1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Redirection, new tab Pop-ups, and general memory Slowage

Discussion in 'Malware and Virus Removal Archive' started by ProgrammerRandi, 2010/11/09.

  1. 2010/11/09
    ProgrammerRandi

    ProgrammerRandi Inactive Thread Starter

    Joined:
    2010/11/09
    Messages:
    16
    Likes Received:
    0
    [Resolved] Redirection, new tab Pop-ups, and general memory Slowage

    Redirection, new tab Pop-ups, and general memory Slowage

    It is Windows XP, I have run Avast, Spybot S&D, and TempFileCleaner who knows how many times.

    GMER would not work no matter what I did, safe mode, no device scan, safe mode with no device scan, name change.

    DDS also would not run because of "Program too big to fit in memory" renamed and same problem even tried in safe mode.

    MBAM:
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5073

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/8/2010 11:14:05 AM
    mbam-log-2010-11-08 (11-14-05).txt

    Scan type: Quick scan
    Objects scanned: 143623
    Time elapsed: 10 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 24
    Registry Values Infected: 4
    Registry Data Items Infected: 6
    Folders Infected: 23
    Files Infected: 80

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ab3dfa03-f743-4302-81dd-c370bffeca23} (Adware.Starware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} (Adware.Starware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{760b8973-48f7-40b2-b360-f7abd8785e50} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{ab3dfa03-f743-4302-81dd-c370bffeca23} (Adware.Starware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} (Adware.Starware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ab3dfa03-f743-4302-81dd-c370bffeca23} (Adware.Starware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d714a94f-123a-45cc-8f03-040bcaf82ad6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\lizkavd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Documents and Settings\All Users\Application Data\Starware343 (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\contexts (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\images (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343 (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Dating (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Free_Credit_Score (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Manager (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Map_It (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Reference (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Ringtones (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Weather (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\SYSTEM32\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\702_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\702_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\Dating0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\Free_Credit_Score0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\Ringtones0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\WeatherHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\images\clear.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\images\cloudy.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\images\mcloud.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\images\na.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\images\nclear.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\images\ncloudy.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\images\npcloud.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\images\nsnow.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\images\pcloud.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\images\snow.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware343\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Dating\DatingOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Dating\DatingOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Free_Credit_Score\Free_Credit_ScoreOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Map_It\Map_ItOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Map_It\Map_ItOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Ringtones\RingtonesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Ringtones\RingtonesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Weather\AlertArchive.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Starware343\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Virginia Fodi\Application Data\Bitrix Security\xaukvmm60.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM6bd9f060.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM6bd9f060.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
     
  2. 2010/11/09
    ProgrammerRandi

    ProgrammerRandi Inactive Thread Starter

    Joined:
    2010/11/09
    Messages:
    16
    Likes Received:
    0
    MBRCheck:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001d

    Kernel Drivers (total 130):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF79EF000 \WINDOWS\system32\KDCOM.DLL
    0xF78FF000 \WINDOWS\system32\BOOTVID.dll
    0xF74A0000 ACPI.sys
    0xF79F1000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
    0xF748F000 pci.sys
    0xF74EF000 isapnp.sys
    0xF7AB7000 pciide.sys
    0xF776F000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    0xF74FF000 MountMgr.sys
    0xF7470000 ftdisk.sys
    0xF7777000 PartMgr.sys
    0xF750F000 VolSnap.sys
    0xF7458000 atapi.sys
    0xF751F000 disk.sys
    0xF752F000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xF7438000 fltmgr.sys
    0xF7426000 sr.sys
    0xF740F000 KSecDD.sys
    0xF7382000 Ntfs.sys
    0xF7355000 NDIS.sys
    0xF733B000 Mup.sys
    0xF753F000 agp440.sys
    0xF759F000 \SystemRoot\System32\DRIVERS\intelppm.sys
    0xF6C54000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
    0xF6C40000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xF781F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xF6C1C000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xF7827000 \SystemRoot\System32\DRIVERS\usbehci.sys
    0xF6B0F000 \SystemRoot\System32\DRIVERS\BCMSM.sys
    0xF6AEC000 \SystemRoot\System32\DRIVERS\ks.sys
    0xF782F000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF6AC9000 \SystemRoot\System32\DRIVERS\e100b325.sys
    0xF7837000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xF75AF000 \SystemRoot\System32\DRIVERS\i8042prt.sys
    0xF783F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xF7847000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF75BF000 \SystemRoot\System32\DRIVERS\serial.sys
    0xF7973000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xF6AB5000 \SystemRoot\System32\DRIVERS\parport.sys
    0xF728C000 \SystemRoot\system32\drivers\pfc.sys
    0xF75CF000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
    0xF784F000 \SystemRoot\System32\Drivers\MxlW2k.SYS
    0xF75DF000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xF75EF000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xF6A96000 \SystemRoot\System32\Drivers\pwd_2k.SYS
    0xF7857000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
    0xF785F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xF75FF000 \SystemRoot\System32\DRIVERS\imapi.sys
    0xF6A12000 \SystemRoot\system32\drivers\smwdm.sys
    0xF69EE000 \SystemRoot\system32\drivers\portcls.sys
    0xF760F000 \SystemRoot\system32\drivers\drmk.sys
    0xF7A3B000 \SystemRoot\system32\drivers\aeaudio.sys
    0xF7A3D000 \SystemRoot\System32\DRIVERS\serscan.sys
    0xF7B31000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xF761F000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xF727C000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xF69D7000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xF762F000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xF6E4A000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xF7867000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xF69C6000 \SystemRoot\System32\DRIVERS\psched.sys
    0xF6E3A000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xF786F000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF7877000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xF787F000 \SystemRoot\System32\DRIVERS\wanatw4.sys
    0xF6E2A000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF7A3F000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xF6940000 \SystemRoot\System32\DRIVERS\update.sys
    0xF7887000 \SystemRoot\System32\DRIVERS\omci.sys
    0xF726C000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xF788F000 \SystemRoot\System32\Drivers\dvd_2K.SYS
    0xF6E1A000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF765F000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xF7A4B000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xF778F000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xF79BB000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7A6D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7AF7000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7A6F000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF779F000 \SystemRoot\System32\drivers\vga.sys
    0xF7A71000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7A73000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF48A5000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
    0xF77A7000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF77AF000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF4860000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
    0xF79D7000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xF4813000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xF47BA000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xF772F000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xF4792000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xF4770000 \SystemRoot\System32\drivers\afd.sys
    0xF773F000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xF4745000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xF46D5000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xF755F000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF46AF000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xF756F000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xF4666000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xF77BF000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xF3BDD000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
    0xEB5A8000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xEB9A0000 \SystemRoot\System32\drivers\Dxapi.sys
    0xEB8BD000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF0F64000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xEB318000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
    0xEB2F0000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xF7993000 \SystemRoot\System32\DRIVERS\ndisuio.sys
    0xEB2E8000 \SystemRoot\system32\DRIVERS\wlndis50.sys
    0xEB020000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xEB1BF000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF51F4000 \SystemRoot\system32\drivers\sysaudio.sys
    0xEBEF6000 \SystemRoot\system32\drivers\splitter.sys
    0xEB19C000 \SystemRoot\system32\drivers\aec.sys
    0xF764F000 \SystemRoot\system32\drivers\swmidi.sys
    0xEF267000 \SystemRoot\system32\drivers\DMusic.sys
    0xEB34F000 \SystemRoot\system32\drivers\kmixer.sys
    0xF7B73000 \SystemRoot\system32\drivers\drmkaud.sys
    0xEB4AB000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xF7A2D000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xEB059000 \??\C:\WINDOWS\system32\drivers\io.sys
    0xEB42C000 \SystemRoot\System32\DRIVERS\srv.sys
    0xEBA9F000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

    Processes (total 36):
    0 System Idle Process
    4 System
    764 C:\WINDOWS\SYSTEM32\smss.exe
    812 csrss.exe
    836 C:\WINDOWS\SYSTEM32\winlogon.exe
    884 C:\WINDOWS\SYSTEM32\services.exe
    896 C:\WINDOWS\SYSTEM32\lsass.exe
    1056 C:\WINDOWS\SYSTEM32\svchost.exe
    1104 svchost.exe
    1252 C:\WINDOWS\SYSTEM32\svchost.exe
    1340 svchost.exe
    1604 svchost.exe
    1876 C:\WINDOWS\explorer.exe
    1940 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    2000 C:\Program Files\Alwil Software\Avast4\ashServ.exe
    676 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    684 C:\Program Files\QuickTime\qttask.exe
    692 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    704 C:\WINDOWS\BCMSMMSG.exe
    264 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    784 C:\Program Files\Unlocker\UnlockerAssistant.exe
    808 C:\WINDOWS\SYSTEM32\ctfmon.exe
    796 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    964 C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    1348 C:\WINDOWS\SYSTEM32\spoolsv.exe
    1380 C:\Program Files\Corel\WordPerfect Office 2002\Programs\wpwin10.exe
    1456 svchost.exe
    440 C:\WINDOWS\SYSTEM32\cisvc.exe
    1188 C:\WINDOWS\SYSTEM32\svchost.exe
    2232 C:\WINDOWS\SYSTEM32\wuauclt.exe
    2812 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    2988 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    3192 wmiprvse.exe
    3216 alg.exe
    1416 C:\WINDOWS\SYSTEM32\wscntfy.exe
    2284 C:\Documents and Settings\Virginia Fodi\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD300BB-75DEA0, Rev: 05.03E05

    Size Device Name MBR Status
    --------------------------------------------
    27 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     

  3. to hide this advert.

  4. 2010/11/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. 2010/11/09
    ProgrammerRandi

    ProgrammerRandi Inactive Thread Starter

    Joined:
    2010/11/09
    Messages:
    16
    Likes Received:
    0
    Yeah! That ran. The log is below. Do you have any other instructions? Should I try GMER or DDS again?

    2010/11/09 19:51:24.0546 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
    2010/11/09 19:51:24.0546 ================================================================================
    2010/11/09 19:51:24.0546 SystemInfo:
    2010/11/09 19:51:24.0546
    2010/11/09 19:51:24.0546 OS Version: 5.1.2600 ServicePack: 3.0
    2010/11/09 19:51:24.0546 Product type: Workstation
    2010/11/09 19:51:24.0546 ComputerName: GINNYS-TOY
    2010/11/09 19:51:24.0546 UserName: Virginia Fodi
    2010/11/09 19:51:24.0546 Windows directory: C:\WINDOWS
    2010/11/09 19:51:24.0546 System windows directory: C:\WINDOWS
    2010/11/09 19:51:24.0546 Processor architecture: Intel x86
    2010/11/09 19:51:24.0546 Number of processors: 1
    2010/11/09 19:51:24.0546 Page size: 0x1000
    2010/11/09 19:51:24.0546 Boot type: Normal boot
    2010/11/09 19:51:24.0546 ================================================================================
    2010/11/09 19:51:25.0046 Initialize success
    2010/11/09 19:51:28.0359 ================================================================================
    2010/11/09 19:51:28.0359 Scan started
    2010/11/09 19:51:28.0359 Mode: Manual;
    2010/11/09 19:51:28.0359 ================================================================================
    2010/11/09 19:51:32.0390 Aavmker4 (1ebbd84e856f54eb16d46df9648e872a) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2010/11/09 19:51:33.0140 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
    2010/11/09 19:51:33.0578 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/11/09 19:51:34.0125 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/11/09 19:51:34.0593 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
    2010/11/09 19:51:35.0125 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
    2010/11/09 19:51:35.0578 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/11/09 19:51:36.0093 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2010/11/09 19:51:36.0578 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/11/09 19:51:37.0078 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2010/11/09 19:51:37.0515 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
    2010/11/09 19:51:38.0000 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
    2010/11/09 19:51:38.0453 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
    2010/11/09 19:51:38.0937 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
    2010/11/09 19:51:39.0421 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
    2010/11/09 19:51:39.0875 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
    2010/11/09 19:51:40.0343 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
    2010/11/09 19:51:40.0828 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
    2010/11/09 19:51:41.0312 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
    2010/11/09 19:51:41.0781 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
    2010/11/09 19:51:42.0250 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
    2010/11/09 19:51:42.0687 aswFsBlk (062287cee536e8af6680d33259de6bd6) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
    2010/11/09 19:51:43.0187 aswMon2 (05960396794e51ebbb9507c86b8b009e) C:\WINDOWS\system32\drivers\aswMon2.sys
    2010/11/09 19:51:43.0718 aswRdr (06b360d8179959798d2bf054437df923) C:\WINDOWS\system32\drivers\aswRdr.sys
    2010/11/09 19:51:44.0171 aswSP (045ed8ef540e69a41e9c0e255fbaf0c0) C:\WINDOWS\system32\drivers\aswSP.sys
    2010/11/09 19:51:44.0625 aswTdi (2410f10faa00f222b3a29308741598d6) C:\WINDOWS\system32\drivers\aswTdi.sys
    2010/11/09 19:51:45.0125 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/11/09 19:51:45.0609 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/11/09 19:51:46.0343 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/11/09 19:51:46.0828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/11/09 19:51:47.0625 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
    2010/11/09 19:51:48.0437 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/11/09 19:51:49.0125 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
    2010/11/09 19:51:49.0515 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/11/09 19:51:49.0953 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/11/09 19:51:50.0312 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
    2010/11/09 19:51:50.0718 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/11/09 19:51:51.0218 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/11/09 19:51:51.0609 Cdr4_xp (297acc7d7c66ec86ee0b4eb5af9a8fd3) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
    2010/11/09 19:51:51.0968 Cdralw2k (5e31abf467a6fd857710c0927c88ee4c) C:\WINDOWS\system32\drivers\Cdralw2k.sys
    2010/11/09 19:51:52.0328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/11/09 19:51:52.0796 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
    2010/11/09 19:51:53.0578 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
    2010/11/09 19:51:54.0000 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
    2010/11/09 19:51:54.0406 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
    2010/11/09 19:51:54.0906 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
    2010/11/09 19:51:55.0312 DCamUSBSQTECH (9c98671eb51a6c9e807d807b3f70faa0) C:\WINDOWS\system32\Drivers\SQcaptur.sys
    2010/11/09 19:51:55.0718 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/11/09 19:51:56.0281 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/11/09 19:51:56.0875 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/11/09 19:51:57.0296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/11/09 19:51:57.0718 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/11/09 19:51:58.0125 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
    2010/11/09 19:51:58.0531 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/11/09 19:51:58.0906 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
    2010/11/09 19:51:59.0343 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2010/11/09 19:51:59.0781 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
    2010/11/09 19:52:00.0250 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/11/09 19:52:00.0671 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/11/09 19:52:01.0078 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/11/09 19:52:01.0500 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/11/09 19:52:01.0906 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/11/09 19:52:02.0343 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/11/09 19:52:02.0750 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/11/09 19:52:03.0203 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2010/11/09 19:52:03.0578 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/11/09 19:52:03.0984 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
    2010/11/09 19:52:04.0437 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/11/09 19:52:04.0968 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2010/11/09 19:52:05.0312 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
    2010/11/09 19:52:05.0734 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/11/09 19:52:06.0156 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
    2010/11/09 19:52:06.0609 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
    2010/11/09 19:52:07.0000 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
    2010/11/09 19:52:07.0390 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
    2010/11/09 19:52:07.0812 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
    2010/11/09 19:52:08.0234 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
    2010/11/09 19:52:08.0625 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
    2010/11/09 19:52:09.0031 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
    2010/11/09 19:52:09.0437 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
    2010/11/09 19:52:09.0828 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
    2010/11/09 19:52:10.0250 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/11/09 19:52:10.0625 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
    2010/11/09 19:52:11.0031 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
    2010/11/09 19:52:11.0437 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/11/09 19:52:11.0781 io.sys (5e333b8c20fb4a48c8ca3cf3489cd235) C:\WINDOWS\system32\drivers\io.sys
    2010/11/09 19:52:12.0156 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/11/09 19:52:12.0546 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/11/09 19:52:12.0968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/11/09 19:52:13.0406 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/11/09 19:52:13.0843 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/11/09 19:52:14.0250 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/11/09 19:52:14.0656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/11/09 19:52:15.0062 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/11/09 19:52:15.0468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/11/09 19:52:15.0968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/11/09 19:52:16.0765 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
    2010/11/09 19:52:17.0187 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/11/09 19:52:17.0546 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/11/09 19:52:17.0937 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2010/11/09 19:52:18.0343 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/11/09 19:52:18.0718 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/11/09 19:52:19.0109 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
    2010/11/09 19:52:19.0562 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/11/09 19:52:20.0187 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/11/09 19:52:20.0703 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/11/09 19:52:21.0093 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/11/09 19:52:21.0515 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/11/09 19:52:21.0890 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/11/09 19:52:22.0265 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/11/09 19:52:22.0578 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/11/09 19:52:23.0015 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/11/09 19:52:23.0421 MxlW2k (19dd5c581eef70134ccef87d626f4417) C:\WINDOWS\system32\drivers\MxlW2k.sys
    2010/11/09 19:52:23.0812 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/11/09 19:52:24.0281 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/11/09 19:52:24.0734 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/11/09 19:52:25.0125 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/11/09 19:52:25.0500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/11/09 19:52:25.0875 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/11/09 19:52:26.0312 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/11/09 19:52:26.0734 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/11/09 19:52:27.0171 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/11/09 19:52:27.0578 NMSCFG (1d3bb79a0035077297779c8c52ca3c01) C:\WINDOWS\System32\drivers\NMSCFG.SYS
    2010/11/09 19:52:28.0015 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/11/09 19:52:28.0562 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/11/09 19:52:29.0250 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/11/09 19:52:29.0609 nuvaud2 (9a973553a0f4107c3a5e7a466b113836) C:\WINDOWS\system32\DRIVERS\nuvaud2.sys
    2010/11/09 19:52:30.0031 NUVision (923809daf96cd3a9fabcdebc735b21b6) C:\WINDOWS\system32\DRIVERS\nuvvid2.sys
    2010/11/09 19:52:31.0000 nv (71dbdc08df86b80511e72953fa1ad6b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/11/09 19:52:32.0203 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/11/09 19:52:32.0656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/11/09 19:52:33.0125 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
    2010/11/09 19:52:33.0546 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
    2010/11/09 19:52:34.0015 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/11/09 19:52:34.0453 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/11/09 19:52:34.0890 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/11/09 19:52:35.0328 PCI (934558794f4e0895f8f4cc3204a2d66b) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/11/09 19:52:35.0343 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: 934558794f4e0895f8f4cc3204a2d66b, Fake md5: a219903ccf74233761d92bef471a07b1
    2010/11/09 19:52:35.0359 PCI - detected Rootkit.Win32.TDSS.tdl3 (0)
    2010/11/09 19:52:36.0093 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/11/09 19:52:36.0515 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/11/09 19:52:38.0125 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
    2010/11/09 19:52:38.0578 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
    2010/11/09 19:52:39.0046 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
    2010/11/09 19:52:39.0500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/11/09 19:52:39.0937 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2010/11/09 19:52:40.0421 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/11/09 19:52:40.0812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/11/09 19:52:41.0171 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
    2010/11/09 19:52:41.0734 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
    2010/11/09 19:52:42.0234 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
    2010/11/09 19:52:42.0687 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
    2010/11/09 19:52:43.0156 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
    2010/11/09 19:52:43.0625 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
    2010/11/09 19:52:44.0109 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/11/09 19:52:44.0546 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/11/09 19:52:45.0000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/11/09 19:52:45.0421 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/11/09 19:52:45.0812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/11/09 19:52:46.0343 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/11/09 19:52:46.0875 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/11/09 19:52:47.0484 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/11/09 19:52:48.0062 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/11/09 19:52:48.0609 RTL8187B (fe999b16e967c84790be6dc1b4e78f2d) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
    2010/11/09 19:52:49.0171 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/11/09 19:52:49.0640 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/11/09 19:52:50.0093 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/11/09 19:52:50.0484 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/11/09 19:52:51.0203 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
    2010/11/09 19:52:51.0687 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/11/09 19:52:52.0312 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
    2010/11/09 19:52:52.0953 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
    2010/11/09 19:52:53.0421 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/11/09 19:52:53.0921 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/11/09 19:52:54.0515 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/11/09 19:52:55.0078 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    2010/11/09 19:52:55.0468 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/11/09 19:52:55.0859 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/11/09 19:52:56.0265 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/11/09 19:52:56.0687 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
    2010/11/09 19:52:57.0109 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
    2010/11/09 19:52:57.0515 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
    2010/11/09 19:52:58.0015 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
    2010/11/09 19:52:58.0531 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/11/09 19:52:59.0062 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/11/09 19:52:59.0562 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/11/09 19:52:59.0953 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/11/09 19:53:00.0390 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/11/09 19:53:00.0750 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
    2010/11/09 19:53:01.0250 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
    2010/11/09 19:53:01.0750 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/11/09 19:53:02.0187 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
    2010/11/09 19:53:02.0375 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
    2010/11/09 19:53:02.0953 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/11/09 19:53:03.0593 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/11/09 19:53:04.0062 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/11/09 19:53:04.0546 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/11/09 19:53:05.0046 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/11/09 19:53:05.0500 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/11/09 19:53:05.0953 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/11/09 19:53:06.0406 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/11/09 19:53:06.0921 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
    2010/11/09 19:53:07.0390 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
    2010/11/09 19:53:07.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/11/09 19:53:08.0328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/11/09 19:53:08.0765 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    2010/11/09 19:53:09.0546 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/11/09 19:53:10.0015 WLNdis50 (bb2c5a7a555b387b85481b8bde5370d7) C:\WINDOWS\system32\DRIVERS\wlndis50.sys
    2010/11/09 19:53:10.0500 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/11/09 19:53:10.0968 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/11/09 19:53:11.0437 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/11/09 19:53:11.0843 ================================================================================
    2010/11/09 19:53:11.0843 Scan finished
    2010/11/09 19:53:11.0843 ================================================================================
    2010/11/09 19:53:11.0859 Detected object count: 1
    2010/11/09 19:53:24.0312 PCI (934558794f4e0895f8f4cc3204a2d66b) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/11/09 19:53:24.0312 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: 934558794f4e0895f8f4cc3204a2d66b, Fake md5: a219903ccf74233761d92bef471a07b1
    2010/11/09 19:53:32.0390 Backup copy found, using it..
    2010/11/09 19:53:32.0515 C:\WINDOWS\system32\DRIVERS\pci.sys - will be cured after reboot
    2010/11/09 19:53:32.0515 Rootkit.Win32.TDSS.tdl3(PCI) - User select action: Cure
    2010/11/09 19:53:45.0375 Deinitialize success
     
  6. 2010/11/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)
    We just whacked a rootkit.
    Try GMER and DDS now.
     
  7. 2010/11/09
    ProgrammerRandi

    ProgrammerRandi Inactive Thread Starter

    Joined:
    2010/11/09
    Messages:
    16
    Likes Received:
    0
    Grr! Those two still don't like me.
     
  8. 2010/11/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. 2010/11/10
    ProgrammerRandi

    ProgrammerRandi Inactive Thread Starter

    Joined:
    2010/11/09
    Messages:
    16
    Likes Received:
    0
    Didn't need Rkill.

    ComboFix 10-11-09.02 - Virginia Fodi 11/10/2010 10:45:22.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.710 [GMT -5:00]
    Running from: c:\documents and settings\Virginia Fodi\Desktop\ComboFix.exe
    AV: avast! antivirus 4.8.1351 [VPS 101110-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\NetworkService\Application Data\Bitrix Security
    c:\documents and settings\NetworkService\Application Data\Bitrix Security\depto_shrd
    c:\documents and settings\NetworkService\Application Data\Bitrix Security\fsc.txt
    c:\documents and settings\NetworkService\Application Data\Bitrix Security\klgd.bmp
    c:\documents and settings\NetworkService\Application Data\Bitrix Security\obil
    c:\documents and settings\Virginia Fodi\Application Data\Bitrix Security
    c:\documents and settings\Virginia Fodi\Application Data\Bitrix Security\depto_shrd
    c:\documents and settings\Virginia Fodi\Application Data\Bitrix Security\fnrd
    c:\documents and settings\Virginia Fodi\Application Data\Bitrix Security\qnf.txt
    c:\documents and settings\Virginia Fodi\Application Data\Bitrix Security\xaukvmm60_shrd
    c:\documents and settings\Virginia Fodi\Application Data\iniasd.txt
    c:\program files\INSTALL.LOG
    c:\windows\cykezida.scr
    c:\windows\fopabehy.dll
    c:\windows\system\olepro32.dll
    c:\windows\system32\ehbwtjpv.ini
    c:\windows\system32\fonts
    c:\windows\system32\fonts\ACADEMY_.PFB
    c:\windows\system32\fonts\ACADEMY_.PFM
    c:\windows\system32\fonts\ACADEMY_.TTF
    c:\windows\system32\fvklicst.ini
    c:\windows\system32\gjigkjsf.ini
    c:\windows\system32\ngnawsxt.ini
    c:\windows\system32\onjolhqs.ini
    c:\windows\system32\sqassjpu.ini
    c:\windows\system32\voqhvjan.ini

    c:\windows\system32\proquota.exe was missing
    Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_6TO4


    ((((((((((((((((((((((((( Files Created from 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))))))
    .

    2010-11-10 15:51 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
    2010-11-10 15:51 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
    2010-11-09 14:09 . 2010-11-09 14:10 -------- d-----w- c:\documents and settings\Administrator.GINNYS-TOY
    2010-11-08 13:07 . 2010-11-08 13:07 -------- d-----w- c:\documents and settings\Virginia Fodi\Application Data\Malwarebytes
    2010-11-08 13:07 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-08 13:07 . 2010-11-08 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-08 13:07 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-08 13:07 . 2010-11-08 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-08 03:02 . 2010-11-08 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
    2010-11-08 02:38 . 2010-11-08 02:38 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2010-11-08 02:38 . 2008-02-27 15:54 20480 ----a-w- c:\windows\system32\drivers\WLNdis50.sys
    2010-11-08 02:38 . 2010-11-08 02:38 -------- d-----w- c:\program files\TRENDnet
    2010-11-08 02:38 . 2007-07-19 05:40 264576 ----a-w- c:\windows\system32\drivers\RTL8187B.sys
    2010-10-12 14:55 . 2010-10-12 14:55 -------- d-----w- c:\program files\Unlocker
    2010-10-11 18:09 . 2010-10-11 18:09 -------- d-sh--w- c:\documents and settings\Virginia Fodi\IECompatCache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-10 00:54 . 2002-08-29 06:09 68224 ----a-w- c:\windows\system32\drivers\pci.sys
    2010-09-10 20:23 . 2010-09-10 20:23 1409 ----a-w- c:\windows\QTFont.for
    2010-08-14 18:12 . 2010-08-14 18:12 2855 ----a-w- c:\documents and settings\Virginia Fodi\Application Data\svcst.PIF
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DwlClient "= "c:\program files\Common Files\Dell\EUSW\Support.exe" [2005-10-14 69632]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-07-02 155648]
    "BCMSMMSG "= "BCMSMMSG.exe" [2003-08-29 122880]
    "PPort11reminder "= "c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "BrMfcWnd "= "c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
    "ControlCenter3 "= "c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-05-13 151597]
    "NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
    "UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SWHelper "= "c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-09-27 53248]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2010-11-7 368640]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wscsvc "=2 (0x2)
    "SamSs "=2 (0x2)
    "mnmsrvc "=3 (0x3)
    "WMPNetworkSvc "=3 (0x3)
    "WANMiniportService "=2 (0x2)
    "NVSvc "=2 (0x2)
    "NMSSvc "=3 (0x3)
    "MpfService "=2 (0x2)
    "McShield "=2 (0x2)
    "ITMRTSVC "=2 (0x2)
    "iPodService "=3 (0x3)
    "IDriverT "=3 (0x3)
    "aolavupd "=2 (0x2)
    "AOL TopSpeedMonitor "=2 (0x2)
    "AOL ACS "=2 (0x2)
    "sprtsvc_ddoctorv2 "=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "ddoctorv2 "= "c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\America Online 9.0\\waol.exe "=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "=
    "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe "=
    "c:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe "=
    "c:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe "=
    "c:\\Program Files\\America Online 9.0a\\waol.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\Common Files\\AOL\\1122264861\\ee\\aolservicehost.exe "=
    "c:\\Program Files\\Common Files\\aol\\1122264861\\EE\\aolsoftware.exe "=
    "c:\\Program Files\\Common Files\\aol\\TopSpeed\\2.0\\aoltpspd.exe "=
    "c:\\Program Files\\Common Files\\aol\\TopSpeed\\2.0\\aoltsmon.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "54925:UDP "= 54925:UDP:BrotherNetwork Scanner

    R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [9/27/2008 2:37 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [9/27/2008 2:37 PM 20560]
    R2 io.sys;IO.DLL Driver;c:\windows\SYSTEM32\DRIVERS\io.sys [3/16/2008 7:48 PM 5152]
    R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\SYSTEM32\DRIVERS\WLNdis50.sys [11/7/2010 9:38 PM 20480]
    R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\SYSTEM32\DRIVERS\RTL8187B.sys [11/7/2010 9:38 PM 264576]
    S2 WLSVC;WLSVC;c:\program files\TRENDnet\TEW-424UB\WLSVC.exe [11/7/2010 9:38 PM 167936]
    S3 NUVision;Pinnacle DVC 80 Video;c:\windows\SYSTEM32\DRIVERS\nuvvid2.sys [5/9/2004 3:12 PM 155264]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{C7460015-5EBF-4125-942F-A79BE32A92AA}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mWindow Title = Windows Internet Explorer provided by Comcast
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Virginia Fodi\Application Data\Mozilla\Firefox\Profiles\t6beslpa.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{52A96517-3690-45C7-98A9-1DD379F9D9B5} - (no file)
    BHO-{77B30143-8B52-4F16-B0EA-24D9FCB8A432} - (no file)
    ShellExecuteHooks-{52A96517-3690-45C7-98A9-1DD379F9D9B5} - (no file)
    Notify-yaywttsr - yaywttsr.dll
    SafeBoot-klmdb.sys
    AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-10 10:58
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???X???8???@???x???????????????????H???P???? ?w? ?w)??p????????(????????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X???????? "@?e?????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2844)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Common Files\aolshare\aolshcpy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\BCMSMMSG.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-10 11:06:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-10 16:06

    Pre-Run: 14,363,262,976 bytes free
    Post-Run: 14,227,697,664 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    - - End Of File - - FAE3B219505D8C4618AC5F3361DFC518
     
  10. 2010/11/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Combofix log looks good now :)

    How are the issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. 2010/11/10
    ProgrammerRandi

    ProgrammerRandi Inactive Thread Starter

    Joined:
    2010/11/09
    Messages:
    16
    Likes Received:
    0
    CPU Usage seems back to normal and no known popups
    OTL:
    OTL logfile created on: 11/10/2010 8:18:10 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Virginia Fodi\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 712.00 Mb Available Physical Memory | 70.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 27.90 Gb Total Space | 13.10 Gb Free Space | 46.97% Space Free | Partition Type: NTFS
    Drive E: | 96.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: GINNYS-TOY | User Name: Virginia Fodi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/10 20:16:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Virginia Fodi\Desktop\OTL.exe
    PRC - [2009/08/25 12:23:04 | 000,368,640 | ---- | M] () -- C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    PRC - [2009/08/17 11:07:17 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
    PRC - [2009/08/17 11:07:01 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    PRC - [2009/08/17 11:04:21 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    PRC - [2009/08/17 10:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2003/05/12 19:51:59 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/10 20:16:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Virginia Fodi\Desktop\OTL.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2009/08/17 11:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
    SRV - [2009/08/17 11:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
    SRV - [2009/08/17 11:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
    SRV - [2009/08/17 10:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
    SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe -- (WLSVC)
    SRV - [2009/01/07 17:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\spupdsvc.exe -- (spupdsvc)
    SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
    SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
    SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
    SRV - [2002/10/10 04:18:36 | 001,118,208 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel(R)
    SRV - [2002/10/08 12:00:24 | 000,065,536 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2009/08/17 11:06:43 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2009/08/17 11:05:52 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2009/08/17 11:05:37 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009/08/17 11:04:40 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2009/08/17 11:04:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2009/08/17 11:03:21 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/03/16 19:48:42 | 000,005,152 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\io.sys -- (io.sys)
    DRV - [2008/02/27 10:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WLNdis50.sys -- (WLNdis50)
    DRV - [2007/07/19 00:40:08 | 000,264,576 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8187B.sys -- (RTL8187B)
    DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
    DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
    DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
    DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
    DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
    DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
    DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
    DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
    DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
    DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
    DRV - [2003/10/06 14:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
    DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
    DRV - [2003/04/26 11:54:03 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
    DRV - [2003/04/22 14:12:27 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
    DRV - [2003/04/22 14:12:27 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
    DRV - [2003/04/22 14:12:27 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2003/04/22 14:12:27 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2002/12/17 12:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2002/12/17 12:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2002/12/17 12:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
    DRV - [2002/12/16 18:09:06 | 000,030,970 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
    DRV - [2002/11/11 16:52:58 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
    DRV - [2002/10/15 14:59:24 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
    DRV - [2002/10/10 04:18:58 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
    DRV - [2002/10/08 11:57:40 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/12/03 12:55:14 | 000,155,264 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuvvid2.sys -- (NUVision)
    DRV - [2001/12/03 12:55:12 | 000,026,560 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuvaud2.sys -- (nuvaud2)
    DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.comcast.net "
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/29 18:50:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/21 15:58:46 | 000,000,000 | ---D | M]

    [2010/01/11 13:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia Fodi\Application Data\Mozilla\Extensions
    [2010/11/10 00:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia Fodi\Application Data\Mozilla\Firefox\Profiles\t6beslpa.default\extensions
    [2010/09/05 13:09:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Virginia Fodi\Application Data\Mozilla\Firefox\Profiles\t6beslpa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/01/11 13:21:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

    O1 HOSTS File: ([2010/11/10 10:56:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
    O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab (Yahoo! Audio Conferencing)
    O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab (Reg Error: Key error.)
    O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab (IEAnimBehaviorFactory Class)
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O16 - DPF: Yahoo! Pool 2 http://download.games.yahoo.com/games/clients/y/potb_x.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Virginia Fodi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Virginia Fodi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/04/10 13:50:14 | 000,001,838 | R--- | M] () - E:\Autorun.apm -- [ CDFS ]
    O32 - AutoRun File - [2002/12/09 21:00:30 | 001,122,304 | R--- | M] (Indigo Rose Corporation) - E:\Autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2007/06/07 05:43:48 | 000,032,038 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]
    O32 - AutoRun File - [2009/04/10 13:50:16 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.NTN1 - C:\WINDOWS\System32\NUVision.ax (Zoran Ltd.)
    Drivers32: VIDC.PIXL - C:\WINDOWS\System32\pclepixl.dll (Pinnacle Systems)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/10 20:16:29 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Virginia Fodi\Desktop\OTL.exe
    [2010/11/10 18:32:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2010/11/10 10:31:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/11/10 10:28:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/11/10 10:28:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/11/10 10:28:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/11/10 10:28:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/11/10 10:27:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/10 10:22:21 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/09 19:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Virginia Fodi\Desktop\tdsskiller
    [2010/11/08 08:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Virginia Fodi\Application Data\Malwarebytes
    [2010/11/08 08:07:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/08 08:07:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/08 08:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/08 08:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/07 22:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    [2010/11/07 21:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\TRENDnet
    [2010/10/12 09:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker

    ========== Files - Modified Within 30 Days ==========

    [2010/11/10 20:16:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Virginia Fodi\Desktop\OTL.exe
    [2010/11/10 10:56:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
    [2010/11/10 10:55:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2010/11/10 10:55:57 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/10 10:31:37 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
    [2010/11/10 10:21:01 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2010/11/10 10:00:16 | 003,907,211 | R--- | M] () -- C:\Documents and Settings\Virginia Fodi\Desktop\ComboFix.exe
    [2010/11/10 00:30:47 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C7460015-5EBF-4125-942F-A79BE32A92AA}.job
    [2010/11/09 17:43:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/11/08 11:15:44 | 000,007,417 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\My Documents\Bug Fixing.wpd
    [2010/11/08 08:07:25 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/11/07 21:41:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2010/11/07 21:38:28 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
    [2010/11/07 21:38:28 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wireless Configuration Utility.lnk
    [2010/11/07 18:15:58 | 000,365,076 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2010/11/07 18:15:57 | 000,046,080 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2010/10/15 12:37:08 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Desktop\Comcast.net.URL
    [2010/10/13 13:18:29 | 000,422,409 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20101013-141946.backup
    [2010/10/13 12:33:17 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/10/13 12:33:16 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Desktop\Spybot - Search & Destroy.lnk
    [2010/10/12 12:10:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/10/12 10:05:54 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/12 10:03:09 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/10/12 10:03:07 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Desktop\Windows Media Player.lnk

    ========== Files Created - No Company Name ==========

    [2010/11/10 10:31:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/11/10 10:31:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/11/10 10:28:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/11/10 10:28:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/11/10 10:28:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/11/10 10:28:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/11/10 10:28:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/11/10 09:59:38 | 003,907,211 | R--- | C] () -- C:\Documents and Settings\Virginia Fodi\Desktop\ComboFix.exe
    [2010/11/09 21:28:55 | 1072,766,976 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/08 11:15:44 | 000,007,417 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\My Documents\Bug Fixing.wpd
    [2010/11/08 08:07:25 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/07 21:38:28 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
    [2010/11/07 21:38:28 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wireless Configuration Utility.lnk
    [2010/11/07 21:38:27 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
    [2010/10/13 12:33:17 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/10/13 12:33:16 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Desktop\Spybot - Search & Destroy.lnk
    [2010/10/12 10:03:07 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Desktop\Windows Media Player.lnk
    [2010/10/12 09:33:51 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Desktop\Comcast.net.URL
    [2010/09/05 13:22:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2010/08/14 13:12:31 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Application Data\svcst.PIF
    [2009/11/27 17:42:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2009/09/24 09:23:23 | 000,018,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\muguk.bat
    [2009/09/24 09:23:23 | 000,010,490 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Application Data\okepe.vbs
    [2009/09/24 09:23:22 | 000,019,197 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Local Settings\Application Data\iqosaraz.exe
    [2009/09/24 09:23:22 | 000,019,020 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Application Data\qipudanad.scr
    [2009/09/24 09:23:22 | 000,014,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amyf.pif
    [2009/09/24 09:23:22 | 000,012,964 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\etehu._dl
    [2009/09/23 19:16:36 | 000,017,346 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Application Data\enyliq.pif
    [2009/09/23 19:16:36 | 000,016,042 | ---- | C] () -- C:\WINDOWS\System32\cacahol.dll
    [2009/09/23 19:16:36 | 000,013,597 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Application Data\bymob.pif
    [2009/09/23 19:16:36 | 000,011,792 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Application Data\odyhalumig.vbs
    [2009/09/23 19:16:35 | 000,015,581 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iwyzolos.exe
    [2009/09/23 19:16:35 | 000,015,394 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nigojeq.vbs
    [2009/09/23 19:16:35 | 000,013,985 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Local Settings\Application Data\zuheb.scr
    [2009/09/23 19:16:35 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Local Settings\Application Data\uhopa.dat
    [2009/09/23 19:16:35 | 000,011,034 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ijebex._dl
    [2009/09/23 19:16:34 | 000,018,172 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\suxolyzyla.db
    [2009/09/23 19:16:34 | 000,016,812 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Application Data\riqasadaka.ban
    [2009/09/23 19:16:34 | 000,014,246 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Local Settings\Application Data\rujyjevo.dll
    [2009/09/23 19:13:37 | 000,010,786 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Application Data\mudosenuq._sy
    [2009/09/23 19:13:36 | 000,016,313 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vejozaqo.ban
    [2009/09/23 19:13:36 | 000,013,793 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Application Data\donamafero.com
    [2009/09/22 12:49:17 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2009/09/22 12:49:17 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2009/09/22 12:48:54 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2009/09/22 12:48:06 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
    [2009/09/22 12:43:42 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2008/03/16 19:48:42 | 000,005,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\io.sys
    [2007/11/22 17:05:34 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/10/27 08:10:22 | 000,001,189 | ---- | C] () -- C:\WINDOWS\MSIWENG.INI
    [2006/08/09 13:36:49 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
    [2006/08/09 13:36:29 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
    [2006/07/10 16:39:06 | 000,001,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2005/01/08 17:59:38 | 000,000,079 | ---- | C] () -- C:\WINDOWS\upst.ini
    [2004/12/04 19:35:23 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Local Settings\Application Data\fusioncache.dat
    [2004/09/09 13:58:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SOLCON.INI
    [2004/06/07 22:25:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2004/06/07 22:25:55 | 000,000,027 | ---- | C] () -- C:\WINDOWS\upth.ini
    [2004/05/01 16:47:00 | 000,001,168 | ---- | C] () -- C:\WINDOWS\msvxdll.ini
    [2004/05/01 16:43:32 | 000,000,977 | ---- | C] () -- C:\WINDOWS\MYSTERY.INI
    [2004/05/01 16:34:15 | 000,000,053 | ---- | C] () -- C:\WINDOWS\RVBJ.INI
    [2004/01/22 11:00:28 | 000,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
    [2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
    [2003/09/16 14:27:59 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
    [2003/08/26 23:44:27 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
    [2003/08/06 13:41:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2003/05/31 17:53:30 | 000,000,987 | ---- | C] () -- C:\WINDOWS\POWER.INI
    [2003/05/31 17:05:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\STUDPOK.INI
    [2003/05/25 13:58:36 | 000,002,075 | ---- | C] () -- C:\WINDOWS\ANIBJ.INI
    [2003/05/25 13:45:38 | 000,000,149 | ---- | C] () -- C:\WINDOWS\Hallow.ini
    [2003/05/25 13:35:28 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Ultisoft.ini
    [2003/05/25 13:35:28 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Collida.ini
    [2003/05/25 13:35:28 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Brick.ini
    [2003/05/14 17:01:16 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
    [2003/05/14 16:14:01 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2003/05/04 17:56:03 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/04/27 11:42:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Application Data\PFP100JPR.{PB
    [2003/04/27 11:42:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Virginia Fodi\Application Data\PFP100JCM.{PB
    [2003/04/22 14:14:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2003/04/22 14:02:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
    [2003/04/22 14:02:01 | 000,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2003/04/22 13:55:58 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2003/04/22 13:35:18 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2003/03/27 14:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
    [2002/09/03 08:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
    [2002/01/21 14:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll

    ========== LOP Check ==========

    [2008/10/18 16:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
    [2009/09/22 12:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2007/10/26 15:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/01/11 13:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/01/25 12:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2006/08/09 15:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia Fodi\Application Data\BellSouth
    [2010/11/07 23:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia Fodi\Application Data\ComcastToolbar
    [2006/05/23 10:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia Fodi\Application Data\Leadertech
    [2008/09/18 17:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia Fodi\Application Data\PreCast
    [2010/09/25 13:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia Fodi\Application Data\ScanSoft
    [2008/09/07 20:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia Fodi\Application Data\Terrapin
    [2007/10/26 19:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia Fodi\Application Data\TrueSwitch
    [2007/01/25 12:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia Fodi\Application Data\Viewpoint
    [2007/06/26 17:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Virginia Fodi\Application Data\Walgreens
    [2010/11/10 00:30:47 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C7460015-5EBF-4125-942F-A79BE32A92AA}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2005/12/05 21:04:47 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
    [2005/12/05 21:04:47 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
    [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/10/12 12:10:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/11/10 10:31:37 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
    [2002/09/03 08:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/11/10 11:06:35 | 000,013,161 | ---- | M] () -- C:\ComboFix.txt
    [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2003/04/22 13:39:14 | 000,004,978 | RH-- | M] () -- C:\DELL.SDR
    [2010/11/10 10:55:57 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys
    [2002/09/03 08:59:58 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2002/09/03 08:59:58 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2007/10/26 15:39:52 | 000,001,103 | ---- | M] () -- C:\net_save.dna
    [2004/12/17 16:57:10 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/27 16:24:39 | 000,250,048 | RHS- | M] () -- C:\NTLDR
    [2010/11/10 10:55:46 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
    [2003/04/22 14:00:50 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2005/08/15 23:12:07 | 000,000,305 | -H-- | M] () -- C:\T4Metrics.log
    [2010/11/09 19:53:45 | 000,053,338 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_09.11.2010_19.51.24_log.txt
    [2009/04/20 14:58:37 | 000,075,983 | ---- | M] () -- C:\VETlog.dmp
    [2009/04/20 14:58:37 | 001,848,747 | ---- | M] () -- C:\VETlog.txt

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2002/09/03 08:59:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2002/09/03 08:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
    [2002/09/03 08:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
    [2002/09/03 08:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/27 16:34:28 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2004/12/17 17:18:20 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Virginia Fodi\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
    [2003/04/25 16:48:39 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/10 10:00:16 | 003,907,211 | R--- | M] () -- C:\Documents and Settings\Virginia Fodi\Desktop\ComboFix.exe
    [2010/11/10 20:16:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Virginia Fodi\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >
    [2010/07/17 18:31:37 | 000,000,046 | ---- | M] () -- C:\WINDOWS\JAVA\jagex_runescape_preferences.dat
    [2010/07/17 18:30:01 | 000,000,099 | ---- | M] () -- C:\WINDOWS\JAVA\jagex_runescape_preferences2.dat
    [2010/07/17 15:45:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\JAVA\jagex__preferences3.dat

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2003/04/25 18:22:50 | 002,598,120 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\My Documents\Install_AIM.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2002/08/29 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2004/12/17 17:18:20 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Virginia Fodi\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2009/09/24 09:23:23 | 000,014,534 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Cookies\afoke.lib
    [2008/09/23 10:09:57 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Virginia Fodi\Cookies\desktop.ini
    [2009/09/23 19:16:36 | 000,017,959 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Cookies\fuzybedase.bat
    [2009/09/23 19:13:37 | 000,019,165 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Cookies\imocif.db
    [2010/11/10 13:28:35 | 000,622,592 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Cookies\INDEX.DAT
    [2009/09/24 09:23:23 | 000,019,829 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Cookies\ipomixo.bat
    [2009/09/24 09:23:23 | 000,010,396 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Cookies\oqononup.scr
    [2009/09/23 19:13:37 | 000,016,113 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Cookies\ritohagi.reg
    [2009/09/23 19:13:36 | 000,016,614 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Cookies\ufavylani.db
    [2009/09/23 19:16:34 | 000,017,498 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Cookies\uteti.ban
    [2009/09/23 19:16:35 | 000,019,502 | ---- | M] () -- C:\Documents and Settings\Virginia Fodi\Cookies\uvafuxo.lib

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\INF\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/08/20 12:32:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\LOGOWIN.GIF
    [2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\LVBACK.GIF
    [2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\MAILTMPL.TXT
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\MSMSGSIN.EXE
    [2002/08/29 05:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\NEWALERT.WAV
    [2002/08/29 05:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\NEWEMAIL.WAV
    [2002/08/29 05:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\ONLINE.WAV
    [2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\TYPE.WAV
    [2004/07/17 13:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [2000/09/11 07:00:00 | 000,009,597 | ---- | M] () -- C:\WINDOWS\SYSTEM\RDB16.EXE

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

    < End of report >
     
  12. 2010/11/10
    ProgrammerRandi

    ProgrammerRandi Inactive Thread Starter

    Joined:
    2010/11/09
    Messages:
    16
    Likes Received:
    0
    OTL Extras logfile created on: 11/10/2010 8:18:10 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Virginia Fodi\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 712.00 Mb Available Physical Memory | 70.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 27.90 Gb Total Space | 13.10 Gb Free Space | 46.97% Space Free | Partition Type: NTFS
    Drive E: | 96.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: GINNYS-TOY | User Name: Virginia Fodi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
  13. 2010/11/10
    ProgrammerRandi

    ProgrammerRandi Inactive Thread Starter

    Joined:
    2010/11/09
    Messages:
    16
    Likes Received:
    0
    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner
     
  14. 2010/11/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I assume, some more is coming?
     
  15. 2010/11/10
    ProgrammerRandi

    ProgrammerRandi Inactive Thread Starter

    Joined:
    2010/11/09
    Messages:
    16
    Likes Received:
    0
    ========== Authorized Applications List =========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~2.0 -- (America Online, Inc.)
    "C:\Program Files\Common Files\aol\ACS\AOLacsd.exe" = C:\Program Files\Common Files\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
    "C:\Program Files\Common Files\aol\ACS\AOLDial.exe" = C:\Program Files\Common Files\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
    "C:\Program Files\Common Files\aol\1122264861\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\aol\1122264861\EE\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
    "C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
     
  16. 2010/11/10
    ProgrammerRandi

    ProgrammerRandi Inactive Thread Starter

    Joined:
    2010/11/09
    Messages:
    16
    Likes Received:
    0
    Sorry IMG complaints having to split up the Extras file

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AMERIC~2.0 -- (America Online, Inc.)
    "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL -- (Gteko Ltd.)
    "C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Disabled:AOL -- (AOL LLC)
     
  17. 2010/11/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Any reason, you're posting just few lines at a time?
     
  18. 2010/11/10
    ProgrammerRandi

    ProgrammerRandi Inactive Thread Starter

    Joined:
    2010/11/09
    Messages:
    16
    Likes Received:
    0
    "C:\Program Files\Common Files\aol\ACS\AOLDial.exe" = C:\Program Files\Common Files\aol\ACS\AOLDial.exe:*:Disabled:AOL -- (AOL LLC)
    "C:\Program Files\Common Files\aol\ACS\AOLacsd.exe" = C:\Program Files\Common Files\aol\ACS\AOLacsd.exe:*:Disabled:AOL -- (AOL LLC)
    "C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Disabled:AOL -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\1122264861\ee\aolservicehost.exe" = C:\Program Files\Common Files\AOL\1122264861\ee\aolservicehost.exe:*:Disabled:AOL Services -- (America Online, Inc.)
    "C:\Program Files\Common Files\aol\1122264861\EE\aolsoftware.exe" = C:\Program Files\Common Files\aol\1122264861\EE\aolsoftware.exe:*:Disabled:AOL Shared Components -- (America Online, Inc.)
    "C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed -- (America Online Inc)
    "C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\aol\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon -- (America Online, Inc)
     
  19. 2010/11/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I see....
     
  20. 2010/11/10
    ProgrammerRandi

    ProgrammerRandi Inactive Thread Starter

    Joined:
    2010/11/09
    Messages:
    16
    Likes Received:
    0
    Ackk so that is its problem

    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*: Disabled:iTunes -- (Apple Computer, Inc.)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/10/2010 9:24:56 PM | Computer Name = GINNYS-TOY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2010/11/10 20:24:56.984]: [00001892]: GetDeviceIpAddress:
    GetAddressByName [BRN001BA914D669] Error

    Error - 11/10/2010 9:25:31 PM | Computer Name = GINNYS-TOY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2010/11/10 20:25:31.531]: [00001892]: GetDeviceIpAddress:
    GetAddressByName [BRN001BA914D669] Error

    Error - 11/10/2010 9:26:06 PM | Computer Name = GINNYS-TOY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2010/11/10 20:26:06.062]: [00001892]: GetDeviceIpAddress:
    GetAddressByName [BRN001BA914D669] Error

    Error - 11/10/2010 9:26:40 PM | Computer Name = GINNYS-TOY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2010/11/10 20:26:40.562]: [00001892]: GetDeviceIpAddress:
    GetAddressByName [BRN001BA914D669] Error

    Error - 11/10/2010 9:27:15 PM | Computer Name = GINNYS-TOY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2010/11/10 20:27:15.078]: [00001892]: GetDeviceIpAddress:
    GetAddressByName [BRN001BA914D669] Error

    Error - 11/10/2010 9:27:49 PM | Computer Name = GINNYS-TOY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2010/11/10 20:27:49.578]: [00001892]: GetDeviceIpAddress:
    GetAddressByName [BRN001BA914D669] Error

    Error - 11/10/2010 9:28:24 PM | Computer Name = GINNYS-TOY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2010/11/10 20:28:24.109]: [00001892]: GetDeviceIpAddress:
    GetAddressByName [BRN001BA914D669] Error

    Error - 11/10/2010 9:28:58 PM | Computer Name = GINNYS-TOY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2010/11/10 20:28:58.609]: [00001892]: GetDeviceIpAddress:
    GetAddressByName [BRN001BA914D669] Error

    Error - 11/10/2010 9:29:33 PM | Computer Name = GINNYS-TOY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2010/11/10 20:29:33.125]: [00001892]: GetDeviceIpAddress:
    GetAddressByName [BRN001BA914D669] Error

    Error - 11/10/2010 9:30:07 PM | Computer Name = GINNYS-TOY | Source = Brother BrLog | ID = 1001
    Description = STI BrtSTI: [2010/11/10 20:30:07.625]: [00001892]: GetDeviceIpAddress:
    GetAddressByName [BRN001BA914D669] Error

    [ System Events ]
    Error - 11/9/2010 10:42:24 PM | Computer Name = GINNYS-TOY | Source = Service Control Manager | ID = 7001
    Description = The Windows Service Pack Installer update service service depends
    on the Security Accounts Manager service which failed to start because of the following
    error: %%1058

    Error - 11/9/2010 10:43:19 PM | Computer Name = GINNYS-TOY | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
    to connect.

    Error - 11/9/2010 10:43:19 PM | Computer Name = GINNYS-TOY | Source = Service Control Manager | ID = 7000
    Description = The avast! Web Scanner service failed to start due to the following
    error: %%1053

    Error - 11/10/2010 12:58:33 AM | Computer Name = GINNYS-TOY | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.10.4 for the Network Card with network
    address 0014D1A674A3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 11/10/2010 12:58:54 AM | Computer Name = GINNYS-TOY | Source = Dhcp | ID = 1001
    Description = Your computer was not assigned an address from the network (by the
    DHCP Server) for the Network Card with network address 0014D1A674A3. The following
    error occurred: %%1223. Your computer will continue to try and obtain an address
    on its own from the network address (DHCP) server.

    Error - 11/10/2010 1:03:08 AM | Computer Name = GINNYS-TOY | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.10.4 for the Network Card with network
    address 0014D1A674A3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 11/10/2010 1:04:35 AM | Computer Name = GINNYS-TOY | Source = Service Control Manager | ID = 7001
    Description = The Windows Service Pack Installer update service service depends
    on the Security Accounts Manager service which failed to start because of the following
    error: %%1058

    Error - 11/10/2010 11:20:28 AM | Computer Name = GINNYS-TOY | Source = Service Control Manager | ID = 7001
    Description = The Windows Service Pack Installer update service service depends
    on the Security Accounts Manager service which failed to start because of the following
    error: %%1058

    Error - 11/10/2010 11:52:07 AM | Computer Name = GINNYS-TOY | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system
    without first being prepared for removal.

    Error - 11/10/2010 11:58:23 AM | Computer Name = GINNYS-TOY | Source = Service Control Manager | ID = 7001
    Description = The Windows Service Pack Installer update service service depends
    on the Security Accounts Manager service which failed to start because of the following
    error: %%1058


    < End of report >
     
  21. 2010/11/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)
    Yeah, the last one is a double, so I'll delete it and I'll look at your logs....
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.