42:26.0765 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/11 21:42:26.0828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/11 21:42:26.0890 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/11 21:42:26.0968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/11 21:42:27.0015 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/11 21:42:27.0093 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/11 21:42:27.0140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/11 21:42:27.0187 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/11 21:42:27.0234 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/11 21:42:27.0250 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/11 21:42:27.0281 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/11 21:42:27.0343 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/11 21:42:27.0437 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2010/12/11 21:42:27.0531 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2010/12/11 21:42:27.0562 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/11 21:42:27.0609 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/11 21:42:27.0640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/11 21:42:27.0703 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/11 21:42:27.0718 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/11 21:42:27.0765 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/11 21:42:27.0828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/11 21:42:27.0906 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/11 21:42:27.0937 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/11 21:42:27.0984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/11 21:42:28.0031 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/11 21:42:28.0078 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/11 21:42:28.0125 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/11 21:42:28.0156 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/11 21:42:28.0187 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/11 21:42:28.0218 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/11 21:42:28.0281 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/11 21:42:28.0343 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/11 21:42:28.0390 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/11 21:42:28.0437 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/11 21:42:28.0468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/11 21:42:28.0515 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/11 21:42:28.0562 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\WINDOWS\system32\DRIVERS\netaapl.sys
2010/12/11 21:42:28.0593 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/11 21:42:28.0656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/11 21:42:28.0718 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/11 21:42:28.0781 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/11 21:42:28.0843 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/11 21:42:28.0906 nv (4ed6fcfae2721cc20e8234ebd4ee413a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/11 21:42:28.0921 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: 4ed6fcfae2721cc20e8234ebd4ee413a, Fake md5: 15a6306a0b958bf60f09688d0ee70479
2010/12/11 21:42:28.0937 nv - detected Forged file (1)
2010/12/11 21:42:29.0046 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys
2010/12/11 21:42:29.0125 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys
2010/12/11 21:42:29.0218 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/11 21:42:29.0265 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/11 21:42:29.0312 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/11 21:42:29.0359 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/11 21:42:29.0390 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/11 21:42:29.0453 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/11 21:42:29.0562 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/11 21:42:29.0625 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
2010/12/11 21:42:29.0703 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/11 21:42:29.0921 pepifilter (2a3efd6c3f116675d149da5e36a010a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2010/12/11 21:42:29.0984 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/11 21:42:30.0062 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/11 21:42:30.0171 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
2010/12/11 21:42:30.0218 PinnacleMarvinUsb (e70022ca483b9d2e2062fea2d7b88440) C:\WINDOWS\system32\DRIVERS\MarvinUsb.sys
2010/12/11 21:42:30.0281 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/11 21:42:30.0296 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/11 21:42:30.0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/11 21:42:30.0359 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/11 21:42:30.0437 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/11 21:42:30.0484 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/11 21:42:30.0531 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/11 21:42:30.0593 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/11 21:42:30.0625 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/11 21:42:30.0640 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/11 21:42:30.0687 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/11 21:42:30.0750 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/11 21:42:30.0796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/11 21:42:30.0812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/11 21:42:30.0843 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/11 21:42:30.0859 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/11 21:42:30.0937 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/11 21:42:31.0000 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/11 21:42:31.0031 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/11 21:42:31.0156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/11 21:42:31.0203 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/11 21:42:31.0234 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/11 21:42:31.0281 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/11 21:42:31.0343 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/11 21:42:31.0421 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/11 21:42:31.0453 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/11 21:42:31.0484 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/11 21:42:31.0546 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/11 21:42:31.0578 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/11 21:42:31.0671 STHDA (10995d25f86f234a8d08c56fd49b5a8b) C:\WINDOWS\system32\drivers\sthda.sys
2010/12/11 21:42:31.0671 Suspicious file (Forged): C:\WINDOWS\system32\drivers\sthda.sys. Real md5: 10995d25f86f234a8d08c56fd49b5a8b, Fake md5: 8990440e4b2a7ca5a56a1833b03741fd
2010/12/11 21:42:31.0687 STHDA - detected Forged file (1)
2010/12/11 21:42:31.0781 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/11 21:42:31.0859 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/11 21:42:31.0906 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/11 21:42:31.0953 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/11 21:42:31.0968 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/11 21:42:32.0015 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/11 21:42:32.0062 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/11 21:42:32.0171 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/11 21:42:32.0281 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/11 21:42:32.0375 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/11 21:42:32.0421 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/11 21:42:32.0484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/11 21:42:32.0546 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/11 21:42:32.0609 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/11 21:42:32.0671 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/11 21:42:32.0765 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/11 21:42:32.0859 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/11 21:42:32.0906 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/11 21:42:32.0937 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/11 21:42:33.0000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/11 21:42:33.0031 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/11 21:42:33.0078 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/11 21:42:33.0140 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/11 21:42:33.0171 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/11 21:42:33.0234 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/11 21:42:33.0312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/11 21:42:33.0359 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/11 21:42:33.0406 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/11 21:42:33.0484 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/11 21:42:33.0546 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/11 21:42:33.0625 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/11 21:42:33.0734 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/12/11 21:42:33.0859 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/11 21:42:34.0015 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/11 21:42:34.0062 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/11 21:42:34.0125 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/11 21:42:34.0203 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/11 21:42:34.0234 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/11 21:42:34.0296 ================================================================================
2010/12/11 21:42:34.0296 Scan finished
2010/12/11 21:42:34.0296 ================================================================================
2010/12/11 21:42:34.0312 Detected object count: 2
2010/12/11 21:42:38.0156 Forged file(nv) - User select action: Skip
2010/12/11 21:42:38.0156 Forged file(STHDA) - User select action: Skip

 

trouble

I'm having trouble getting 7-zip to install I think. I can't extract the bootkit-remover.