Solved ATAPI.sysfile corupted

DPI Graphics · 2013/03/09

[Resolved] ATAPI.sysfile corupted

I have done all the scans and here are the results of them. Please let me know if I need to do anything else. This is for a corupted ATAPI.sys file. Thx DPI.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-09 11:11:10
-----------------------------
11:11:10.312 OS Version: Windows 5.1.2600 Service Pack 3
11:11:10.312 Number of processors: 1 586 0x207
11:11:10.312 ComputerName: DPI01 UserName:
11:11:11.234 Initialize success
11:19:15.515 AVAST engine defs: 13030900
11:20:54.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
11:20:54.812 Disk 0 Vendor: ST3200822A 3.01 Size: 190782MB BusType: 3
11:20:54.812 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
11:20:54.812 Disk 1 Vendor: MAXTOR_STM3160815A 3.AAC Size: 152627MB BusType: 3
11:20:54.906 Disk 0 MBR read successfully
11:20:54.906 Disk 0 MBR scan
11:20:55.000 Disk 0 unknown MBR code
11:20:55.000 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 190779 MB offset 63
11:20:55.078 Disk 0 scanning sectors +390716865
11:20:55.250 Disk 0 scanning C:\WINDOWS\system32\drivers
11:21:32.750 Service scanning
11:22:05.187 Service MpKsl9b317507 C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{287DEF3E-9EF3-432E-84C1-FAC6745DADC6}\MpKsl9b317507.sys **LOCKED** 32
11:22:29.109 Modules scanning
11:22:38.562 Disk 0 trace - called modules:
11:22:38.578 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
11:22:38.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8737fab8]
11:22:38.593 3 CLASSPNP.SYS[f76bffd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x87385b00]
11:22:39.343 AVAST engine scan C:\WINDOWS
11:22:51.109 AVAST engine scan C:\WINDOWS\system32
11:31:50.093 AVAST engine scan C:\WINDOWS\system32\drivers
11:32:30.218 AVAST engine scan C:\Documents and Settings\Ed Day.DPI01
11:44:56.109 File: C:\Documents and Settings\Ed Day.DPI01\Desktop\My Downloads\speeditup.exe **INFECTED** Win32:Trojan-gen
12:20:47.359 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
12:33:49.421 Scan finished successfully
12:36:54.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ed Day.DPI01\Desktop\MBR.dat "
12:36:54.640 The log file has been saved successfully to "C:\Documents and Settings\Ed Day.DPI01\Desktop\aswMBR.txt "

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Ed Day at 12:43:47 on 2013-03-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.309 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\Ed Day.DPI01\Application Data\WindowsDatabase\lsql.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Walgreens PictureMover\Bin\PictureMover.exe
C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hei.net/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Page = hxxp://search.live.com
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://my.yahoo.com/linksys
mDefault_Page_URL = hxxp://my.yahoo.com/linksys
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = 127.0.0.1:9421;<local>
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users.windows\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\norton security suite\engine\5.1.0.29\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\norton security suite\engine\5.1.0.29\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\norton security suite\engine\5.1.0.29\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\norton security suite\engine\5.1.0.29\coieplg.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Octoshape Streaming Services] "c:\documents and settings\ed day.dpi01\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Akamai NetSession Interface] "c:\documents and settings\ed day.dpi01\local settings\application data\akamai\netsession_win.exe "
mRun: [adm_tray.exe] c:\program files\acronis\drivemonitor\adm_tray.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [TkBellExe] "e:\my documents\update\realsched.exe" -osboot
mRun: [LightSQL] "c:\documents and settings\ed day.dpi01\application data\windowsdatabase\lsql.exe" 3
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\edday~1.dpi\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\walgre~1.lnk - c:\program files\walgreens picturemover\bin\PictureMover.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: &Search - http://tbedits.radiorage.com/one-to...F4F4-4372-A6F4-13A6DE13B282&n=2012102620&cv=2
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Free YouTube Download - c:\documents and settings\ed day.dpi01\application data\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\ed day.dpi01\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349161699093
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{08C64E08-B624-4B75-9F49-E9792D0CA215} : DHCPNameServer = 75.75.75.75 75.75.76.76
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ed day.dpi01\application data\mozilla\firefox\profiles\z8mwqjrs.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3272718&SearchSource=13&CUI=UN21275996939463174
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=3&q={searchTerms}&CUI=UN21275996939463174
FF - prefs.js: browser.search.selectedEngine - MixiDJ Customized Web Search
FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coffplgn_2011_7_4_3\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\ed day.dpi01\application data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ed day.dpi01\application data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\ed day.dpi01\application data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ed day.dpi01\application data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\program files\relevantknowledge\components\rlxg.dll
FF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\all users.windows\application data\visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: c:\documents and settings\ed day.dpi01\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mapsgalaxy_39\bar\1.bin\NP39Stub.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
FF - plugin: c:\program files\radiorage_4j\bar\1.bin\NP4jStub.dll
FF - plugin: e:\my documents\netscape6\nppl3260.dll
FF - plugin: e:\my documents\netscape6\nprjplug.dll
FF - plugin: e:\my documents\netscape6\nprpplugin.dll
FF - ExtSQL: 2013-02-02 13:37; freehdsport@freehdsport.tv; c:\documents and settings\ed day.dpi01\application data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: 2013-02-02 13:39; plugin@yontoo.com; c:\documents and settings\ed day.dpi01\application data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\plugin@yontoo.com
FF - ExtSQL: 2013-02-02 18:07; ffxtlbr@delta.com; c:\documents and settings\ed day.dpi01\application data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: !HIDDEN! 2012-08-21 22:57; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-11-21 19:12; 39ffxtbr@MapsGalaxy_39.com; c:\program files\mapsgalaxy_39\bar\1.bin
FF - ExtSQL: !HIDDEN! 2012-11-21 19:12; 4jffxtbr@RadioRage_4j.com; c:\program files\radiorage_4j\bar\1.bin
FF - ExtSQL: !HIDDEN! 2013-02-02 18:09; statuswinks@StatusWinks; c:\documents and settings\ed day.dpi01\application data\mozilla\extensions\statuswinks@StatusWinks
FF - ExtSQL: !HIDDEN! 2013-02-15 10:34; {8fd9fd58-dafd-4930-9eca-13c240a96da9}; c:\documents and settings\ed day.dpi01\application data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\{8fd9fd58-dafd-4930-9eca-13c240a96da9}.xpi
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 70f2e03500000000000000a0ccd5827a
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15739
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.018:07:58
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
R1 MpKsl9b317507;MpKsl9b317507;c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{287def3e-9ef3-432e-84c1-fac6745dadc6}\MpKsl9b317507.sys [2013-3-9 29904]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-2-28 14336]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\Ngrpci.sys [2010-4-6 32840]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys --> c:\windows\system32\drivers\n360\0502000.00d\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys --> c:\windows\system32\drivers\n360\0502000.00d\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120207.003\bhdrvx86.sys --> c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120207.003\BHDrvx86.sys [?]
S1 ebkojubw;ebkojubw;\??\c:\windows\system32\drivers\ebkojubw.sys --> c:\windows\system32\drivers\ebkojubw.sys [?]
S1 iggyuoae;iggyuoae;\??\c:\windows\system32\drivers\iggyuoae.sys --> c:\windows\system32\drivers\iggyuoae.sys [?]
S1 ljbtsivs;ljbtsivs;\??\c:\windows\system32\drivers\ljbtsivs.sys --> c:\windows\system32\drivers\ljbtsivs.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys --> c:\windows\system32\drivers\n360\0502000.00d\Ironx86.SYS [?]
S1 tbrahajt;tbrahajt;\??\c:\windows\system32\drivers\tbrahajt.sys --> c:\windows\system32\drivers\tbrahajt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ATICDSDr;ATICDSDr;c:\dell\drivers\r60303\tvtgaa01\bin\atiicdxx.sys [2010-4-7 5376]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120210.002\idsxpx86.sys --> c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120210.002\IDSxpx86.sys [?]
S3 NAVENG;NAVENG;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120211.006\NAVENG.SYS [2012-2-11 86136]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120211.006\NAVEX15.SYS [2012-2-11 1576312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\common files\maxtor\schedule2\schedul2.exe [2008-6-27 431384]
UnknownUnknown MpKslc628df60;MpKslc628df60; [x]
.
=============== Created Last 30 ================
.
2013-03-09 19:11:19 29904 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{287def3e-9ef3-432e-84c1-fac6745dadc6}\MpKsl9b317507.sys
2013-03-09 19:01:46 6954968 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{287def3e-9ef3-432e-84c1-fac6745dadc6}\mpengine.dll
2013-03-09 01:47:36 -------- d-----w- c:\documents and settings\ed day.dpi01\application data\WindowsDatabase
2013-03-08 18:51:57 6954968 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-02-28 01:05:18 -------- d-----w- c:\program files\RealNetworks
2013-02-28 01:05:11 -------- d-----w- c:\documents and settings\all users.windows\application data\RealNetworks
2013-02-28 01:03:22 153296 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2013-02-28 01:02:56 124056 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
.
==================== Find3M ====================
.
2013-02-27 02:45:26 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 02:45:25 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 04:10:57 455 ----a-w- c:\program files\0627201221105734.bat
2004-03-11 20:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 12:45:26.90 ===============

DPI Graphics · 2013/03/09

ATAPI.sys file corupted DDS attached file

Here is the DDS attached file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/6/2010 11:43:12 PM
System Uptime: 3/9/2013 10:46:13 AM (2 hours ago)
.
Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2392/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 128.144 GiB free.
E: is FIXED (NTFS) - 76 GiB total, 67.241 GiB free.
F: is FIXED (NTFS) - 73 GiB total, 30.265 GiB free.
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_13EB0070&REV_11\4&3B1CAF2B&0&00F0
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_13EB0070&REV_11\4&3B1CAF2B&0&00F0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_13EB0070&REV_11\4&3B1CAF2B&0&01F0
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_13EB0070&REV_11\4&3B1CAF2B&0&01F0
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_01421028&REV_81\4&3B1CAF2B&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_01421028&REV_81\4&3B1CAF2B&0&40F0
Service: E100B
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service:
.
==== System Restore Points ===================
.
RP1551: 10/20/2012 11:43:28 PM - Software Distribution Service 3.0
RP1552: 10/21/2012 9:37:09 AM - Software Distribution Service 3.0
RP1553: 10/21/2012 11:54:38 PM - Software Distribution Service 3.0
RP1554: 10/22/2012 3:00:19 AM - Software Distribution Service 3.0
RP1555: 10/22/2012 11:56:33 PM - Software Distribution Service 3.0
RP1556: 10/23/2012 10:00:33 AM - Software Distribution Service 3.0
RP1557: 10/24/2012 12:29:31 AM - Software Distribution Service 3.0
RP1558: 10/25/2012 12:44:17 AM - System Checkpoint
RP1559: 10/25/2012 3:00:15 AM - Software Distribution Service 3.0
RP1560: 10/25/2012 3:16:53 AM - Software Distribution Service 3.0
RP1561: 10/25/2012 11:45:25 PM - Software Distribution Service 3.0
RP1562: 10/26/2012 9:35:22 AM - Software Distribution Service 3.0
RP1563: 10/26/2012 9:55:57 AM - Software Distribution Service 3.0
RP1564: 10/26/2012 10:34:27 PM - Revo Uninstaller's restore point - Torch
RP1565: 10/26/2012 10:37:09 PM - Revo Uninstaller's restore point - iLivid
RP1566: 10/26/2012 11:15:31 PM - Software Distribution Service 3.0
RP1567: 10/27/2012 9:04:14 AM - Software Distribution Service 3.0
RP1568: 10/28/2012 3:00:13 AM - Software Distribution Service 3.0
RP1569: 10/28/2012 3:16:41 AM - Software Distribution Service 3.0
RP1570: 10/29/2012 12:15:29 AM - Software Distribution Service 3.0
RP1571: 10/29/2012 3:00:16 AM - Software Distribution Service 3.0
RP1572: 10/30/2012 3:00:13 AM - Software Distribution Service 3.0
RP1573: 10/30/2012 3:16:37 AM - Software Distribution Service 3.0
RP1574: 10/31/2012 3:00:13 AM - Software Distribution Service 3.0
RP1575: 11/1/2012 3:00:27 AM - Software Distribution Service 3.0
RP1576: 11/1/2012 3:17:40 AM - Software Distribution Service 3.0
RP1577: 11/1/2012 11:57:19 PM - Software Distribution Service 3.0
RP1578: 11/2/2012 10:13:14 AM - Software Distribution Service 3.0
RP1579: 11/2/2012 10:54:59 PM - Software Distribution Service 3.0
RP1580: 11/3/2012 10:03:22 PM - System Checkpoint
RP1581: 11/3/2012 10:32:03 PM - Software Distribution Service 3.0
RP1582: 11/4/2012 9:10:40 AM - Software Distribution Service 3.0
RP1583: 11/5/2012 12:05:16 AM - Software Distribution Service 3.0
RP1584: 11/5/2012 3:00:12 AM - Software Distribution Service 3.0
RP1585: 11/5/2012 11:29:26 PM - Software Distribution Service 3.0
RP1586: 11/6/2012 8:37:22 AM - Software Distribution Service 3.0
RP1587: 11/6/2012 11:04:37 PM - Software Distribution Service 3.0
RP1588: 11/7/2012 9:25:16 AM - Software Distribution Service 3.0
RP1589: 11/7/2012 11:53:50 PM - Software Distribution Service 3.0
RP1590: 11/8/2012 10:01:36 AM - Software Distribution Service 3.0
RP1591: 11/8/2012 11:58:01 PM - Software Distribution Service 3.0
RP1592: 11/9/2012 11:21:00 PM - Software Distribution Service 3.0
RP1593: 11/10/2012 10:47:59 AM - Software Distribution Service 3.0
RP1594: 11/10/2012 11:48:56 PM - Software Distribution Service 3.0
RP1595: 11/11/2012 2:02:54 PM - Software Distribution Service 3.0
RP1596: 11/12/2012 12:20:41 AM - Software Distribution Service 3.0
RP1597: 11/12/2012 3:00:17 AM - Software Distribution Service 3.0
RP1598: 11/12/2012 11:12:30 PM - Software Distribution Service 3.0
RP1599: 11/13/2012 10:44:40 AM - Software Distribution Service 3.0
RP1600: 11/13/2012 11:46:35 PM - Software Distribution Service 3.0
RP1601: 11/15/2012 12:02:11 AM - Software Distribution Service 3.0
RP1602: 11/15/2012 8:58:00 AM - Software Distribution Service 3.0
RP1603: 11/15/2012 9:10:30 AM - Revo Uninstaller's restore point - GamesLeap
RP1604: 11/15/2012 11:35:00 PM - Software Distribution Service 3.0
RP1605: 11/16/2012 10:20:47 AM - Software Distribution Service 3.0
RP1606: 11/16/2012 11:06:03 PM - Revo Uninstaller's restore point - iFreeTV v1.0
RP1607: 11/17/2012 3:00:13 AM - Software Distribution Service 3.0
RP1608: 11/17/2012 3:01:35 AM - Installed Windows XP KB2761226.
RP1609: 11/17/2012 3:02:28 AM - Installed Windows XP KB2727528.
RP1610: 11/18/2012 12:45:47 AM - Software Distribution Service 3.0
RP1611: 11/18/2012 8:33:58 AM - Software Distribution Service 3.0
RP1612: 11/18/2012 11:57:37 PM - Software Distribution Service 3.0
RP1613: 11/19/2012 3:00:19 AM - Software Distribution Service 3.0
RP1614: 11/19/2012 11:15:30 PM - Software Distribution Service 3.0
RP1615: 11/20/2012 10:41:28 AM - Software Distribution Service 3.0
RP1616: 11/21/2012 1:22:16 AM - Software Distribution Service 3.0
RP1617: 11/21/2012 3:00:13 AM - Software Distribution Service 3.0
RP1618: 11/21/2012 3:34:03 AM - Software Distribution Service 3.0
RP1619: 11/21/2012 4:34:19 AM - Software Distribution Service 3.0
RP1620: 11/21/2012 7:25:32 PM - Software Distribution Service 3.0
RP1621: 11/21/2012 7:36:24 PM - Revo Uninstaller's restore point - Google Toolbar for Internet Explorer
RP1622: 11/21/2012 7:38:34 PM - Revo Uninstaller's restore point - Searchqu Toolbar
RP1623: 11/21/2012 7:43:31 PM - Revo Uninstaller's restore point - BuzzSocialPoints version 1.0
RP1624: 11/21/2012 7:47:38 PM - Revo Uninstaller's restore point - BuzzSocialPoints_DNS version 1.0
RP1625: 11/21/2012 11:54:10 PM - Software Distribution Service 3.0
RP1626: 11/22/2012 11:23:54 PM - Software Distribution Service 3.0
RP1627: 11/23/2012 9:58:47 AM - Software Distribution Service 3.0
RP1628: 11/23/2012 11:40:10 PM - Software Distribution Service 3.0
RP1629: 11/24/2012 10:01:24 AM - Software Distribution Service 3.0
RP1630: 11/25/2012 12:59:27 AM - Software Distribution Service 3.0
RP1631: 11/25/2012 11:49:56 PM - Software Distribution Service 3.0
RP1632: 11/26/2012 3:00:21 AM - Software Distribution Service 3.0
RP1633: 11/27/2012 12:04:42 AM - Software Distribution Service 3.0
RP1634: 11/27/2012 1:00:32 PM - Software Distribution Service 3.0
RP1635: 11/27/2012 11:23:32 PM - Software Distribution Service 3.0
RP1636: 11/28/2012 11:26:02 PM - Software Distribution Service 3.0
RP1637: 11/29/2012 9:01:40 AM - Software Distribution Service 3.0
RP1638: 11/29/2012 4:44:55 PM - RegClean Pro Thu, Nov 29, 12 16:44
RP1639: 11/29/2012 8:42:12 PM - Revo Uninstaller's restore point - RegClean Pro
RP1640: 11/29/2012 11:58:47 PM - Software Distribution Service 3.0
RP1641: 11/30/2012 3:00:12 AM - Software Distribution Service 3.0
RP1642: 12/1/2012 12:18:41 AM - Software Distribution Service 3.0
RP1643: 12/1/2012 8:30:50 AM - Software Distribution Service 3.0
RP1644: 12/1/2012 11:55:20 PM - Software Distribution Service 3.0
RP1645: 12/2/2012 8:48:39 AM - Software Distribution Service 3.0
RP1646: 12/2/2012 11:18:16 PM - Software Distribution Service 3.0
RP1647: 12/3/2012 12:14:34 AM - Software Distribution Service 3.0
RP1648: 12/3/2012 3:00:20 AM - Software Distribution Service 3.0
RP1649: 12/3/2012 11:25:33 PM - Installed iTunes
RP1650: 12/4/2012 12:46:23 AM - Software Distribution Service 3.0
RP1651: 12/4/2012 9:33:22 AM - Software Distribution Service 3.0
RP1652: 12/4/2012 11:32:51 PM - Software Distribution Service 3.0
RP1653: 12/5/2012 11:24:46 PM - Software Distribution Service 3.0
RP1654: 12/6/2012 10:07:08 AM - Software Distribution Service 3.0
RP1655: 12/6/2012 11:34:44 PM - Software Distribution Service 3.0
RP1656: 12/7/2012 10:54:07 PM - Software Distribution Service 3.0
RP1657: 12/8/2012 7:08:27 PM - Software Distribution Service 3.0
RP1658: 12/8/2012 10:54:20 PM - Software Distribution Service 3.0
RP1659: 12/9/2012 11:55:29 PM - System Checkpoint
RP1660: 12/10/2012 12:22:18 AM - Software Distribution Service 3.0
RP1661: 12/10/2012 3:00:20 AM - Software Distribution Service 3.0
RP1662: 12/10/2012 5:32:02 PM - Software Distribution Service 3.0
RP1663: 12/10/2012 11:18:28 PM - Software Distribution Service 3.0
RP1664: 12/11/2012 9:33:22 AM - Software Distribution Service 3.0
RP1665: 12/11/2012 11:53:42 PM - Software Distribution Service 3.0
RP1666: 12/12/2012 10:43:46 AM - Software Distribution Service 3.0
RP1667: 12/13/2012 12:17:58 AM - Software Distribution Service 3.0
RP1668: 12/13/2012 12:26:29 AM - Installed Windows XP KB2761465.
RP1669: 12/13/2012 12:28:01 AM - Installed Windows XP KB2770660.
RP1670: 12/13/2012 12:29:07 AM - Installed Windows XP KB2753842.
RP1671: 12/13/2012 12:31:01 AM - Installed Windows XP KB2779562.
RP1672: 12/13/2012 12:32:20 AM - Installed Windows XP KB2779030.
RP1673: 12/13/2012 12:33:17 AM - Installed Windows XP KB2758857.
RP1674: 12/14/2012 12:55:35 AM - Software Distribution Service 3.0
RP1675: 12/14/2012 10:28:25 AM - Software Distribution Service 3.0
RP1676: 12/14/2012 11:54:11 PM - Software Distribution Service 3.0
RP1677: 12/15/2012 10:37:45 AM - Software Distribution Service 3.0
RP1678: 12/16/2012 12:11:54 AM - Software Distribution Service 3.0
RP1679: 12/16/2012 11:56:21 PM - Software Distribution Service 3.0
RP1680: 12/17/2012 3:00:18 AM - Software Distribution Service 3.0
RP1681: 12/17/2012 11:29:28 PM - Software Distribution Service 3.0
RP1682: 12/18/2012 8:58:38 AM - Software Distribution Service 3.0
RP1683: 12/19/2012 1:03:23 AM - Software Distribution Service 3.0
RP1684: 12/20/2012 12:16:06 AM - Software Distribution Service 3.0
RP1685: 12/20/2012 8:57:15 AM - Software Distribution Service 3.0
RP1686: 12/20/2012 11:24:38 PM - Software Distribution Service 3.0
RP1687: 12/21/2012 9:24:48 AM - Software Distribution Service 3.0
RP1688: 12/22/2012 12:15:43 AM - Software Distribution Service 3.0
RP1689: 12/22/2012 12:17:15 AM - Installed Windows XP KB2753842-v2.
RP1690: 12/22/2012 2:14:46 PM - Software Distribution Service 3.0
RP1691: 12/23/2012 12:07:21 AM - Software Distribution Service 3.0
RP1692: 12/24/2012 12:28:04 AM - Software Distribution Service 3.0
RP1693: 12/24/2012 3:00:17 AM - Software Distribution Service 3.0
RP1694: 12/25/2012 1:02:06 AM - Software Distribution Service 3.0
RP1695: 12/25/2012 9:23:57 AM - Software Distribution Service 3.0
RP1696: 12/25/2012 9:29:56 AM - Revo Uninstaller's restore point - Adobe Reader 9.3.3
RP1697: 12/25/2012 9:34:56 AM - Revo Uninstaller's restore point - Adobe Reader 9.4.6
RP1698: 12/25/2012 10:31:53 AM - Revo Uninstaller's restore point - Adobe Reader X (10.1.3)
RP1699: 12/25/2012 10:54:29 AM - Installed Adobe Reader 9.5.0.
RP1700: 12/25/2012 11:41:07 PM - Software Distribution Service 3.0
RP1701: 12/26/2012 10:59:54 AM - Software Distribution Service 3.0
RP1702: 12/27/2012 12:20:27 AM - Software Distribution Service 3.0
RP1703: 12/27/2012 9:27:43 AM - Revo Uninstaller's restore point - TuneUp Utilities 2013
RP1704: 12/27/2012 9:29:07 AM - Removed TuneUp Utilities 2013
RP1705: 12/27/2012 9:30:39 AM - Removed TuneUp Utilities Language Pack (en-US)
RP1706: 12/27/2012 9:40:19 AM - Revo Uninstaller's restore point - iTunes
RP1707: 12/27/2012 10:09:47 AM - Revo Uninstaller's restore point - Bonjour
RP1708: 12/27/2012 10:10:23 AM - Removed Bonjour
RP1709: 12/27/2012 10:11:37 AM - Revo Uninstaller's restore point - Apple Software Update
RP1710: 12/27/2012 10:13:31 AM - Revo Uninstaller's restore point - Apple Mobile Device Support
RP1711: 12/27/2012 10:15:25 AM - Revo Uninstaller's restore point - Coupon Printer for Windows
RP1712: 12/27/2012 10:16:34 AM - Revo Uninstaller's restore point - Coupon Caddy
RP1713: 12/28/2012 12:04:14 AM - Software Distribution Service 3.0
RP1714: 12/28/2012 11:03:16 PM - Software Distribution Service 3.0
RP1715: 12/29/2012 10:29:36 AM - Software Distribution Service 3.0
RP1716: 12/30/2012 12:01:08 AM - Software Distribution Service 3.0
RP1717: 12/30/2012 11:33:41 PM - Software Distribution Service 3.0
RP1718: 12/31/2012 3:00:21 AM - Software Distribution Service 3.0
RP1719: 12/31/2012 5:49:40 PM - Revo Uninstaller's restore point - Intel(R) PRO Ethernet Adapter and Software
RP1720: 12/31/2012 5:55:31 PM - Revo Uninstaller's restore point - Optimizer Pro v3.0
RP1721: 1/1/2013 3:00:13 AM - Software Distribution Service 3.0
RP1722: 1/1/2013 3:15:48 AM - Software Distribution Service 3.0
RP1723: 1/2/2013 3:00:13 AM - Software Distribution Service 3.0
RP1724: 1/2/2013 4:21:35 AM - Software Distribution Service 3.0
RP1725: 1/2/2013 8:39:01 AM - Software Distribution Service 3.0
RP1726: 1/2/2013 9:00:49 AM - Software Distribution Service 3.0
RP1727: 1/2/2013 11:31:18 PM - Software Distribution Service 3.0
RP1728: 1/3/2013 9:48:33 AM - Software Distribution Service 3.0
RP1729: 1/3/2013 11:05:54 PM - Software Distribution Service 3.0
RP1730: 1/4/2013 11:49:20 PM - Software Distribution Service 3.0
RP1731: 1/5/2013 10:16:40 AM - Software Distribution Service 3.0
RP1732: 1/5/2013 9:14:44 PM - Installed Walgreens PictureMover.
RP1733: 1/5/2013 11:03:48 PM - Software Distribution Service 3.0
RP1734: 1/6/2013 11:45:57 PM - System Checkpoint
RP1735: 1/7/2013 12:23:33 AM - Software Distribution Service 3.0
RP1736: 1/7/2013 3:00:17 AM - Software Distribution Service 3.0
RP1737: 1/7/2013 11:41:25 PM - Software Distribution Service 3.0
RP1738: 1/8/2013 6:52:03 PM - Software Distribution Service 3.0
RP1739: 1/8/2013 11:26:30 PM - Software Distribution Service 3.0
RP1740: 1/10/2013 12:28:27 AM - Software Distribution Service 3.0
RP1741: 1/10/2013 12:38:13 AM - Installed Windows XP KB2757638.
RP1742: 1/10/2013 10:48:49 AM - Software Distribution Service 3.0
RP1743: 1/10/2013 11:34:22 PM - Software Distribution Service 3.0
RP1744: 1/11/2013 11:14:46 AM - Software Distribution Service 3.0
RP1745: 1/11/2013 11:33:10 PM - Software Distribution Service 3.0
RP1746: 1/12/2013 12:30:25 PM - Software Distribution Service 3.0
RP1747: 1/12/2013 4:10:34 PM - Software Distribution Service 3.0
RP1748: 1/12/2013 11:17:47 PM - Software Distribution Service 3.0
RP1749: 1/13/2013 11:44:21 PM - Software Distribution Service 3.0
RP1750: 1/14/2013 3:00:21 AM - Software Distribution Service 3.0
RP1751: 1/14/2013 11:12:04 PM - Software Distribution Service 3.0
RP1752: 1/15/2013 11:09:11 AM - Software Distribution Service 3.0
RP1753: 1/16/2013 12:54:53 AM - Software Distribution Service 3.0
RP1754: 1/16/2013 12:59:43 AM - Installed Windows XP KB2799329.
RP1755: 1/17/2013 1:57:23 AM - System Checkpoint
RP1756: 1/17/2013 3:00:14 AM - Software Distribution Service 3.0
RP1757: 1/17/2013 3:14:10 AM - Software Distribution Service 3.0
RP1758: 1/17/2013 11:44:55 PM - Software Distribution Service 3.0
RP1759: 1/18/2013 1:27:31 PM - Software Distribution Service 3.0
RP1760: 1/18/2013 11:10:35 PM - Software Distribution Service 3.0
RP1761: 1/19/2013 3:10:25 PM - Software Distribution Service 3.0
RP1762: 1/19/2013 10:32:04 PM - Software Distribution Service 3.0
RP1763: 1/20/2013 11:05:53 PM - Software Distribution Service 3.0
RP1764: 1/21/2013 11:18:15 PM - System Checkpoint
RP1765: 1/22/2013 3:00:16 AM - Software Distribution Service 3.0
RP1766: 1/22/2013 3:14:58 AM - Software Distribution Service 3.0
RP1767: 1/22/2013 11:47:01 PM - Software Distribution Service 3.0
RP1768: 1/23/2013 9:32:35 AM - Software Distribution Service 3.0
RP1769: 1/23/2013 11:12:49 PM - Software Distribution Service 3.0
RP1770: 1/24/2013 10:16:41 AM - Software Distribution Service 3.0
RP1771: 1/24/2013 11:24:28 PM - Software Distribution Service 3.0
RP1772: 1/25/2013 11:03:17 PM - Software Distribution Service 3.0
RP1773: 1/26/2013 11:34:41 AM - Software Distribution Service 3.0
RP1774: 1/26/2013 11:58:46 PM - Software Distribution Service 3.0
RP1775: 1/28/2013 12:18:13 AM - Software Distribution Service 3.0
RP1776: 1/28/2013 3:00:18 AM - Software Distribution Service 3.0
RP1777: 1/28/2013 11:15:03 PM - Software Distribution Service 3.0
RP1778: 1/29/2013 9:48:52 AM - Software Distribution Service 3.0
RP1779: 1/30/2013 1:09:01 AM - Software Distribution Service 3.0
RP1780: 1/31/2013 1:05:35 AM - Software Distribution Service 3.0
RP1781: 1/31/2013 9:43:48 AM - Software Distribution Service 3.0
RP1782: 2/1/2013 12:40:13 AM - Software Distribution Service 3.0
RP1783: 2/1/2013 11:17:34 AM - Software Distribution Service 3.0
RP1784: 2/2/2013 12:03:21 AM - Software Distribution Service 3.0
RP1785: 2/2/2013 6:00:43 PM - Installed QuickTime
RP1786: 2/3/2013 1:12:43 AM - Software Distribution Service 3.0
RP1787: 2/3/2013 10:38:22 AM - Software Distribution Service 3.0
RP1788: 2/4/2013 12:28:23 AM - Software Distribution Service 3.0
RP1789: 2/4/2013 3:00:19 AM - Software Distribution Service 3.0
RP1790: 2/4/2013 4:45:28 PM - Revo Uninstaller's restore point - Smiley Bar for Facebook
RP1791: 2/4/2013 4:51:37 PM - Revo Uninstaller's restore point - iMesh
RP1792: 2/4/2013 11:31:51 PM - Removed QuickTime
RP1793: 2/5/2013 12:03:08 AM - Software Distribution Service 3.0
RP1794: 2/5/2013 10:02:52 AM - Software Distribution Service 3.0
RP1795: 2/6/2013 1:04:44 AM - Software Distribution Service 3.0
RP1796: 2/7/2013 12:49:33 AM - Software Distribution Service 3.0
RP1797: 2/7/2013 10:39:32 AM - Software Distribution Service 3.0
RP1798: 2/7/2013 11:32:08 PM - Software Distribution Service 3.0
RP1799: 2/9/2013 12:44:54 AM - System Checkpoint
RP1800: 2/9/2013 3:00:15 AM - Software Distribution Service 3.0
RP1801: 2/9/2013 3:15:12 AM - Software Distribution Service 3.0
RP1802: 2/10/2013 12:01:01 AM - Software Distribution Service 3.0
RP1803: 2/10/2013 11:05:28 AM - Software Distribution Service 3.0
RP1804: 2/10/2013 11:51:01 PM - Software Distribution Service 3.0
RP1805: 2/11/2013 3:00:25 AM - Software Distribution Service 3.0
RP1806: 2/11/2013 11:22:00 PM - Software Distribution Service 3.0
RP1807: 2/12/2013 10:29:00 AM - Software Distribution Service 3.0
RP1808: 2/13/2013 11:59:30 AM - Software Distribution Service 3.0
RP1809: 2/13/2013 11:49:55 PM - Software Distribution Service 3.0
RP1810: 2/13/2013 11:51:35 PM - Installed Windows XP KB2792100.
RP1811: 2/13/2013 11:53:21 PM - Installed Windows XP KB2780091.
RP1812: 2/13/2013 11:54:07 PM - Installed Windows XP KB2802968.
RP1813: 2/13/2013 11:55:18 PM - Installed Windows XP KB2799494.
RP1814: 2/13/2013 11:56:23 PM - Installed Windows XP KB2778344.
RP1815: 2/13/2013 11:57:31 PM - Installed Windows XP KB2797052.
RP1816: 2/15/2013 12:45:42 AM - Software Distribution Service 3.0
RP1817: 2/15/2013 10:56:15 AM - Software Distribution Service 3.0
RP1818: 2/16/2013 12:25:59 AM - Software Distribution Service 3.0
RP1819: 2/16/2013 11:11:59 AM - Software Distribution Service 3.0
RP1820: 2/17/2013 12:22:01 AM - Software Distribution Service 3.0
RP1821: 2/17/2013 11:30:16 AM - Software Distribution Service 3.0
RP1822: 2/17/2013 11:57:36 PM - Software Distribution Service 3.0
RP1823: 2/18/2013 3:00:18 AM - Software Distribution Service 3.0
RP1824: 2/18/2013 10:09:08 AM - Software Distribution Service 3.0
RP1825: 2/19/2013 12:47:22 AM - Software Distribution Service 3.0
RP1826: 2/20/2013 12:09:48 AM - Software Distribution Service 3.0
RP1827: 2/20/2013 12:12:10 PM - Software Distribution Service 3.0
RP1828: 2/20/2013 11:53:27 PM - Software Distribution Service 3.0
RP1829: 2/21/2013 1:35:05 PM - Software Distribution Service 3.0
RP1830: 2/22/2013 3:00:13 AM - Software Distribution Service 3.0
RP1831: 2/22/2013 1:27:40 PM - Software Distribution Service 3.0
RP1832: 2/23/2013 3:00:13 AM - Software Distribution Service 3.0
RP1833: 2/23/2013 1:27:35 PM - Software Distribution Service 3.0
RP1834: 2/24/2013 3:00:13 AM - Software Distribution Service 3.0
RP1835: 2/24/2013 1:27:44 PM - Software Distribution Service 3.0
RP1836: 2/25/2013 12:07:39 AM - Software Distribution Service 3.0
RP1837: 2/25/2013 3:00:17 AM - Software Distribution Service 3.0
RP1838: 2/25/2013 1:27:33 PM - Software Distribution Service 3.0
RP1839: 2/25/2013 11:41:01 PM - Revo Uninstaller's restore point - Delta Chrome Toolbar
RP1840: 2/25/2013 11:43:00 PM - Revo Uninstaller's restore point - Delta toolbar
RP1841: 2/26/2013 12:06:43 AM - Software Distribution Service 3.0
RP1842: 2/26/2013 9:00:33 PM - Revo Uninstaller's restore point - Yontoo 1.12.02
RP1843: 2/27/2013 12:35:51 AM - Software Distribution Service 3.0
RP1844: 2/27/2013 9:57:46 AM - Software Distribution Service 3.0
RP1845: 2/27/2013 1:08:47 PM - Revo Uninstaller's restore point - MixiDJ Toolbar
RP1846: 2/28/2013 12:04:44 AM - Software Distribution Service 3.0
RP1847: 2/28/2013 10:11:12 AM - Software Distribution Service 3.0
RP1848: 3/1/2013 12:56:13 AM - Software Distribution Service 3.0
RP1849: 3/1/2013 11:04:30 AM - Software Distribution Service 3.0
RP1850: 3/2/2013 12:05:13 AM - Software Distribution Service 3.0
RP1851: 3/2/2013 11:06:54 AM - Software Distribution Service 3.0
RP1852: 3/3/2013 12:56:02 AM - Software Distribution Service 3.0
RP1853: 3/5/2013 3:27:36 PM - Software Distribution Service 3.0
RP1854: 3/5/2013 3:49:12 PM - Software Distribution Service 3.0
RP1855: 3/6/2013 12:04:00 AM - Software Distribution Service 3.0
RP1856: 3/6/2013 11:55:07 PM - Software Distribution Service 3.0
RP1857: 3/7/2013 9:45:21 AM - Software Distribution Service 3.0
RP1858: 3/7/2013 11:13:25 PM - Software Distribution Service 3.0
RP1859: 3/8/2013 10:51:43 AM - Software Distribution Service 3.0
RP1860: 3/9/2013 12:03:42 AM - Software Distribution Service 3.0
RP1861: 3/9/2013 11:01:35 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510gm_Help
4500G510gm
4500G510gm_Software_Min
Acrobat.com
Acronis Drive Monitor
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.3
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
Audacity 1.2.6
Bing Bar
Bing Bar Platform
BufferChm
CameraDrivers
CameraReadme
Compatibility Pack for the 2007 Office system
Corel Applications
Debut Video Capture Software
Destinations
DeviceDiscovery
DeviceManagementQFolder
DiscWizard for Windows
Disketch CD Label Software
DocProc
DocProcQFolder
Doxillion Document Converter
Driver Detective
Driver Magician Lite 3.64
Editor
eSupportQFolder
Express Burn Disc Burning Software
Express Rip
EZ Fonts
Fax
ffdshow v1.2.4422 [2012-04-09]
File Type Assistant
FirstRowSportApp
FlashPlayer
Free Audio CD Burner version 1.4
Free Easy Burner V 4.4.1
Free File Viewer 2012
Free YouTube Download version 3.1.37.918
Free YouTube to MP3 Converter version 3.11.36.1201
Glarysoft Registry Repair 2.7
Google Update Helper
GPBaseService2
Haali Media Splitter
Hardware Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 13.0
HP Officejet 4500 G510g-m
HP Photosmart Cameras 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 13.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
HTML Password Lock 5.2
ieSpell
iLivid
InstantShareAlert
InstantShareDevicesMFC
Intel(R) PRO Ethernet Adapter and Software
ISO Recorder
iWin Games (remove only)
J2SE Runtime Environment 5.0 Update 11
Java Auto Updater
Java(TM) 6 Update 20
Jewel Quest Solitaire (remove only)
Junk Mail filter update
Malwarebytes Anti-Malware version 1.70.0.1100
Maxtor*MaxBlast
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Web Embedding Fonts Tool (III)
Microsoft XML Parser
MixPad Audio Mixer
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
MPlayer (remove only)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Norton Security Suite
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OCR Software by I.R.I.S. 13.0
Octoshape add-in for Adobe Flash Player
Octoshape Streaming Services
OpenOffice.org 3.3
PanoStandAlone
PhotoPad Image Editor
PhotoStage Slideshow Producer
Pixillion Image Converter
Prism Video Converter
PS_APP_02_Software_Min
PSSWCORE
PTDD Super Fdisk 1.0
QFolder
Quick StartUp 2.2
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.92
SAMSUNG USB Driver for Mobile Phones
Scan
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SolutionCenter
SoundMAX
Status
SumatraPDF 2.1.1
Switch Sound File Converter
Symantec Technical Support Web Controls
Toolbox
TrayApp
Uninstall 1.0.0.1
Unload
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoPad Video Editor
VideoToolkit01
VueScan
W Photo Studio
Walgreens PictureMover
WavePad Sound Editor
WeatherBug
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools
Windows XP Service Pack 3
XXClone ver 0.58.0
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
3/9/2013 10:47:17 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 PCIIde SRTSPX SymDS SymEFA SymIRON
3/8/2013 10:41:10 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f75e271d, parameter3 f4071734, parameter4 00000000.
3/7/2013 9:38:39 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f75e271d, parameter3 f0e45734, parameter4 00000000.
3/7/2013 9:38:00 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f75e271d, parameter3 f101d734, parameter4 00000000.
3/7/2013 9:36:14 AM, error: HTTP [15006] - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR is invalid. This could be because another user has already created the log file or the directory.
3/6/2013 12:09:10 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2742596).
3/6/2013 12:09:03 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2736428).
3/6/2013 12:08:58 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2756918).
3/6/2013 12:08:51 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2737019).
3/6/2013 12:08:44 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2604111).
3/6/2013 12:08:39 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2729449).
3/6/2013 12:08:33 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2742595).
3/6/2013 12:08:26 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2604092).
3/6/2013 12:08:19 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
3/6/2013 12:08:12 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2657424).
3/6/2013 12:08:07 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2736416).
3/6/2013 12:07:54 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - KB2804527 (4.2.223.1).
3/6/2013 12:04:58 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2656407).
3/6/2013 12:04:51 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).
3/6/2013 12:04:34 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2690729).
3/6/2013 12:04:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2729450).
3/6/2013 12:04:22 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2789642).
3/6/2013 12:04:16 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2789643).
3/6/2013 12:02:31 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f762271d, parameter3 f3db1734, parameter4 00000000.
3/6/2013 12:02:27 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f77a271d, parameter3 f3b25734, parameter4 00000000.
3/6/2013 12:02:20 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f77a271d, parameter3 f371d734, parameter4 00000000.
3/6/2013 11:59:10 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f77a271d, parameter3 f347e734, parameter4 00000000.
3/6/2013 11:56:20 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 SRTSPX SymDS SymEFA SymIRON
3/6/2013 11:56:11 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
3/6/2013 1:20:34 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
3/5/2013 3:39:17 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2604110).
3/5/2013 3:38:21 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2656352).
3/5/2013 3:27:27 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f77a271d, parameter3 f41ad734, parameter4 00000000.
3/5/2013 3:25:27 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/5/2013 3:25:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
3/3/2013 10:26:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Updater Service service to connect.
3/3/2013 10:26:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HP Network Devices Support service to connect.
3/3/2013 10:26:10 PM, error: Service Control Manager [7000] - The Updater Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/3/2013 10:26:10 PM, error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

broni · 2013/03/09

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

This is for a corupted ATAPI.sys file
Click to expand...

This is pretty enigmatic statement. I need better explanation.

MBAM log is missing.

You're running two AV programs, MSE and Norton.
You must uninstall one of them.
If Norton use this tool: http://www.majorgeeks.com/Norton_Removal_Tool_d4749.html

DPI Graphics · 2013/03/10

Im not sure what else I can say except that I get a blue screen stop 0x0000008e (0xc0000005, 0xf770271d, 0xf371d734, 0x00000000)
ATAPI.SYS address f77a271d, base @ f7798000, datestamp 4802539d. I can boot with a boot disk but not from the boot files on my C drive. Does this help?

broni · 2013/03/10

Very well.
Proceed with two other steps from my previous reply.

DPI Graphics · 2013/03/10

Here is the MBAM log. which anti virus program would you keep?

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.09.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ed Day :: DPI01 [administrator]

3/9/2013 10:16:21 AM
mbam-log-2013-03-09 (10-16-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401179
Time elapsed: 24 minute(s), 3 second(s)

Memory Processes Detected: 1
C:\Documents and Settings\All Users.WINDOWS\Application Data\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> 1204 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.InstallBrain) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\All Users.WINDOWS\Application Data\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.

Files Detected: 5
C:\Documents and Settings\Ed Day.DPI01\Local Settings\Temp\2E.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2F.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ed Day.DPI01\Local Settings\Temp\0.8586722501311598 (Exploit.Drop.9) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully.

(end)

broni · 2013/03/10

It's up to you which AV you want to keep.
Remove one BEFORE next steps.

Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.

Open the folder where the contents were unzipped and run mbar.exe

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

Click on the Cleanup button to remove any threats and reboot if prompted to do so.

Wait while the system shuts down and the cleanup process is performed.

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

DPI Graphics · 2013/03/10

Do I need to download something in order to run Majorgeeks? also will revo uninstaller work just as well?

broni · 2013/03/10

If you want to uninstall Norton you have to use Norton Removal Tool from the link I provided.

DPI Graphics · 2013/03/10

when you say shut down all pgms before running Roguekiller, does that mean IE also? I dont want to sound stupid but I R. thx DPI.

broni · 2013/03/10

Yes, whatever you have open.

DPI Graphics · 2013/03/10

here is the RogueKiller report as well as the RKreport.txt file. Also do I exit the program now?

RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Ed Day [Admin rights]
Mode : Remove -- Date : 03/10/2013 17:44:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] lsql.exe -- C:\Documents and Settings\Ed Day.DPI01\Application Data\WindowsDatabase\lsql.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : LightSQL ( "C:\Documents and Settings\Ed Day.DPI01\Application Data\WindowsDatabase\lsql.exe" 3) [-] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-18_Classes[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-19_Classes[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20_Classes[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-854245398-1500820517-725345543-1002_Classes[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[RUN][BLACKLISTDLL] [ON_Fefault User]HKCU[...]\Run : NvMediaCenter (RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit) -> DELETED
[RUN][SUSP PATH] [ON_F:Ed Day]HKCU[...]\Run : AbacastDistributedOnDemand:11 (C:\Documents and Settings\Ed Day\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1) -> DELETED
[RUN][HJNAME] [ON_F:Ed Day]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS.000\system32\ctfmon.exe) [x] -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> F:\windows\system32\config\SOFTWARE
-> F:\windows\system32\config\SYSTEM
-> F:\Documents and Settings\Administrator\NTUSER.DAT
-> F:\Documents and Settings\Default User\NTUSER.DAT
-> F:\Documents and Settings\Ed Day\NTUSER.DAT
-> F:\Documents and Settings\LocalService\NTUSER.DAT
-> F:\Documents and Settings\NetworkService\NTUSER.DAT
-> F:\Documents and Settings\Owner\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

Ã¿Ã¾1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3200822A +++++
--- User ---
[MBR] 08775b6467a09ba5351dcd26b03883bf
[BSP] b63afc752ec264aa51002602130bc57c : Windows Vista/7/8 MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190779 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: MAXTOR STM3160815A +++++
--- User ---
[MBR] 6d1e1a77e55bd15dad7af433948ab10f
[BSP] 57c364e44e45d5698a7e1dd0fe464d9c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78159 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 160071660 | Size: 74465 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03102013_02d1744.txt >>
RKreport[1]_S_03102013_02d1743.txt ; RKreport[2]_D_03102013_02d1744.txt

RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Ed Day [Admin rights]
Mode : Scan -- Date : 03/10/2013 17:43:24
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] lsql.exe -- C:\Documents and Settings\Ed Day.DPI01\Application Data\WindowsDatabase\lsql.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : LightSQL ( "C:\Documents and Settings\Ed Day.DPI01\Application Data\WindowsDatabase\lsql.exe" 3) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18_Classes[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-19_Classes[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-20[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-20_Classes[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-854245398-1500820517-725345543-1002_Classes[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[RUN][BLACKLISTDLL] [ON_Fefault User]HKCU[...]\Run : NvMediaCenter (RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit) -> FOUND
[RUN][SUSP PATH] [ON_F:Ed Day]HKCU[...]\Run : AbacastDistributedOnDemand:11 (C:\Documents and Settings\Ed Day\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1) -> FOUND
[RUN][HJNAME] [ON_F:Ed Day]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS.000\system32\ctfmon.exe) [x] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> F:\windows\system32\config\SOFTWARE
-> F:\windows\system32\config\SYSTEM
-> F:\Documents and Settings\Administrator\NTUSER.DAT
-> F:\Documents and Settings\Default User\NTUSER.DAT
-> F:\Documents and Settings\Ed Day\NTUSER.DAT
-> F:\Documents and Settings\LocalService\NTUSER.DAT
-> F:\Documents and Settings\NetworkService\NTUSER.DAT
-> F:\Documents and Settings\Owner\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

Ã¿Ã¾1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3200822A +++++
--- User ---
[MBR] 08775b6467a09ba5351dcd26b03883bf
[BSP] b63afc752ec264aa51002602130bc57c : Windows Vista/7/8 MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190779 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: MAXTOR STM3160815A +++++
--- User ---
[MBR] 6d1e1a77e55bd15dad7af433948ab10f
[BSP] 57c364e44e45d5698a7e1dd0fe464d9c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78159 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 160071660 | Size: 74465 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03102013_02d1743.txt >>
RKreport[1]_S_03102013_02d1743.txt

RogueKiller V8.5.2 [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Ed Day [Admin rights]
Mode : Remove -- Date : 03/10/2013 17:44:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] lsql.exe -- C:\Documents and Settings\Ed Day.DPI01\Application Data\WindowsDatabase\lsql.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : LightSQL ( "C:\Documents and Settings\Ed Day.DPI01\Application Data\WindowsDatabase\lsql.exe" 3) [-] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-18_Classes[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-19_Classes[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20_Classes[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-854245398-1500820517-725345543-1002_Classes[...]\Run : visi_coupon (rundll32 "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\WeatherBug\visi_coupon\gbjuvcern.dll ",DllRegisterServerW) [x] -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[RUN][BLACKLISTDLL] [ON_Fefault User]HKCU[...]\Run : NvMediaCenter (RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit) -> DELETED
[RUN][SUSP PATH] [ON_F:Ed Day]HKCU[...]\Run : AbacastDistributedOnDemand:11 (C:\Documents and Settings\Ed Day\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1) -> DELETED
[RUN][HJNAME] [ON_F:Ed Day]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS.000\system32\ctfmon.exe) [x] -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> F:\windows\system32\config\SOFTWARE
-> F:\windows\system32\config\SYSTEM
-> F:\Documents and Settings\Administrator\NTUSER.DAT
-> F:\Documents and Settings\Default User\NTUSER.DAT
-> F:\Documents and Settings\Ed Day\NTUSER.DAT
-> F:\Documents and Settings\LocalService\NTUSER.DAT
-> F:\Documents and Settings\NetworkService\NTUSER.DAT
-> F:\Documents and Settings\Owner\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

Ã¿Ã¾1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3200822A +++++
--- User ---
[MBR] 08775b6467a09ba5351dcd26b03883bf
[BSP] b63afc752ec264aa51002602130bc57c : Windows Vista/7/8 MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190779 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: MAXTOR STM3160815A +++++
--- User ---
[MBR] 6d1e1a77e55bd15dad7af433948ab10f
[BSP] 57c364e44e45d5698a7e1dd0fe464d9c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78159 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 160071660 | Size: 74465 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03102013_02d1744.txt >>
RKreport[1]_S_03102013_02d1743.txt ; RKreport[2]_D_03102013_02d1744.txt

DPI Graphics · 2013/03/11

Here are the MBAR and system-los. There are only 2 of each because there were no errore on the second run.

MBAR log #1:
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.11.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ed Day :: DPI01 [administrator]

3/10/2013 8:38:18 PM
mbar-log-2013-03-10 (20-38-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30957
Time elapsed: 52 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_0_44_infected.mbam (Unknown Rootkit VBR Infection) -> Delete on reboot.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Unknown Rootkit VBR Infection) -> Delete on reboot.

(end)

system-log #1

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.392000 GHz
Memory total: 1072697344, free: 355831808

------------ Kernel report ------------
03/10/2013 19:44:27
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
timntr.sys
tdrpman.sys
snapman.sys
Mup.sys
agp440.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\ngrpci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\??\C:\WINDOWS\system32\drivers\PfModNT.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\TrueSight.sys
\??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7F26B2E-E72F-4209-A50D-6E7F76FC9472}\MpKslea6da297.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff87350ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-c\
Lower Device Object: 0xffffffff873ced98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87395ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff87355d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.03.11.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87395ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87395998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8736ca70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87395ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87355d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0xffffffffe2dc0688, 0xffffffff87395ab8, 0xffffffff8730d9e8
Lower DeviceData: 0xffffffffe35c0e98, 0xffffffff87355d98, 0xffffffff86c05568
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 212B1AC

Partition information:

Partition 0 type is Empty (0x0)
Partition is ACTIVE.
Partition starts at LBA: 44 Numsec = 0
Partition is not bootable
Infected: VBR on Empty active partition --> [Unknown Rootkit VBR Infection]
Changing partition to empty and not active. New active partition is 0 on drive 0 ...

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 390716802
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0
Disk Size: 200049647616 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-43-390701968-390721968)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff87350ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87350998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff87385e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87350ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff873ced98, DeviceName: \Device\Ide\IdeDeviceP0T1L0-c\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0xffffffffe3414ce0, 0xffffffff87350ab8, 0xffffffff86ac1ab8
Lower DeviceData: 0xffffffffe3258250, 0xffffffff873ced98, 0xffffffff86b14f18
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4196F37

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 160071597
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 160071660 Numsec = 152505045

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
Creating System Restore point...
Could not create restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.391000 GHz
Memory total: 1072697344, free: 784457728

Removal queue found; removal started
Removal finished
=======================================

MBAR log #2

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.11.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ed Day :: DPI01 [administrator]

3/10/2013 10:04:14 PM
mbar-log-2013-03-10 (22-04-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30935
Time elapsed: 52 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

system log #2

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.392000 GHz
Memory total: 1072697344, free: 355831808

------------ Kernel report ------------
03/10/2013 19:44:27
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
timntr.sys
tdrpman.sys
snapman.sys
Mup.sys
agp440.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\ngrpci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\??\C:\WINDOWS\system32\drivers\PfModNT.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\TrueSight.sys
\??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7F26B2E-E72F-4209-A50D-6E7F76FC9472}\MpKslea6da297.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff87350ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-c\
Lower Device Object: 0xffffffff873ced98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87395ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff87355d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.03.11.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87395ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87395998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8736ca70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87395ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87355d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0xffffffffe2dc0688, 0xffffffff87395ab8, 0xffffffff8730d9e8
Lower DeviceData: 0xffffffffe35c0e98, 0xffffffff87355d98, 0xffffffff86c05568
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 212B1AC

Partition information:

Partition 0 type is Empty (0x0)
Partition is ACTIVE.
Partition starts at LBA: 44 Numsec = 0
Partition is not bootable
Infected: VBR on Empty active partition --> [Unknown Rootkit VBR Infection]
Changing partition to empty and not active. New active partition is 0 on drive 0 ...

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 390716802
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0
Disk Size: 200049647616 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-43-390701968-390721968)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff87350ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87350998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff87385e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87350ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff873ced98, DeviceName: \Device\Ide\IdeDeviceP0T1L0-c\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0xffffffffe3414ce0, 0xffffffff87350ab8, 0xffffffff86ac1ab8
Lower DeviceData: 0xffffffffe3258250, 0xffffffff873ced98, 0xffffffff86b14f18
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4196F37

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 160071597
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 160071660 Numsec = 152505045

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
Creating System Restore point...
Could not create restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.391000 GHz
Memory total: 1072697344, free: 784457728

Removal queue found; removal started
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.391000 GHz
Memory total: 1072697344, free: 573583360

------------ Kernel report ------------
03/10/2013 21:06:30
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
timntr.sys
tdrpman.sys
snapman.sys
Mup.sys
agp440.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\ngrpci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\??\C:\WINDOWS\system32\drivers\PfModNT.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff87350ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-c\
Lower Device Object: 0xffffffff873ced98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87395ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff87355d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.03.11.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87395ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87395998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8736ca70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87395ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87355d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0xffffffffe3218838, 0xffffffff87395ab8, 0xffffffff86d11ab8
Lower DeviceData: 0xffffffffe3200cd0, 0xffffffff87355d98, 0xffffffff86fb5390
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 212B1AC

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 390716802
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 200049647616 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff87350ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87350998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff87385e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87350ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff873ced98, DeviceName: \Device\Ide\IdeDeviceP0T1L0-c\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0xffffffffe31f7d00, 0xffffffff87350ab8, 0xffffffff86fb54b8
Lower DeviceData: 0xffffffffe107ebc0, 0xffffffff873ced98, 0xffffffff87314370
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4196F37

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 160071597
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 160071660 Numsec = 152505045

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

broni · 2013/03/11

Very good

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

DPI Graphics · 2013/03/11

I can't create a restore report because I get an error. Here is the Error Signature that I get when I try;
AppName rstrui.exe
AppVer:5.1.2600.5512
ModName: srrstr.dll
ModVer:5.1.2600.5512
offset00009836

Should I go ahead and run the next steps?

broni · 2013/03/11

Yes..

DPI Graphics · 2013/03/11

I have Microsoft Essentials. I can turn off the firewall and auto updates but I cant turn off antivirus. Can you help. I have downloaded Combofix to my desktop but have not done anything with it yet. I have turned the firewall back on until I hear from you and will wait before I continue.

broni · 2013/03/11

Never turn firewall off.

Open MSE by right-clicking the icon in the notification area and clicking Open.

Click the Settings tab, and then click the "Real-time protection" item in the left pane.

Uncheck the option "Turn on real-time protection (recommended) ", and click Save changes. (You may need to confirm a UAC prompt.)

DPI Graphics · 2013/03/11

Here is the Combofix rpt. It ran without problem.

ComboFix 13-03-11.01 - Ed Day 03/11/2013 18:14:20.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.501 [GMT -7:00]
Running from: c:\documents and settings\Ed Day.DPI01\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\450.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Ed Day.DPI01\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Ed Day\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
c:\documents and settings\Ed Day\Application Data\Microsoft\Windows\UsrClass.dat
c:\documents and settings\Ed Day\WINDOWS
c:\documents and settings\Owner\Application Data\Desktopicon
c:\documents and settings\Owner\Application Data\Desktopicon\config.ini
c:\documents and settings\Owner\WINDOWS
C:\mtwb.dat
c:\program files\Internet Explorer\SET1C5.tmp
c:\program files\Internet Explorer\SET1C6.tmp
c:\program files\Internet Explorer\SET1C7.tmp
c:\program files\Internet Explorer\SET21F.tmp
c:\program files\Internet Explorer\SET220.tmp
c:\program files\Internet Explorer\SET221.tmp
c:\program files\Internet Explorer\SET5.tmp
c:\program files\Internet Explorer\SET6.tmp
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SET9.tmp
c:\program files\Internet Explorer\SETA.tmp
c:\program files\Internet Explorer\SETB.tmp
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\program files\RadioRage_4j
c:\program files\RadioRage_4j\bar\1.bin\4jauxstb.dll
c:\program files\RadioRage_4j\bar\1.bin\4jdatact.dll
c:\program files\RadioRage_4j\bar\1.bin\4jdlghk.dll
c:\program files\RadioRage_4j\bar\1.bin\4jdyn.dll
c:\program files\RadioRage_4j\bar\1.bin\4jfeedmg.dll
c:\program files\RadioRage_4j\bar\1.bin\4jhighin.exe
c:\program files\RadioRage_4j\bar\1.bin\4jhkstub.dll
c:\program files\RadioRage_4j\bar\1.bin\4jhtmlmu.dll
c:\program files\RadioRage_4j\bar\1.bin\4jhttpct.dll
c:\program files\RadioRage_4j\bar\1.bin\4jidle.dll
c:\program files\RadioRage_4j\bar\1.bin\4jieovr.dll
c:\program files\RadioRage_4j\bar\1.bin\4jimpipe.exe
c:\program files\RadioRage_4j\bar\1.bin\4jmedint.exe
c:\program files\RadioRage_4j\bar\1.bin\4jmlbtn.dll
c:\program files\RadioRage_4j\bar\1.bin\4jmsg.dll
c:\program files\RadioRage_4j\bar\1.bin\4jPlugin.dll
c:\program files\RadioRage_4j\bar\1.bin\4jradio.dll
c:\program files\RadioRage_4j\bar\1.bin\4jregfft.dll
c:\program files\RadioRage_4j\bar\1.bin\4jreghk.dll
c:\program files\RadioRage_4j\bar\1.bin\4jregiet.dll
c:\program files\RadioRage_4j\bar\1.bin\4jscript.dll
c:\program files\RadioRage_4j\bar\1.bin\4jskin.dll
c:\program files\RadioRage_4j\bar\1.bin\4jsknlcr.dll
c:\program files\RadioRage_4j\bar\1.bin\4jskplay.exe
c:\program files\RadioRage_4j\bar\1.bin\4jtpinst.dll
c:\program files\RadioRage_4j\bar\1.bin\4juabtn.dll
c:\program files\RadioRage_4j\bar\1.bin\BOOTSTRAP.JS
c:\program files\RadioRage_4j\bar\1.bin\CHROME.MANIFEST
c:\program files\RadioRage_4j\bar\1.bin\chrome\4jffxtbr.jar
c:\program files\RadioRage_4j\bar\1.bin\CREXT.DLL
c:\program files\RadioRage_4j\bar\1.bin\CrExtP4j.exe
c:\program files\RadioRage_4j\bar\1.bin\INSTALL.RDF
c:\program files\RadioRage_4j\bar\1.bin\installKeys.js
c:\program files\RadioRage_4j\bar\1.bin\LOGO.BMP
c:\program files\RadioRage_4j\bar\1.bin\NP4jStub.dll
c:\program files\RadioRage_4j\bar\1.bin\T8EXTEX.DLL
c:\program files\RadioRage_4j\bar\1.bin\T8EXTPEX.DLL
c:\program files\RadioRage_4j\bar\1.bin\T8HTML.DLL
c:\program files\RadioRage_4j\bar\1.bin\T8RES.DLL
c:\program files\RadioRage_4j\bar\1.bin\T8TICKER.DLL
c:\program files\RadioRage_4j\bar\Cache\01C5866A
c:\program files\RadioRage_4j\bar\Cache\01C5BF8B
c:\program files\RadioRage_4j\bar\Cache\01C5C911.bmp
c:\program files\RadioRage_4j\bar\Cache\01C5D100.bmp
c:\program files\RadioRage_4j\bar\Cache\01C5D507.bmp
c:\program files\RadioRage_4j\bar\Cache\01C5D67E.bmp
c:\program files\RadioRage_4j\bar\Cache\01C5D8B1.bmp
c:\program files\RadioRage_4j\bar\Cache\01C5D9CA.bmp
c:\program files\RadioRage_4j\bar\Cache\01C5DB8F.bmp
c:\program files\RadioRage_4j\bar\Cache\01C5DE00.bmp
c:\program files\RadioRage_4j\bar\Cache\01C5FE4A.jhtml
c:\program files\RadioRage_4j\bar\Cache\01C62CFB
c:\program files\RadioRage_4j\bar\Cache\01C6591C.bmp
c:\program files\RadioRage_4j\bar\Cache\files.ini
c:\program files\RadioRage_4j\bar\gen1\COMMON.T8S
c:\program files\RadioRage_4j\bar\History\search3
c:\program files\RadioRage_4j\bar\IE9Mesg\COMMON.T8S
c:\program files\RadioRage_4j\bar\Message\COMMON.T8S
c:\program files\RadioRage_4j\bar\Message\COMMON\8_step1.gif
c:\program files\RadioRage_4j\bar\Message\COMMON\anemone.js
c:\program files\RadioRage_4j\bar\Message\COMMON\bd_grad.gif
c:\program files\RadioRage_4j\bar\Message\COMMON\hpguard.js
c:\program files\RadioRage_4j\bar\Message\COMMON\hpguard1.htm
c:\program files\RadioRage_4j\bar\Message\COMMON\hpguard2.htm
c:\program files\RadioRage_4j\bar\Message\COMMON\hpp_ok.png
c:\program files\RadioRage_4j\bar\Message\COMMON\hpp_x.png
c:\program files\RadioRage_4j\bar\Message\COMMON\hpp_x2.png
c:\program files\RadioRage_4j\bar\Message\COMMON\index.htm
c:\program files\RadioRage_4j\bar\Message\COMMON\mid_dots.gif
c:\program files\RadioRage_4j\bar\Message\COMMON\mws_logo.gif
c:\program files\RadioRage_4j\bar\Message\COMMON\protect.htm
c:\program files\RadioRage_4j\bar\Message\COMMON\rebut4b.htm
c:\program files\RadioRage_4j\bar\Message\COMMON\shield.png
c:\program files\RadioRage_4j\bar\Message\COMMON\stop.gif
c:\program files\RadioRage_4j\bar\Message\COMMON\systrayp.htm
c:\program files\RadioRage_4j\bar\Message\COMMON\tp_grad.gif
c:\program files\RadioRage_4j\bar\Settings\prevcfg2.htm
c:\program files\RadioRage_4j\bar\Settings\s_pid.dat
c:\program files\RadioRage_4j\bar\Settings\s_w1.dat
c:\program files\RadioRage_4j\bar\Settings\s_w1.dat.bak
c:\program files\RadioRage_4j\bar\Settings\s_w2.dat
c:\program files\RadioRage_4j\bar\Settings\s_w2.dat.bak
c:\program files\RadioRage_4j\bar\Settings\setting3.htm
c:\program files\RadioRage_4j\bar\Settings\setting3.htm.bak
c:\program files\RadioRage_4j\RadioRage_4j\Cache\PopupProperties210282087.html
c:\program files\RadioRage_4j\RadioRage_4j\Cache\PopupProperties210282089.html
c:\program files\RadioRage_4j\RadioRage_4j\Cache\PopupProperties210282094.html
c:\program files\RadioRage_4j\RadioRage_4j\Cache\Radio.html
c:\program files\Search Settings
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
c:\windows\explorer(2).exe
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\muzapp.exe
c:\windows\system32\roboot.exe
c:\windows\system32\SET35.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET6E.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8C.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\usp10(2).dll
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-12 to 2013-03-12 )))))))))))))))))))))))))))))))
.
.
2013-03-11 10:03 . 2013-03-11 10:03 -------- d-----w- c:\windows\LastGood
2013-03-11 10:01 . 2013-03-11 10:06 -------- d-----w- C:\7f3949b49234dea6b93be1ae6651c120
2013-03-11 06:58 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{400499FA-A345-41F6-A51D-79B3D8881BCF}\mpengine.dll
2013-03-11 04:06 . 2013-03-11 04:06 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-03-10 23:46 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-09 01:47 . 2013-03-09 01:47 -------- d-----w- c:\documents and settings\Ed Day.DPI01\Application Data\WindowsDatabase
2013-02-28 01:05 . 2013-02-28 01:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RealNetworks
2013-02-28 01:04 . 2013-02-28 01:04 -------- d-----w- c:\program files\Real
2013-02-28 01:03 . 2013-02-28 01:03 153296 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2013-02-28 01:02 . 2013-02-28 01:02 124056 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 02:45 . 2012-04-09 22:41 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 02:45 . 2011-05-15 17:04 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2011-03-22 18:01 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2006-02-28 12:00 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16 . 2006-02-28 12:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2004-08-03 22:59 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2006-02-28 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2006-02-28 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2006-02-28 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2006-02-28 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 00:49 . 2012-08-21 07:03 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 04:10 . 2012-06-28 04:10 455 ----a-w- c:\program files\0627201221105734.bat
2004-03-11 20:27 . 2009-03-12 19:55 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2013-01-16 20:11 . 2013-02-03 01:03 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services "= "c:\documents and settings\Ed Day.DPI01\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Weather "= "c:\program files\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]
"Akamai NetSession Interface "= "c:\documents and settings\Ed Day.DPI01\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adm_tray.exe "= "c:\program files\Acronis\DriveMonitor\adm_tray.exe" [2012-08-22 531664]
"Acronis Scheduler2 Service "= "c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-22 365560]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"KiesTrayAgent "= "c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-11-02 3508624]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"TkBellExe "= "e:\my documents\update\realsched.exe" [2013-02-28 295072]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1 "= "c:\documents and settings\Ed Day.DPI01\Desktop\zip files\mbar-1.01.0.1021\mbar\mbar.exe" [2013-03-11 1363016]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Ed Day\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Ed Day.DPI01\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Walgreens PictureMover.lnk - c:\program files\Walgreens PictureMover\Bin\PictureMover.exe [2012-7-19 1031072]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ed Day.DPI01^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Ed Day.DPI01\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2012-08-22 04:59 365560 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-06-28 00:08 904776 ----a-w- c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adm_tray.exe]
2012-08-22 04:57 531664 ----a-w- c:\program files\Acronis\DriveMonitor\adm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-04-27 23:39 243544 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 09:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxBlastMonitor.exe]
2008-06-28 00:01 1325800 ----a-w- c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Maxtor Scheduler2 Service]
2008-06-28 00:03 136472 ----a-w- c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-11-12 00:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 21:16 5058560 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-10-06 21:16 49152 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-10-06 21:16 741376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\documents and settings\Ed Day.DPI01\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc "=3 (0x3)
"wlidsvc "=2 (0x2)
"Symantec RemoteAssist "=3 (0x3)
"SeaPort "=2 (0x2)
"NVSvc "=2 (0x2)
"N360 "=2 (0x2)
"MaxSch2Svc "=2 (0x2)
"JavaQuickStarterService "=2 (0x2)
"Imapi Helper "=3 (0x3)
"idsvc "=3 (0x3)
"gusvc "=3 (0x3)
"gupdate "=2 (0x2)
"AcrSch2Svc "=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"e:\\FTP\\ftpcomm.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\iWin Games\\iWinGames.exe "=
"c:\\Program Files\\iWin Games\\WebUpdater.exe "=
"c:\\Program Files\\EMCO\\Malware Destroyer\\MalwareDestroyer.exe "=
"c:\\Documents and Settings\\Ed Day.DPI01\\Local Settings\\Application Data\\Akamai\\netsession_win.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe "=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe "=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe "=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe "=
"c:\\Program Files\\File Type Assistant\\tsassist.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP "= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP "= 3540:UDPeer Name Resolution Protocol (PNRP)
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 5:00 AM 14336]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/8/2011 8:17 AM 176848]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/10/2013 9:06 PM 35144]
R3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\Ngrpci.sys [4/6/2010 3:58 PM 32840]
S1 ebkojubw;ebkojubw;\??\c:\windows\system32\drivers\ebkojubw.sys --> c:\windows\system32\drivers\ebkojubw.sys [?]
S1 iggyuoae;iggyuoae;\??\c:\windows\system32\drivers\iggyuoae.sys --> c:\windows\system32\drivers\iggyuoae.sys [?]
S1 ljbtsivs;ljbtsivs;\??\c:\windows\system32\drivers\ljbtsivs.sys --> c:\windows\system32\drivers\ljbtsivs.sys [?]
S1 tbrahajt;tbrahajt;\??\c:\windows\system32\drivers\tbrahajt.sys --> c:\windows\system32\drivers\tbrahajt.sys [?]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 9:31 PM 38608]
S3 ATICDSDr;ATICDSDr;c:\dell\drivers\R60303\TVTGAA01\BIN\atiicdxx.sys [4/7/2010 3:32 PM 5376]
S4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [6/27/2008 5:03 PM 431384]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMCHAMELEON
*NewlyCreated* - MPFILTER
*Deregistered* - SASKUTIL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:45]
.
2013-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2010-08-16 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2010-08-13 18:43]
.
2011-10-31 c:\windows\Tasks\disketchShakeIcon.job
- c:\program files\NCH Software\Disketch\disketch.exe [2011-10-21 03:22]
.
2013-03-06 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-09-05 20:25]
.
2011-08-07 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2009-09-02 05:19]
.
2011-07-07 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-06-27 05:19]
.
2013-03-11 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2010-10-13 19:16]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 05:44]
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 05:44]
.
2011-07-07 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2011-06-27 05:19]
.
2013-03-12 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
2013-01-25 c:\windows\Tasks\photopadShakeIcon.job
- c:\program files\NCH Software\PhotoPad\photopad.exe [2009-07-23 03:21]
.
2012-07-27 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2010-01-27 03:00]
.
2013-02-07 c:\windows\Tasks\PixillionReminder.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2009-01-09 19:48]
.
2013-03-11 c:\windows\Tasks\ProgramRefresh-ATFST.job
- c:\program files\File Type Assistant\TSASetup.exe [2012-12-04 18:15]
.
2013-03-11 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2011-02-15 21:51]
.
2013-03-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1500820517-725345543-1002.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2013-03-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1500820517-725345543-1002.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2011-06-28 c:\windows\Tasks\switchDowngrade.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2007-08-07 14:38]
.
2011-07-04 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2007-08-07 14:38]
.
2012-07-27 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-01-27 02:57]
.
2013-02-03 c:\windows\Tasks\WavePadDowngrade.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-07-14 19:42]
.
2013-02-15 c:\windows\Tasks\WavePadReminder.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-07-14 19:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hei.net/
mStart Page = hxxp://my.yahoo.com/linksys
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Free YouTube Download - c:\documents and settings\Ed Day.DPI01\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Ed Day.DPI01\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
FF - ProfilePath - c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3272718&SearchSource=13&CUI=UN21275996939463174
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=3&q={searchTerms}&CUI=UN21275996939463174
FF - prefs.js: browser.search.selectedEngine - MixiDJ Customized Web Search
FF - ExtSQL: 2013-02-02 13:37; freehdsport@freehdsport.tv; c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: 2013-02-02 13:39; plugin@yontoo.com; c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\plugin@yontoo.com
FF - ExtSQL: 2013-02-02 18:07; ffxtlbr@delta.com; c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: !HIDDEN! 2012-08-21 22:57; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-11-21 19:12; 39ffxtbr@MapsGalaxy_39.com; c:\program files\MapsGalaxy_39\bar\1.bin
FF - ExtSQL: !HIDDEN! 2012-11-21 19:12; 4jffxtbr@RadioRage_4j.com; c:\program files\RadioRage_4j\bar\1.bin
FF - ExtSQL: !HIDDEN! 2013-02-02 18:09; statuswinks@StatusWinks; c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Extensions\statuswinks@StatusWinks
FF - ExtSQL: !HIDDEN! 2013-02-15 10:34; {8fd9fd58-dafd-4930-9eca-13c240a96da9}; c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{8fd9fd58-dafd-4930-9eca-13c240a96da9}.xpi
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 70f2e03500000000000000a0ccd5827a
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15739
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.018:07
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-10 - (no file)
MSConfigStartUp-Ask and Record FLV Service - c:\program files\Ask & Record Toolbar\FLVSrvc.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-11 18:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll "= "c:\program files\common files\akamai/netsession_win_ce5ba24.dll "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\relog_ap.dll
.
Completion time: 2013-03-11 18:35:35
ComboFix-quarantined-files.txt 2013-03-12 01:35
.
Pre-Run: 140,825,137,152 bytes free
Post-Run: 141,842,780,160 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\windows
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
.
- - End Of File - - AA1E20C1BE27E20D48FE9B45ACB856A2

broni · 2013/03/11

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\drivers\tbrahajt.sys
c:\windows\system32\drivers\ljbtsivs.sys
c:\windows\system32\drivers\iggyuoae.sys
c:\windows\system32\drivers\ebkojubw.sys

Driver::
ebkojubw
iggyuoae
ljbtsivs
tbrahajt

ClearJavaCache::
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Log in or Sign up

Solved ATAPI.sysfile corupted

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved ATAPI.sysfile corupted

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches