TechSpot

Can someone help me remove viruses from Windows XP?

By alejandrobadill
May 12, 2011
  1. i got a virus or a malware about 3 days ago, i keep scaning my computer in safe mode because i cant use my normal mode, it keeps freezing on me , so the only way i can use my pc is on safe mode, i keep scaning my computer but oviously i still have more viruses because i still cant use my normal mode, it keeps freezing on me and i cant even open one program , can someone please help me to remove them. i have the logs for malwarebytes anti-malware, hijack this, and combofix. i just got them hours ago so they are the most recent ones.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    You have a history of leaving topics without explanation: http://www.techspot.com/vb/search.php?searchid=2711267
    If it'll happen again, you may not be able to receive any more help in this forum.


    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. alejandrobadill

    alejandrobadill TS Rookie Topic Starter Posts: 42

    ok i did the UPDATED 7-step Viruses/Spyware/Malware Preliminary Removal Instructions
    and here are the logs, this is from malwave bytes


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6567

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    5/13/2011 2:43:51 AM
    mbam-log-2011-05-13 (02-43-51).txt

    Scan type: Quick scan
    Objects scanned: 163935
    Time elapsed: 5 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\program files\mozilla firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    this is from gmer log
    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit quick scan 2011-05-13 17:14:34
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6025GAS rev.KA201A
    Running: wx3cv4m1.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxriypog.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
    Device \Driver\atapi \Device\Ide\IdePort0 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
    Device \Driver\atapi \Device\Ide\IdePort0 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
    Device \Driver\atapi \Device\Ide\IdePort1 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
    Device \Driver\atapi \Device\Ide\IdePort1 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
    this is from dds.
    .
    DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
    Run by Administrator at 18:00:02.81 on Fri 05/13/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1151.691 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrator\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
    mSearch Bar = hxxp://www.google.com
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [ATIModeChange] Ati2mdxx.exe
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wireless-g notebook adapter\Startup.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2004-11-19 5632]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-3-14 13496]
    R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2011-4-17 816672]
    S0 nyuny;nyuny;c:\windows\system32\drivers\tupmc.sys --> c:\windows\system32\drivers\tupmc.sys [?]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-11 441176]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-11 307928]
    S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
    S1 MpKslc2e814ba;MpKslc2e814ba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0de52c27-68b8-4f90-a409-23a207304eb2}\mpkslc2e814ba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0de52c27-68b8-4f90-a409-23a207304eb2}\MpKslc2e814ba.sys [?]
    S1 MpKsld3919f3b;MpKsld3919f3b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0de52c27-68b8-4f90-a409-23a207304eb2}\mpksld3919f3b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0de52c27-68b8-4f90-a409-23a207304eb2}\MpKsld3919f3b.sys [?]
    S1 MpKsldc274f02;MpKsldc274f02;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3ac9f283-0b1a-4b62-8540-854c3b514116}\mpksldc274f02.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3ac9f283-0b1a-4b62-8540-854c3b514116}\MpKsldc274f02.sys [?]
    S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 74480]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-11 19544]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-11 42184]
    S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe --> c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe [?]
    S3 AVC1200;Adaptec AVC-1200 Video Capture;c:\windows\system32\drivers\CA506AV.SYS [2005-6-3 175042]
    S3 ca506aaf;Adaptec USB Audio Filter Driver (WDM);c:\windows\system32\drivers\ca506aaf.sys [2005-10-7 14273]
    S3 IPN2220;Wireless-G Notebook Adapter ver.4.0 Driver;c:\windows\system32\drivers\i2220ntx.sys --> c:\windows\system32\drivers\i2220ntx.sys [?]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
    S3 SQ931;Zoom 2.0 Webcam;c:\windows\system32\drivers\capt931a.sys --> c:\windows\system32\drivers\Capt931a.sys [?]
    S3 tcpip_patcher;tcpip_patcher;\??\c:\program files\warez p2p client\tcpip_patcher.sys --> c:\program files\warez p2p client\tcpip_patcher.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-05-13 08:47:54 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{cdefacad-d5a7-4e51-ae1b-cf379ed813e1}\MpKsla4a262dc.sys
    2011-05-13 08:36:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-13 08:36:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-13 08:36:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-13 01:43:01 -------- d-sha-r- C:\cmdcons
    2011-05-12 23:15:02 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
    2011-05-12 22:44:51 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{cdefacad-d5a7-4e51-ae1b-cf379ed813e1}\MpKsle854bac5.sys
    2011-05-12 20:51:33 -------- d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
    2011-05-12 15:09:59 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{cdefacad-d5a7-4e51-ae1b-cf379ed813e1}\MpKsl9c4b5615.sys
    2011-05-12 06:37:13 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{cdefacad-d5a7-4e51-ae1b-cf379ed813e1}\MpKsl9dc9e1c9.sys
    2011-05-12 05:12:53 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-12 05:12:35 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-12 05:12:17 -------- d-----w- c:\program files\AVAST Software
    2011-05-12 05:12:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
    2011-05-11 06:28:16 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
    2011-05-11 06:27:15 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
    2011-05-11 05:28:09 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{cdefacad-d5a7-4e51-ae1b-cf379ed813e1}\mpengine.dll
    2011-05-09 03:22:37 -------- d-----w- c:\program files\GetMiro Toolbar
    2011-05-09 03:21:03 -------- d-----w- c:\program files\Participatory Culture Foundation
    2011-04-30 09:46:37 -------- d-----w- c:\program files\MP3 My MP3 3.1
    2011-04-18 02:21:07 816672 ----a-w- c:\windows\system32\drivers\AE1000XP.sys
    2011-04-18 02:21:07 226592 ----a-w- c:\windows\system32\RaCoInst.dll
    2011-04-15 04:07:50 -------- d-----w- c:\program files\Xenocode
    .
    ==================== Find3M ====================
    .
    2011-02-23 22:54:12 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    .
    ============= FINISH: 18:01:36.56 ===============


    this is the attach
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/29/2005 12:56:43 PM
    System Uptime: 5/13/2011 5:56:30 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 089C
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | JP8 | 2800/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 7.539 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom 802.11b/g WLAN
    Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_12F8103C&REV_03\4&253A0906&0&10A4
    Manufacturer: Broadcom
    Name: Broadcom 802.11b/g WLAN
    PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_12F8103C&REV_03\4&253A0906&0&10A4
    Service: BCM43XX
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_006B103C&REV_10\4&253A0906&0&18A4
    Manufacturer: Realtek
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_006B103C&REV_10\4&253A0906&0&18A4
    Service: rtl8139
    .
    ==== System Restore Points ===================
    .
    RP1431: 4/30/2011 11:00:56 AM - Software Distribution Service 3.0
    RP1432: 4/30/2011 10:38:13 PM - Software Distribution Service 3.0
    RP1433: 5/2/2011 10:32:03 AM - Software Distribution Service 3.0
    RP1434: 5/3/2011 4:21:49 PM - Software Distribution Service 3.0
    RP1435: 5/3/2011 6:42:18 PM - Removed Brother MFL-Pro Suite
    RP1436: 5/3/2011 6:46:26 PM - Removed AGEIA PhysX v7.07.09
    RP1437: 5/3/2011 6:52:05 PM - Removed BlackBerry Desktop Software 4.2.2.
    RP1438: 5/4/2011 10:28:47 PM - Software Distribution Service 3.0
    RP1439: 5/5/2011 11:04:42 PM - Software Distribution Service 3.0
    RP1440: 5/6/2011 11:53:28 PM - System Checkpoint
    RP1441: 5/7/2011 10:17:10 AM - Software Distribution Service 3.0
    RP1442: 5/8/2011 2:40:41 PM - Software Distribution Service 3.0
    RP1443: 5/9/2011 10:46:22 PM - Software Distribution Service 3.0
    RP1444: 5/10/2011 11:28:02 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.4
    Adobe Shockwave Player 11.5
    Advanced SystemCare 3
    Agere Systems AC'97 Modem
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    avast! Free Antivirus
    Bonjour
    BufferChm
    Camera Window DS
    Camera Window DVC
    Camera Window MC
    CameraMate Real-Time Video Driver
    Canon Camera Window DS for ZoomBrowser EX
    Canon Camera Window DVC for ZoomBrowser EX
    Canon Camera Window for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Cards_Calendar_OrderGift_DoMorePlugout
    CCleaner
    CCScore
    CoreVorbis Audio Decoder (remove only)
    Dawn of War - Dark Crusade
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    eSupportQFolder
    FrostWire 4.21.3
    Game Booster
    Half-Life 2: Deathmatch
    Half-Life 2: Lost Coast
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB945060-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB981793)
    HP Deskjet 3900 series
    HP Help and Support
    HP Imaging Device Functions 5.0
    HP Photosmart Essential 3.5
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.0
    HPDeskjet3900Series
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HpSdpAppCoreApp
    InterActual Player
    InterVideo DiscLabel
    InterVideo WinDVD Creator 2
    iTunes
    Java(TM) 6 Update 11
    Junk Mail filter update
    Kodak EasyShare software
    League of Legends
    Macromedia Flash Player
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional with FrontPage
    Microsoft Search Enhancement Pack
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mirar
    Miro
    MovieEdit Task
    Mozilla Firefox (3.6.17)
    MSN
    MSVCRT
    MSXML 4.0
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 3.5 - SE
    netbrdg
    OfotoXMI
    Pando Media Booster
    PCI 1620 Cardbus Controller and Software
    ProPix DVD
    PSSWCORE
    Quick Launch Buttons 5.10 B5
    QuickTime
    Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
    Recuva
    Rhapsody Player Engine
    Scientific-Atlanta WebSTAR 2000 series Cable Modem
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Segoe UI
    SFR
    SHASTA
    skin0001
    SKINXSDK
    Smart Defrag 2
    SolutionCenter
    Sonic RecordNow!
    Sonic Update Manager
    Sony USB Driver
    SoundMAX
    SP2 Connection Patcher
    Startup Delayer v2.5 (build 138)
    staticcr
    Status
    Steam
    SUPERAntiSpyware Free Edition
    TI1620/1520
    TrayApp
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Veoh Web Player
    VideoToolkit01
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    VPRINTOL
    WebFldrs XP
    WebReg
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WIRELESS
    Wireless-G Notebook Adapter
    Yahoo! Software Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/6/2011 7:59:36 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    5/6/2011 7:12:50 PM, error: Service Control Manager [7000] - The Microsoft .NET Framework v1.1.4322 Update service failed to start due to the following error: The system cannot find the file specified.
    5/13/2011 2:46:27 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    5/13/2011 2:32:03 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
    5/12/2011 8:24:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    5/12/2011 2:30:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.1405.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    5/12/2011 12:44:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi eabfiltr Fips intelppm MpFilter SASDIFSV SASKUTIL
    5/11/2011 3:01:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eabfiltr Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip Tcpip6
    5/11/2011 3:01:18 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    5/11/2011 3:01:18 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/11/2011 3:01:18 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/11/2011 3:01:18 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    5/11/2011 3:01:18 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/11/2011 12:31:19 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.1405.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    5/11/2011 12:31:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    5/11/2011 11:12:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    5/11/2011 1:36:45 PM, error: Dhcp [1002] - The IP address lease 192.168.1.147 for the Network Card with network address 687F74FB1984 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    5/10/2011 11:57:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eabfiltr Fips intelppm MpFilter SASDIFSV SASKUTIL
    5/10/2011 11:57:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    .
    ==== End Of File ===========================
     
  4. alejandrobadill

    alejandrobadill TS Rookie Topic Starter Posts: 42

    ontop of this reply should be all the 4 logs that i needed pasted, i sure hope you guys could help me . thanks.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. alejandrobadill

    alejandrobadill TS Rookie Topic Starter Posts: 42

    AND HERE IS COMBOFIX LOG

    ComboFix 11-05-13.02 - Administrator 05/13/2011 19:00:31.17.1 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1151.792 [GMT -6:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-14 to 2011-05-14 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-14 00:24 . 2011-05-14 00:24 -------- d-----w- c:\program files\7-Zip
    2011-05-13 08:47 . 2011-05-13 08:47 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDEFACAD-D5A7-4E51-AE1B-CF379ED813E1}\MpKsla4a262dc.sys
    2011-05-13 08:36 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-13 08:36 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-13 08:36 . 2011-05-13 08:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-12 23:15 . 2011-05-12 23:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2011-05-12 22:44 . 2011-05-12 22:44 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDEFACAD-D5A7-4E51-AE1B-CF379ED813E1}\MpKsle854bac5.sys
    2011-05-12 20:51 . 2011-05-12 20:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2011-05-12 15:09 . 2011-05-12 15:09 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDEFACAD-D5A7-4E51-AE1B-CF379ED813E1}\MpKsl9c4b5615.sys
    2011-05-12 06:37 . 2011-05-12 06:37 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDEFACAD-D5A7-4E51-AE1B-CF379ED813E1}\MpKsl9dc9e1c9.sys
    2011-05-12 05:12 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-05-12 05:12 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-05-12 05:12 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-05-12 05:12 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-12 05:12 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-05-12 05:12 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-05-12 05:12 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-05-12 05:12 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-05-12 05:12 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-12 05:12 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-05-12 05:12 . 2011-05-12 05:12 -------- d-----w- c:\program files\AVAST Software
    2011-05-12 05:12 . 2011-05-12 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-05-11 06:28 . 2011-05-11 06:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-05-11 06:27 . 2011-05-11 06:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-05-11 05:28 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDEFACAD-D5A7-4E51-AE1B-CF379ED813E1}\mpengine.dll
    2011-05-09 03:22 . 2011-05-09 03:22 -------- d-----w- c:\program files\GetMiro Toolbar
    2011-05-09 03:21 . 2011-05-09 03:21 -------- d-----w- c:\program files\Participatory Culture Foundation
    2011-04-30 09:46 . 2011-05-04 00:44 -------- d-----w- c:\program files\MP3 My MP3 3.1
    2011-04-27 05:14 . 2011-04-27 05:14 -------- d-----w- c:\program files\Recuva
    2011-04-18 02:21 . 2010-06-11 18:13 816672 ----a-w- c:\windows\system32\drivers\AE1000XP.sys
    2011-04-18 02:21 . 2010-06-11 18:13 226592 ----a-w- c:\windows\system32\RaCoInst.dll
    2011-04-15 04:07 . 2011-04-15 04:07 -------- d-----w- c:\program files\Xenocode
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-11 07:04 . 2010-10-20 15:23 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-02-23 23:04 . 2011-03-15 00:25 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2011-02-23 22:54 . 2011-03-15 00:25 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    Wireless-G Notebook Adapter Utility.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2007-5-23 24576]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-11-26 18:16 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\iPod\\bin\\iPodService.exe"=
    "c:\\Program Files\\Linksys\\Wireless-G Notebook Adapter\\Startup.exe"=
    "c:\\Program Files\\Linksys\\Wireless-G Notebook Adapter\\OdHost.exe"=
    "c:\\WINDOWS\\system32\\WgaTray.exe"=
    "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
    "c:\\Program Files\\Steam\\steamapps\\alejandrobadillo99422\\half-life 2 deathmatch\\hl2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\Steam\\steamnew\\Steam.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "58531:TCP"= 58531:TCP:pando Media Booster
    "58531:UDP"= 58531:UDP:pando Media Booster
    "8381:TCP"= 8381:TCP:League of Legends Launcher
    "8381:UDP"= 8381:UDP:League of Legends Launcher
    .
    R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [11/19/2004 6:51 AM 5632]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/14/2011 6:25 PM 13496]
    R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [4/17/2011 8:21 PM 816672]
    S0 nyuny;nyuny;c:\windows\system32\drivers\tupmc.sys --> c:\windows\system32\drivers\tupmc.sys [?]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/11/2011 11:12 PM 441176]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/11/2011 11:12 PM 307928]
    S1 MpKslc2e814ba;MpKslc2e814ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DE52C27-68B8-4F90-A409-23A207304EB2}\MpKslc2e814ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DE52C27-68B8-4F90-A409-23A207304EB2}\MpKslc2e814ba.sys [?]
    S1 MpKsld3919f3b;MpKsld3919f3b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DE52C27-68B8-4F90-A409-23A207304EB2}\MpKsld3919f3b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DE52C27-68B8-4F90-A409-23A207304EB2}\MpKsld3919f3b.sys [?]
    S1 MpKsldc274f02;MpKsldc274f02;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC9F283-0B1A-4B62-8540-854C3B514116}\MpKsldc274f02.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC9F283-0B1A-4B62-8540-854C3B514116}\MpKsldc274f02.sys [?]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 74480]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/11/2011 11:12 PM 19544]
    S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe --> c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [?]
    S3 AVC1200;Adaptec AVC-1200 Video Capture;c:\windows\system32\drivers\CA506AV.SYS [6/3/2005 8:27 PM 175042]
    S3 ca506aaf;Adaptec USB Audio Filter Driver (WDM);c:\windows\system32\drivers\ca506aaf.sys [10/7/2005 1:49 PM 14273]
    S3 IPN2220;Wireless-G Notebook Adapter ver.4.0 Driver;c:\windows\system32\DRIVERS\i2220ntx.sys --> c:\windows\system32\DRIVERS\i2220ntx.sys [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]
    S3 SQ931;Zoom 2.0 Webcam;c:\windows\system32\Drivers\Capt931a.sys --> c:\windows\system32\Drivers\Capt931a.sys [?]
    S3 tcpip_patcher;tcpip_patcher;\??\c:\program files\Warez P2P Client\tcpip_patcher.sys --> c:\program files\Warez P2P Client\tcpip_patcher.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-14 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
    mSearch Bar = hxxp://www.google.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath -
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-13 19:04
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????0?7?4?6??????? ???B???????????????B? ??????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,01,c6,7d,f2,ea,c6,4c,aa,5f,c3,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,01,c6,7d,f2,ea,c6,4c,aa,5f,c3,\
    .
    [HKEY_USERS\S-1-5-21-1310137372-521007463-3697416056-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,f5,03,f1,13,eb,da,40,ae,a4,5e,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,f5,03,f1,13,eb,da,40,ae,a4,5e,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Toolbar\QuickComplete]
    @DACL=(02 0000)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(708)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(176)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2011-05-13 19:06:24
    ComboFix-quarantined-files.txt 2011-05-14 01:06
    ComboFix2.txt 2011-05-14 00:50
    ComboFix3.txt 2011-05-13 02:24
    ComboFix4.txt 2011-05-12 20:48
    ComboFix5.txt 2011-05-14 00:58
    .
    Pre-Run: 8,183,193,600 bytes free
    Post-Run: 8,173,912,064 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 5613B5ED30CE6101424C577FCFAA4E03
     
  7. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    You posted Attach.txt part of DDS instead of Bootkit Remover log.
    Please redo.
     
  8. alejandrobadill

    alejandrobadill TS Rookie Topic Starter Posts: 42

    SORRY ABOUT THAT, OK HERE YOU GO
    .\debug.cpp(238) : Debug log started at 14.05.2011 - 00:31:22
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.0
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x804d7000 0x00216a80 "\WINDOWS\system32\ntoskrnl.exe"
    .\debug.cpp(256) : 0x806ee000 0x00020300 "\WINDOWS\system32\hal.dll"
    .\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
    .\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
    .\debug.cpp(256) : 0xba059000 0x0002e000 "ACPI.sys"
    .\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
    .\debug.cpp(256) : 0xba048000 0x00011000 "pci.sys"
    .\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
    .\debug.cpp(256) : 0xba0b8000 0x00010000 "ohci1394.sys"
    .\debug.cpp(256) : 0xba0c8000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
    .\debug.cpp(256) : 0xba4bc000 0x00003000 "compbatt.sys"
    .\debug.cpp(256) : 0xba4c0000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
    .\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
    .\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
    .\debug.cpp(256) : 0xba5ac000 0x00002000 "aliide.sys"
    .\debug.cpp(256) : 0xba5ae000 0x00002000 "viaide.sys"
    .\debug.cpp(256) : 0xba5b0000 0x00002000 "intelide.sys"
    .\debug.cpp(256) : 0xba02a000 0x0001e000 "pcmcia.sys"
    .\debug.cpp(256) : 0xba0d8000 0x0000b000 "MountMgr.sys"
    .\debug.cpp(256) : 0xba00b000 0x0001f000 "ftdisk.sys"
    .\debug.cpp(256) : 0xba4c4000 0x00003000 "ACPIEC.sys"
    .\debug.cpp(256) : 0xba671000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
    .\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
    .\debug.cpp(256) : 0xba5b2000 0x00002000 "atiide.sys"
    .\debug.cpp(256) : 0xba0e8000 0x0000d000 "VolSnap.sys"
    .\debug.cpp(256) : 0xb9ff3000 0x00018000 "atapi.sys"
    .\debug.cpp(256) : 0xba0f8000 0x00009000 "disk.sys"
    .\debug.cpp(256) : 0xba108000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0xb9fd3000 0x00020000 "fltmgr.sys"
    .\debug.cpp(256) : 0xb9fc1000 0x00012000 "sr.sys"
    .\debug.cpp(256) : 0xba118000 0x00009000 "PxHelp20.sys"
    .\debug.cpp(256) : 0xb9faa000 0x00017000 "KSecDD.sys"
    .\debug.cpp(256) : 0xb9f1d000 0x0008d000 "Ntfs.sys"
    .\debug.cpp(256) : 0xb9ef0000 0x0002d000 "NDIS.sys"
    .\debug.cpp(256) : 0xba128000 0x00010000 "serial.sys"
    .\debug.cpp(256) : 0xba5b4000 0x00002000 "SmartDefragDriver.sys"
    .\debug.cpp(256) : 0xb9ed6000 0x0001a000 "Mup.sys"
    .\debug.cpp(256) : 0xba4c8000 0x00003000 "tiumflt.sys"
    .\debug.cpp(256) : 0xba4cc000 0x00004000 "atisgkaf.sys"
    .\debug.cpp(256) : 0xba53c000 0x00003000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
    .\debug.cpp(256) : 0xba544000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
    .\debug.cpp(256) : 0xba350000 0x00005000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
    .\debug.cpp(256) : 0xb9e59000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
    .\debug.cpp(256) : 0xba148000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
    .\debug.cpp(256) : 0xba550000 0x00003000 "\SystemRoot\system32\drivers\pfc.sys"
    .\debug.cpp(256) : 0xba360000 0x00006000 "\SystemRoot\system32\drivers\iviaspi.sys"
    .\debug.cpp(256) : 0xba158000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
    .\debug.cpp(256) : 0xba168000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
    .\debug.cpp(256) : 0xb9e36000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
    .\debug.cpp(256) : 0xba55c000 0x00003000 "\SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys"
    .\debug.cpp(256) : 0xba178000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
    .\debug.cpp(256) : 0xba378000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0xb9e1f000 0x00017000 "\SystemRoot\system32\DRIVERS\Apfiltr.sys"
    .\debug.cpp(256) : 0xba388000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0xba398000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys"
    .\debug.cpp(256) : 0xba3a0000 0x00006000 "\SystemRoot\system32\drivers\tiumfwl.sys"
    .\debug.cpp(256) : 0xba3a8000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
    .\debug.cpp(256) : 0xba188000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0xba570000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0xb9e08000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0xba198000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0xba1a8000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0xba3c8000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0xb9dcf000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
    .\debug.cpp(256) : 0xba1b8000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
    .\debug.cpp(256) : 0xba3d8000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
    .\debug.cpp(256) : 0xba3e8000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
    .\debug.cpp(256) : 0xba1c8000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
    .\debug.cpp(256) : 0xba5ba000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
    .\debug.cpp(256) : 0xb9d71000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
    .\debug.cpp(256) : 0xba584000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
    .\debug.cpp(256) : 0xba1d8000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0xba5be000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0xba1e8000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0xb9e91000 0x00003000 "\SystemRoot\System32\Drivers\cdrbsvsd.SYS"
    .\debug.cpp(256) : 0xba5c2000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
    .\debug.cpp(256) : 0xba745000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0xba5c6000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0xba410000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0xb9c95000 0x00014000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0xba5ca000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0xba420000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0xba430000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0xb9e85000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
    .\debug.cpp(256) : 0xb9c62000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
    .\debug.cpp(256) : 0xb9c09000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
    .\debug.cpp(256) : 0xb9be3000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
    .\debug.cpp(256) : 0xb9bbb000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0xb9b83000 0x00038000 "\SystemRoot\system32\DRIVERS\tcpip6.sys"
    .\debug.cpp(256) : 0xba458000 0x00005000 "\SystemRoot\System32\Drivers\aswRdr.SYS"
    .\debug.cpp(256) : 0xba228000 0x00009000 "\SystemRoot\system32\drivers\ip6fw.sys"
    .\debug.cpp(256) : 0xb9b61000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
    .\debug.cpp(256) : 0xba238000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0xb9b36000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0xb9ac6000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0xba568000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
    .\debug.cpp(256) : 0xba258000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
    .\debug.cpp(256) : 0xba468000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0xba478000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
    .\debug.cpp(256) : 0xb99d7000 0x000c7000 "\SystemRoot\system32\DRIVERS\AE1000XP.sys"
    .\debug.cpp(256) : 0xb9dec000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
    .\debug.cpp(256) : 0xba278000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
    .\debug.cpp(256) : 0xb9cc9000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
    .\debug.cpp(256) : 0xb99bf000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
    .\debug.cpp(256) : 0xba5da000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
    .\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0xb9cb1000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0xba4b0000 0x00005000 "\SystemRoot\System32\watchdog.sys"
    .\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
    .\debug.cpp(256) : 0xba6cc000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
    .\debug.cpp(256) : 0xbff50000 0x00003000 "\SystemRoot\System32\framebuf.dll"
    .\debug.cpp(256) : 0xbffa0000 0x00047000 "\SystemRoot\System32\ATMFD.DLL"
    .\debug.cpp(256) : 0xb977f000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
    .\debug.cpp(256) : 0xb94cf000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0xba380000 0x00006000 "\SystemRoot\System32\Drivers\TDTCP.SYS"
    .\debug.cpp(256) : 0xb9434000 0x00023000 "\SystemRoot\System32\Drivers\RDPWD.SYS"
    .\debug.cpp(256) : 0xba490000 0x00007000 "\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys"
    .\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&102a0dbb&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000006d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDRBSVSD"
    .\debug.cpp(400) : Destination "\Device\CDRBSVSD"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_0035&SUBSYS_00351033&REV_43#4&253a0906&0&38A4#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000046"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FD1975FE-835D-4731-A515-963E35C1F393}"
    .\debug.cpp(400) : Destination "\Device\{FD1975FE-835D-4731-A515-963E35C1F393}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000040"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
    .\debug.cpp(400) : Destination "\Device\Ip"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{b12f5ee5-b8de-11d9-a9c1-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
    .\debug.cpp(400) : Destination "\Device\IPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{576D289D-F42A-4212-97E7-6EB65DB53672}"
    .\debug.cpp(400) : Destination "\Device\{576D289D-F42A-4212-97E7-6EB65DB53672}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000055"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8201&SUBSYS_006B103C&REV_01#4&253a0906&0&22A4#{987c3999-9362-4781-a2b7-d6606899c3a0}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
    .\debug.cpp(400) : Destination "\Device\Tun0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip6"
    .\debug.cpp(400) : Destination "\Device\Ip6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000047"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RW_GWA-4080N_______________0C09____#304b353152313247343720382020202020202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0b38&Pid_0010#6&5419c4e&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_0035&SUBSYS_00351033&REV_43#4&253a0906&0&39A4#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_AC54&SUBSYS_006B103C&REV_01#4&253a0906&0&21A4#{d617a521-94df-11d6-80ad-0001020c74d4}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_AC54&SUBSYS_006B103C&REV_01#4&253a0906&0&20A4#{d617a521-94df-11d6-80ad-0001020c74d4}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
    .\debug.cpp(400) : Destination "\Device\CompositeBattery"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&51d1cee&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
    .\debug.cpp(400) : Destination "\Device\IPNAT"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
    .\debug.cpp(400) : Destination "\Device\PSched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
    .\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SmartDefragDevice"
    .\debug.cpp(400) : Destination "\Device\SmartDefragDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#5&2c2c4e33&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{b12f5ee4-b8de-11d9-a9c1-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#5&1d23f6d1&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000048"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{28A57067-14A9-4165-B919-89F4A8FAD93F}"
    .\debug.cpp(400) : Destination "\Device\{28A57067-14A9-4165-B919-89F4A8FAD93F}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IVIaspi0"
    .\debug.cpp(400) : Destination "\Device\IVIaspi0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskTOSHIBA_MK6025GAS_______________________KA201A__#5&a63e6f1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&102a0dbb&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000006e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
    .\debug.cpp(400) : Destination "\Device\USBFDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0FEAE90F-0A91-46F1-BA98-7B55B433B762}"
    .\debug.cpp(400) : Destination "\Device\{0FEAE90F-0A91-46F1-BA98-7B55B433B762}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
    .\debug.cpp(400) : Destination "\Device\USBFDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4347&SUBSYS_434C1002&REV_01#3&61aaa01&0&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000042"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
    .\debug.cpp(400) : Destination "\Device\USBFDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1f940ae&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000059"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_413c&Pid_3200#6&5419c4e&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Apfiltr"
    .\debug.cpp(400) : Destination "\Device\Apfiltr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Paspi0"
    .\debug.cpp(400) : Destination "\Device\Paspi0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia0"
    .\debug.cpp(400) : Destination "\Device\Pcmcia0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia1"
    .\debug.cpp(400) : Destination "\Device\Pcmcia1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0478B7B6-D9B0-4107-9260-079ED453B765}"
    .\debug.cpp(400) : Destination "\Device\{0478B7B6-D9B0-4107-9260-079ED453B765}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_0b38&Pid_0010&MI_00#8&29a15fac&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_413c&Pid_3200#7&4c38fc7&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000008f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_13b1&Pid_002f#6&6f91ff2&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D3278DB8-46EA-499D-99F0-348755FCEE33}"
    .\debug.cpp(400) : Destination "\Device\{D3278DB8-46EA-499D-99F0-348755FCEE33}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_13b1&Pid_002f#6&6f91ff2&0&2#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#5&399c7b62&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NdisWanIp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RW_GWA-4080N_______________0C09____#304b353152313247343720382020202020202020#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_0b38&Pid_0010&MI_01&Col01#8&136b1e3&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000093"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RW_GWA-4080N_______________0C09____#304b353152313247343720382020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_00E0&SUBSYS_00E01033&REV_04#4&253a0906&0&3AA4#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature94E494E4Offset7E00LengthDF87B0000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000041"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
    .\debug.cpp(400) : Destination "\Device\ParTechInc0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
    .\debug.cpp(400) : Destination "\Device\IPMULTICAST"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4348&SUBSYS_434C1002&REV_01#3&61aaa01&0&99#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
    .\debug.cpp(400) : Destination "\Device\NdisWanBh"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
    .\debug.cpp(400) : Destination "\Device\ParTechInc1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
    .\debug.cpp(400) : Destination "\Device\LanmanRedirector"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
    .\debug.cpp(400) : Destination "\Device\ParTechInc2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_0b38&Pid_0010&MI_01&Col02#8&136b1e3&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000094"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_0b38&Pid_0010&MI_00#8&29a15fac&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip6fw"
    .\debug.cpp(400) : Destination "\Device\Ip6fw"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\FtControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr"
    .\debug.cpp(400) : Destination "\Device\mbr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"
    .\debug.cpp(400) : Destination "\Device\ASWRDR"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{05F3B516-3163-44FD-8F3B-E7D66EA4DDD6}"
    .\debug.cpp(400) : Destination "\Device\{05F3B516-3163-44FD-8F3B-E7D66EA4DDD6}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
    .\debug.cpp(400) : Destination "\Device\Ndisuio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000004a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000049"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{03FD0E01-5CD5-49D1-8756-C26DB2FA7AF7}"
    .\debug.cpp(400) : Destination "\Device\{03FD0E01-5CD5-49D1-8756-C26DB2FA7AF7}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_413c&Pid_3200#7&4c38fc7&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000008f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{091862C5-1E2E-4BFF-B470-9CC651FBA0B9}"
    .\debug.cpp(400) : Destination "\Device\{091862C5-1E2E-4BFF-B470-9CC651FBA0B9}"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: 99ed1954602173ef14b43a708afaa354
    .\boot_cleaner.cpp(1060) :
    .\boot_cleaner.cpp(1061) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1062) : --------------------------------------------
    .\boot_cleaner.cpp(1106) : 55 GB \\.\PhysicalDrive0 Unknown boot code
    .\boot_cleaner.cpp(1112) :
    .\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
    .\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
    .\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
    .\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
    .\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
    .\boot_cleaner.cpp(1129) :
    .\boot_cleaner.cpp(1151) : Done;
     
  9. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\tupmc.sys
    
    Driver::
    nyuny
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  10. alejandrobadill

    alejandrobadill TS Rookie Topic Starter Posts: 42

    ok here is the new combofix log with CFScript.txt in it

    ComboFix 11-05-13.02 - Administrator 05/13/2011 19:40:22.18.1 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1151.808 [GMT -6:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    FILE ::
    "c:\windows\system32\drivers\tupmc.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_nyuny
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-14 to 2011-05-14 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-14 00:24 . 2011-05-14 00:24 -------- d-----w- c:\program files\7-Zip
    2011-05-13 08:47 . 2011-05-13 08:47 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDEFACAD-D5A7-4E51-AE1B-CF379ED813E1}\MpKsla4a262dc.sys
    2011-05-13 08:36 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-13 08:36 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-13 08:36 . 2011-05-13 08:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-12 23:15 . 2011-05-12 23:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2011-05-12 22:44 . 2011-05-12 22:44 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDEFACAD-D5A7-4E51-AE1B-CF379ED813E1}\MpKsle854bac5.sys
    2011-05-12 20:51 . 2011-05-12 20:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2011-05-12 15:09 . 2011-05-12 15:09 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDEFACAD-D5A7-4E51-AE1B-CF379ED813E1}\MpKsl9c4b5615.sys
    2011-05-12 06:37 . 2011-05-12 06:37 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDEFACAD-D5A7-4E51-AE1B-CF379ED813E1}\MpKsl9dc9e1c9.sys
    2011-05-12 05:12 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-05-12 05:12 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-05-12 05:12 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-05-12 05:12 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-12 05:12 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-05-12 05:12 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-05-12 05:12 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-05-12 05:12 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-05-12 05:12 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-12 05:12 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-05-12 05:12 . 2011-05-12 05:12 -------- d-----w- c:\program files\AVAST Software
    2011-05-12 05:12 . 2011-05-12 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-05-11 06:28 . 2011-05-11 06:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-05-11 06:27 . 2011-05-11 06:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-05-11 05:28 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CDEFACAD-D5A7-4E51-AE1B-CF379ED813E1}\mpengine.dll
    2011-05-09 03:22 . 2011-05-09 03:22 -------- d-----w- c:\program files\GetMiro Toolbar
    2011-05-09 03:21 . 2011-05-09 03:21 -------- d-----w- c:\program files\Participatory Culture Foundation
    2011-04-30 09:46 . 2011-05-04 00:44 -------- d-----w- c:\program files\MP3 My MP3 3.1
    2011-04-27 05:14 . 2011-04-27 05:14 -------- d-----w- c:\program files\Recuva
    2011-04-18 02:21 . 2010-06-11 18:13 816672 ----a-w- c:\windows\system32\drivers\AE1000XP.sys
    2011-04-18 02:21 . 2010-06-11 18:13 226592 ----a-w- c:\windows\system32\RaCoInst.dll
    2011-04-15 04:07 . 2011-04-15 04:07 -------- d-----w- c:\program files\Xenocode
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-11 07:04 . 2010-10-20 15:23 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-02-23 23:04 . 2011-03-15 00:25 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2011-02-23 22:54 . 2011-03-15 00:25 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    Wireless-G Notebook Adapter Utility.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2007-5-23 24576]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-11-26 18:16 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\iPod\\bin\\iPodService.exe"=
    "c:\\Program Files\\Linksys\\Wireless-G Notebook Adapter\\Startup.exe"=
    "c:\\Program Files\\Linksys\\Wireless-G Notebook Adapter\\OdHost.exe"=
    "c:\\WINDOWS\\system32\\WgaTray.exe"=
    "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
    "c:\\Program Files\\Steam\\steamapps\\alejandrobadillo99422\\half-life 2 deathmatch\\hl2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\Steam\\steamnew\\Steam.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "58531:TCP"= 58531:TCP:pando Media Booster
    "58531:UDP"= 58531:UDP:pando Media Booster
    "8381:TCP"= 8381:TCP:League of Legends Launcher
    "8381:UDP"= 8381:UDP:League of Legends Launcher
    .
    R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [11/19/2004 6:51 AM 5632]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/14/2011 6:25 PM 13496]
    R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [4/17/2011 8:21 PM 816672]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/11/2011 11:12 PM 441176]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/11/2011 11:12 PM 307928]
    S1 MpKslc2e814ba;MpKslc2e814ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DE52C27-68B8-4F90-A409-23A207304EB2}\MpKslc2e814ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DE52C27-68B8-4F90-A409-23A207304EB2}\MpKslc2e814ba.sys [?]
    S1 MpKsld3919f3b;MpKsld3919f3b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DE52C27-68B8-4F90-A409-23A207304EB2}\MpKsld3919f3b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DE52C27-68B8-4F90-A409-23A207304EB2}\MpKsld3919f3b.sys [?]
    S1 MpKsldc274f02;MpKsldc274f02;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC9F283-0B1A-4B62-8540-854C3B514116}\MpKsldc274f02.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC9F283-0B1A-4B62-8540-854C3B514116}\MpKsldc274f02.sys [?]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 74480]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/11/2011 11:12 PM 19544]
    S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe --> c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [?]
    S3 AVC1200;Adaptec AVC-1200 Video Capture;c:\windows\system32\drivers\CA506AV.SYS [6/3/2005 8:27 PM 175042]
    S3 ca506aaf;Adaptec USB Audio Filter Driver (WDM);c:\windows\system32\drivers\ca506aaf.sys [10/7/2005 1:49 PM 14273]
    S3 IPN2220;Wireless-G Notebook Adapter ver.4.0 Driver;c:\windows\system32\DRIVERS\i2220ntx.sys --> c:\windows\system32\DRIVERS\i2220ntx.sys [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]
    S3 SQ931;Zoom 2.0 Webcam;c:\windows\system32\Drivers\Capt931a.sys --> c:\windows\system32\Drivers\Capt931a.sys [?]
    S3 tcpip_patcher;tcpip_patcher;\??\c:\program files\Warez P2P Client\tcpip_patcher.sys --> c:\program files\Warez P2P Client\tcpip_patcher.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-14 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
    mSearch Bar = hxxp://www.google.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath -
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-13 19:47
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????0?7?4?6??????? ???B???????????????B? ??????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,01,c6,7d,f2,ea,c6,4c,aa,5f,c3,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,01,c6,7d,f2,ea,c6,4c,aa,5f,c3,\
    .
    [HKEY_USERS\S-1-5-21-1310137372-521007463-3697416056-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,f5,03,f1,13,eb,da,40,ae,a4,5e,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,f5,03,f1,13,eb,da,40,ae,a4,5e,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Toolbar\QuickComplete]
    @DACL=(02 0000)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(708)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(1636)
    c:\windows\system32\WININET.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    .
    **************************************************************************
    .
    Completion time: 2011-05-13 19:52:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-14 01:52
    ComboFix2.txt 2011-05-14 01:06
    ComboFix3.txt 2011-05-14 00:50
    ComboFix4.txt 2011-05-13 02:24
    ComboFix5.txt 2011-05-14 01:38
    .
    Pre-Run: 8,180,977,664 bytes free
    Post-Run: 8,170,016,768 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 9EDAA3A913FFA06C298C9528CCBC325D
     
  11. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Have you tried to restart in normal mode?
     
  12. alejandrobadill

    alejandrobadill TS Rookie Topic Starter Posts: 42

    Not get, ok give me a minute to see how it responds to me.
     
  13. alejandrobadill

    alejandrobadill TS Rookie Topic Starter Posts: 42

    ok i runed it in normal mode, but still freezes on me, i cant open not even one program or open the start options, it freezes right wen it barely windows starts. is it still a virus or is it somenthing more bad?
     
  14. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  15. alejandrobadill

    alejandrobadill TS Rookie Topic Starter Posts: 42

    it said threats not founds here is the report

    2011/05/13 20:43:23.0953 1460 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
    2011/05/13 20:43:24.0437 1460 ================================================================================
    2011/05/13 20:43:24.0437 1460 SystemInfo:
    2011/05/13 20:43:24.0437 1460
    2011/05/13 20:43:24.0437 1460 OS Version: 5.1.2600 ServicePack: 3.0
    2011/05/13 20:43:24.0437 1460 Product type: Workstation
    2011/05/13 20:43:24.0437 1460 ComputerName: ALEJANDRO
    2011/05/13 20:43:24.0437 1460 UserName: Administrator
    2011/05/13 20:43:24.0437 1460 Windows directory: C:\WINDOWS
    2011/05/13 20:43:24.0437 1460 System windows directory: C:\WINDOWS
    2011/05/13 20:43:24.0437 1460 Processor architecture: Intel x86
    2011/05/13 20:43:24.0437 1460 Number of processors: 1
    2011/05/13 20:43:24.0437 1460 Page size: 0x1000
    2011/05/13 20:43:24.0437 1460 Boot type: Safe boot with network
    2011/05/13 20:43:24.0437 1460 ================================================================================
    2011/05/13 20:43:24.0812 1460 Initialize success
    2011/05/13 20:43:36.0484 1284 ================================================================================
    2011/05/13 20:43:36.0484 1284 Scan started
    2011/05/13 20:43:36.0484 1284 Mode: Manual;
    2011/05/13 20:43:36.0484 1284 ================================================================================
    2011/05/13 20:43:39.0703 1284 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2011/05/13 20:43:40.0218 1284 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/05/13 20:43:40.0375 1284 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2011/05/13 20:43:40.0843 1284 AE1000 (678c8fdb9d6094d41f322b7159853c54) C:\WINDOWS\system32\DRIVERS\AE1000XP.sys
    2011/05/13 20:43:41.0015 1284 aeaudio (2c5b1f8142a96233c07c93328b5ea635) C:\WINDOWS\system32\drivers\aeaudio.sys
    2011/05/13 20:43:41.0343 1284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/05/13 20:43:41.0687 1284 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/05/13 20:43:42.0031 1284 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    2011/05/13 20:43:42.0765 1284 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/05/13 20:43:43.0171 1284 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    2011/05/13 20:43:43.0343 1284 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/05/13 20:43:44.0171 1284 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2011/05/13 20:43:44.0375 1284 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
    2011/05/13 20:43:44.0656 1284 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
    2011/05/13 20:43:44.0875 1284 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
    2011/05/13 20:43:45.0125 1284 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
    2011/05/13 20:43:45.0312 1284 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
    2011/05/13 20:43:45.0546 1284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/05/13 20:43:45.0781 1284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/05/13 20:43:46.0062 1284 ati2mtag (604cbaf6f8aa2fd1f928dceb8acf7111) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/05/13 20:43:46.0359 1284 atiide (899c9f94ed5ec5eff71aa6e17a084419) C:\WINDOWS\system32\DRIVERS\atiide.sys
    2011/05/13 20:43:46.0578 1284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/05/13 20:43:46.0781 1284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/05/13 20:43:47.0109 1284 AVC1200 (52f73c85e64c20386a23bd3ef192a423) C:\WINDOWS\system32\DRIVERS\CA506AV.SYS
    2011/05/13 20:43:47.0312 1284 BCM43XX (d87b4e14e890091d8e64fb5c570cf192) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    2011/05/13 20:43:47.0515 1284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/05/13 20:43:47.0859 1284 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
    2011/05/13 20:43:48.0031 1284 ca506aaf (a2b7864b7092cd29d2932432daeb9eec) C:\WINDOWS\system32\drivers\ca506aaf.sys
    2011/05/13 20:43:48.0203 1284 CA561 (57cc65392f9d128fb16423c88bd1da8d) C:\WINDOWS\system32\Drivers\SPCA561.SYS
    2011/05/13 20:43:48.0437 1284 caboagp (10d5fb74ee18ea49c30daaa203c0e0ec) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
    2011/05/13 20:43:48.0687 1284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/05/13 20:43:48.0890 1284 CBTNDIS5 (181b4a19965024a2afa01fa2102b2a2d) C:\WINDOWS\system32\CBTNDIS5.SYS
    2011/05/13 20:43:49.0093 1284 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/05/13 20:43:49.0406 1284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/05/13 20:43:49.0640 1284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/05/13 20:43:49.0890 1284 cdrbsvsd (48c76b30185a93df2875b7cd8244ecd9) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
    2011/05/13 20:43:50.0078 1284 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/05/13 20:43:50.0531 1284 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/05/13 20:43:50.0843 1284 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/05/13 20:43:51.0640 1284 DevUpper (5dc28c3458fcc7258edd9f817bad8cc7) C:\WINDOWS\system32\DRIVERS\tiumflt.sys
    2011/05/13 20:43:51.0843 1284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/05/13 20:43:52.0093 1284 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/05/13 20:43:52.0328 1284 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/05/13 20:43:52.0546 1284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/05/13 20:43:52.0718 1284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/05/13 20:43:53.0140 1284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/05/13 20:43:53.0343 1284 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
    2011/05/13 20:43:53.0609 1284 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
    2011/05/13 20:43:53.0859 1284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/05/13 20:43:54.0015 1284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/05/13 20:43:54.0234 1284 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/05/13 20:43:54.0390 1284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/05/13 20:43:54.0562 1284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/05/13 20:43:54.0906 1284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/05/13 20:43:55.0015 1284 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/05/13 20:43:55.0156 1284 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/05/13 20:43:55.0406 1284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/05/13 20:43:55.0578 1284 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/05/13 20:43:55.0984 1284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/05/13 20:43:56.0515 1284 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/05/13 20:43:56.0765 1284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/05/13 20:43:57.0171 1284 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/05/13 20:43:57.0296 1284 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/05/13 20:43:57.0593 1284 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/05/13 20:43:57.0750 1284 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/05/13 20:43:57.0921 1284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/05/13 20:43:58.0250 1284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/05/13 20:43:58.0437 1284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/05/13 20:43:58.0890 1284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/05/13 20:43:59.0046 1284 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/05/13 20:43:59.0218 1284 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
    2011/05/13 20:43:59.0531 1284 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/05/13 20:43:59.0687 1284 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/05/13 20:43:59.0812 1284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/05/13 20:44:00.0078 1284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/05/13 20:44:00.0468 1284 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
    2011/05/13 20:44:00.0750 1284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/05/13 20:44:00.0906 1284 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/05/13 20:44:01.0031 1284 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/05/13 20:44:01.0296 1284 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/05/13 20:44:01.0546 1284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/05/13 20:44:01.0750 1284 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    2011/05/13 20:44:02.0406 1284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/05/13 20:44:02.0609 1284 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/05/13 20:44:02.0921 1284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/05/13 20:44:03.0109 1284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/05/13 20:44:03.0265 1284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/05/13 20:44:03.0515 1284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/05/13 20:44:03.0671 1284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/05/13 20:44:03.0890 1284 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/05/13 20:44:04.0109 1284 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/05/13 20:44:04.0250 1284 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/05/13 20:44:04.0468 1284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/05/13 20:44:04.0671 1284 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/05/13 20:44:04.0812 1284 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/05/13 20:44:04.0984 1284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/05/13 20:44:05.0187 1284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/05/13 20:44:05.0343 1284 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/05/13 20:44:05.0546 1284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/05/13 20:44:05.0781 1284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/05/13 20:44:06.0078 1284 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/05/13 20:44:06.0359 1284 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
    2011/05/13 20:44:06.0562 1284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/05/13 20:44:06.0703 1284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/05/13 20:44:07.0000 1284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/05/13 20:44:07.0156 1284 nuvaud2 (42231b2b553d6ad63660e7c805223918) C:\WINDOWS\system32\DRIVERS\nuvaud2.sys
    2011/05/13 20:44:07.0343 1284 nuvvid2 (302ff12613ac71ec73b25f383f32b6d0) C:\WINDOWS\system32\DRIVERS\nuvvid2.sys
    2011/05/13 20:44:07.0609 1284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/05/13 20:44:07.0750 1284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/05/13 20:44:07.0921 1284 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/05/13 20:44:08.0125 1284 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/05/13 20:44:08.0296 1284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/05/13 20:44:08.0421 1284 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/05/13 20:44:08.0656 1284 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/05/13 20:44:08.0921 1284 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/05/13 20:44:09.0171 1284 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2011/05/13 20:44:09.0390 1284 PD0620VID (ea296b87ba381c640b441d95f90785f8) C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
    2011/05/13 20:44:10.0500 1284 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
    2011/05/13 20:44:10.0781 1284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/05/13 20:44:10.0921 1284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/05/13 20:44:11.0078 1284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/05/13 20:44:11.0312 1284 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/05/13 20:44:12.0078 1284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/05/13 20:44:12.0281 1284 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    2011/05/13 20:44:12.0437 1284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/05/13 20:44:12.0609 1284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/05/13 20:44:12.0828 1284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/05/13 20:44:12.0984 1284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/05/13 20:44:13.0109 1284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/05/13 20:44:13.0359 1284 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/05/13 20:44:13.0578 1284 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/05/13 20:44:14.0000 1284 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    2011/05/13 20:44:14.0203 1284 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/05/13 20:44:14.0453 1284 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
    2011/05/13 20:44:14.0718 1284 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/05/13 20:44:14.0843 1284 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    2011/05/13 20:44:14.0953 1284 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    2011/05/13 20:44:15.0312 1284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/05/13 20:44:15.0562 1284 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
    2011/05/13 20:44:15.0859 1284 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/05/13 20:44:16.0000 1284 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/05/13 20:44:16.0203 1284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/05/13 20:44:16.0640 1284 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/05/13 20:44:16.0796 1284 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
    2011/05/13 20:44:17.0062 1284 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
    2011/05/13 20:44:17.0296 1284 smwdm (f5209eef04a7a4420e6677242c4a0b02) C:\WINDOWS\system32\drivers\smwdm.sys
    2011/05/13 20:44:17.0843 1284 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
    2011/05/13 20:44:18.0328 1284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/05/13 20:44:18.0734 1284 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/05/13 20:44:18.0906 1284 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/05/13 20:44:19.0218 1284 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/05/13 20:44:19.0390 1284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/05/13 20:44:19.0578 1284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/05/13 20:44:20.0468 1284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/05/13 20:44:20.0703 1284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/05/13 20:44:20.0890 1284 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    2011/05/13 20:44:21.0296 1284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/05/13 20:44:21.0500 1284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/05/13 20:44:21.0640 1284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/05/13 20:44:21.0875 1284 tiumfwl (65e8e81c2f40abce9db98fd232f86bf8) C:\WINDOWS\system32\drivers\tiumfwl.sys
    2011/05/13 20:44:22.0265 1284 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    2011/05/13 20:44:22.0562 1284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/05/13 20:44:22.0796 1284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/05/13 20:44:23.0296 1284 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/05/13 20:44:23.0437 1284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/05/13 20:44:23.0718 1284 USBCM (d21cde1c635bcc5053463579eee453cf) C:\WINDOWS\system32\DRIVERS\639599.sys
    2011/05/13 20:44:23.0890 1284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/05/13 20:44:24.0046 1284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/05/13 20:44:24.0250 1284 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/05/13 20:44:24.0390 1284 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/05/13 20:44:24.0593 1284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/05/13 20:44:24.0828 1284 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/05/13 20:44:25.0000 1284 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/05/13 20:44:25.0171 1284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/05/13 20:44:25.0390 1284 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/05/13 20:44:25.0578 1284 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/05/13 20:44:25.0828 1284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/05/13 20:44:26.0156 1284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/05/13 20:44:26.0718 1284 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2011/05/13 20:44:26.0937 1284 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/05/13 20:44:27.0140 1284 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/05/13 20:44:27.0343 1284 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/05/13 20:44:27.0718 1284 ================================================================================
    2011/05/13 20:44:27.0718 1284 Scan finished
    2011/05/13 20:44:27.0718 1284 ================================================================================
     
  16. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    See, if you re-run Combofix in normal mode.
     
  17. alejandrobadill

    alejandrobadill TS Rookie Topic Starter Posts: 42

    i cant, i cant run any programs in normal mode. i just tried it.
     
  18. alejandrobadill

    alejandrobadill TS Rookie Topic Starter Posts: 42

    The only thing that it does is , i double click it to run it, a green bar apear,s it gets full , and thats it, nothing more happens, i leaved the computer like this for a while and nothing happened. And i cant run any programs.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. alejandrobadill

    alejandrobadill TS Rookie Topic Starter Posts: 42

    ok here are the OTL LOG IN 2 SEPARATE REPLYS BECAUSE ITS TOO LONG I CANT PUT IT IN ONE SINGLE POST. SO THIS IS THE FIRST PART
    OTL logfile created on: 5/14/2011 10:35:14 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.88 Gb Total Space | 7.60 Gb Free Space | 13.61% Space Free | Partition Type: NTFS

    Computer Name: ALEJANDRO | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/14 10:33:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/14 10:33:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (NetFxUpdate_v1.1.4322)
    SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
    SRV - [2011/05/10 06:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2003/11/13 13:29:40 | 000,455,680 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe -- (NICSer_WPC54G)
    SRV - [2002/09/20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


    ========== Driver Services (SafeList) ==========

    DRV - [2011/05/10 06:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/05/10 06:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/05/10 06:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/05/10 06:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/05/10 05:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/05/10 05:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/05/10 05:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV - [2010/06/11 12:13:54 | 000,816,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AE1000XP.sys -- (AE1000)
    DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2009/11/26 12:16:25 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2009/11/26 12:16:24 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2009/01/15 17:17:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2005/04/24 19:57:36 | 000,091,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
    DRV - [2005/03/06 17:52:20 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\639599.sys -- (USBCM)
    DRV - [2004/11/29 18:51:52 | 000,122,928 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPCA561.SYS -- (CA561)
    DRV - [2004/08/24 20:19:00 | 001,268,204 | R--- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2004/08/04 12:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2004/08/02 02:29:00 | 000,151,808 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (nuvvid2)
    DRV - [2004/08/02 02:29:00 | 000,027,872 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2)
    DRV - [2004/04/26 10:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2004/04/15 02:52:22 | 000,005,632 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
    DRV - [2004/04/14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
    DRV - [2004/03/25 16:54:24 | 000,680,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2003/10/24 00:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
    DRV - [2003/10/07 21:40:00 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
    DRV - [2003/08/08 18:00:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
    DRV - [2003/07/16 23:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
    DRV - [2003/06/06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
    DRV - [2003/04/29 05:38:08 | 000,010,940 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
    DRV - [2003/04/23 09:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
    DRV - [2003/02/18 18:00:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
    DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
    DRV - [2002/09/20 11:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
    DRV - [2002/07/21 04:47:28 | 000,175,042 | R--- | M] (Sunplus Technology Co. LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CA506AV.SYS -- (AVC1200)
    DRV - [2002/07/21 04:47:28 | 000,014,273 | R--- | M] (Sunplus Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ca506aaf.sys -- (ca506aaf) Adaptec USB Audio Filter Driver (WDM)
    DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

    IE - HKU\S-1-5-21-1310137372-521007463-3697416056-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
    IE - HKU\S-1-5-21-1310137372-521007463-3697416056-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/11 23:12:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 11:00:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 18:42:55 | 000,000,000 | ---D | M]

    [2011/05/09 22:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/03/04 18:44:00 | 000,000,000 | ---D | M] (Kwanzy) -- C:\Program Files\Mozilla Firefox\extensions\{4E551550-1870-479D-BF66-DF77900E100E}(2)

    O1 HOSTS File: ([2011/05/13 19:46:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Value error. File not found
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Value error. File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
    O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1310137372-521007463-3697416056-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1310137372-521007463-3697416056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1310137372-521007463-3697416056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1310137372-521007463-3697416056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab (Reg Error: Key error.)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
    O24 - Desktop WallPaper: C:\WINDOWS\Amber Migration.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Amber Migration.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
    Drivers32: VIDC.NTN1 - C:\WINDOWS\System32\NUVision.ax (Zoran Ltd.)
    Drivers32: VIDC.SP40 - C:\WINDOWS\System32\SP40_32.DLL (Microsoft Corporation)
    Drivers32: VIDC.SP41 - C:\WINDOWS\System32\SP4X_32.DLL (Microsoft Corporation)
    Drivers32: VIDC.SP42 - C:\WINDOWS\System32\SP4X_32.DLL (Microsoft Corporation)
    Drivers32: VIDC.SP43 - C:\WINDOWS\System32\SP4X_32.DLL (Microsoft Corporation)
    Drivers32: VIDC.SP44 - C:\WINDOWS\System32\SP4X_32.DLL (Microsoft Corporation)
    Drivers32: VIDC.SP45 - C:\WINDOWS\System32\SP4X_32.DLL (Microsoft Corporation)
    Drivers32: VIDC.SP46 - C:\WINDOWS\System32\SP4X_32.DLL (Microsoft Corporation)
    Drivers32: VIDC.SP47 - C:\WINDOWS\System32\SP4X_32.DLL (Microsoft Corporation)

    CREATERESTOREPOINT
    Error starting restore point: The function was called in safe mode.
    Error closing restore point: The sequence number is invalid.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/14 10:32:52 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2011/05/14 01:19:15 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/05/13 20:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tdsskiller
    [2011/05/13 20:06:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/05/13 19:52:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/05/13 19:39:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/05/13 18:30:59 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Administrator\Desktop\remover.exe
    [2011/05/13 18:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
    [2011/05/13 18:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2011/05/13 02:36:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/05/13 02:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/13 02:36:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/05/13 02:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/13 02:35:32 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/05/12 17:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2011/05/12 14:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    [2011/05/11 23:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/05/11 23:12:58 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/05/11 23:12:58 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/05/11 23:12:54 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/05/11 23:12:53 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/05/11 23:12:53 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/05/11 23:12:52 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/05/11 23:12:52 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/05/11 23:12:50 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/05/11 23:12:35 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/05/11 23:12:33 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/05/11 23:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/05/11 23:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/05/11 00:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
    [2011/05/11 00:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
    [2011/05/11 00:28:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
    [2011/05/11 00:27:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
    [2011/05/08 21:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\GetMiro Toolbar
    [2011/05/08 21:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Miro
    [2011/05/08 21:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation
    [2011/04/30 03:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 My MP3 3.1
    [2011/04/26 23:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
    [2011/04/26 23:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
    [2011/04/17 20:21:07 | 000,816,672 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\AE1000XP.sys
    [2011/04/17 20:21:07 | 000,226,592 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
    [2011/04/14 22:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
    [2006/08/09 17:10:41 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\639599.sys
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/05/14 10:33:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2011/05/14 08:11:14 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/05/14 08:05:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/05/14 08:04:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/05/13 20:42:40 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
    [2011/05/13 19:46:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/05/13 19:39:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/05/13 18:59:49 | 000,000,327 | ---- | M] () -- C:\Boot.bak
    [2011/05/13 18:58:04 | 004,347,800 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2011/05/13 18:27:30 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\bootkit_remover.rar
    [2011/05/13 18:23:59 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\7z920.exe
    [2011/05/13 18:00:01 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2011/05/13 17:10:46 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wx3cv4m1.exe
    [2011/05/13 03:09:33 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/05/13 02:36:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/13 02:35:41 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/05/11 23:12:59 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/05/11 23:12:53 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/05/11 23:11:59 | 056,923,744 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\setup_av_free.exe
    [2011/05/10 06:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/05/10 06:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/05/10 06:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/05/10 06:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/05/10 06:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/05/10 06:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/05/10 06:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/05/10 05:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/05/10 05:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/05/10 05:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/05/08 21:22:20 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
    [2011/05/05 23:25:31 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/04/26 23:14:52 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
    [2011/04/17 20:22:48 | 000,433,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/17 20:22:48 | 000,067,858 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\viyinibi
    [2011/05/13 20:42:28 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
    [2011/05/13 18:57:44 | 004,347,800 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2011/05/13 18:27:27 | 000,039,605 | ---- | C] () -- C:\Documents and
     
  21. alejandrobadill

    alejandrobadill TS Rookie Topic Starter Posts: 42

    OK SECOND PART OF THE OTL REPORT

    Settings\Administrator\Desktop\bootkit_remover.rar
    [2011/05/13 18:23:47 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\7z920.exe
    [2011/05/13 17:59:46 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2011/05/13 16:43:13 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wx3cv4m1.exe
    [2011/05/13 02:36:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/11 23:12:59 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/05/11 23:11:44 | 056,923,744 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\setup_av_free.exe
    [2011/05/08 21:22:20 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
    [2011/04/26 23:14:52 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
    [2011/04/17 20:21:07 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
    [2011/03/14 18:25:49 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
    [2011/03/14 18:25:49 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
    [2010/06/15 14:40:30 | 000,102,364 | ---- | C] () -- C:\WINDOWS\hpqins13.dat.temp
    [2010/04/11 19:34:10 | 000,014,832 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1nsO3pTQCOnL
    [2010/04/11 11:45:46 | 000,001,424 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\xiNN54TR6Jl5
    [2010/04/11 11:45:46 | 000,001,424 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xiNN54TR6Jl5
    [2010/04/04 21:32:34 | 000,015,656 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VHx0W
    [2010/04/03 02:32:34 | 000,001,344 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH
    [2010/04/03 02:32:33 | 000,001,344 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Wv7V1mEL4UH
    [2010/03/29 21:43:05 | 000,001,206 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\5lRk1
    [2010/03/29 21:43:05 | 000,001,206 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5lRk1
    [2010/03/23 18:27:13 | 000,001,010 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\20xYJkS83BHk4
    [2010/03/23 18:27:12 | 000,001,010 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\20xYJkS83BHk4
    [2010/03/23 17:09:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2010/03/14 04:27:30 | 000,003,748 | ---- | C] () -- C:\WINDOWS\System32\jegiwgi.dat
    [2010/01/18 23:09:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/12/15 13:06:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
    [2009/11/25 21:48:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2009/07/21 14:58:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2009/02/15 00:22:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2009/02/15 00:22:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2009/02/15 00:22:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2009/01/18 15:19:45 | 000,001,172 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2008/12/22 18:26:44 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\za.dat
    [2008/07/27 15:59:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\NogaTw.INI
    [2008/07/21 13:27:47 | 000,046,468 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2008/04/10 13:15:11 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2007/12/25 01:46:05 | 000,019,521 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
    [2007/11/06 01:19:15 | 000,078,918 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
    [2007/11/06 01:19:14 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
    [2007/11/06 01:18:16 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
    [2007/11/06 01:18:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2007/04/24 20:21:58 | 000,001,134 | ---- | C] () -- C:\WINDOWS\eReg.dat
    [2007/02/22 22:31:01 | 000,000,212 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2007/02/22 22:31:01 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2007/02/22 22:31:00 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
    [2007/02/22 22:29:03 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2007/02/22 22:29:03 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2006/10/07 13:26:08 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/08/09 21:26:58 | 000,008,976 | ---- | C] () -- C:\WINDOWS\deldirs.EXE
    [2006/08/09 21:26:58 | 000,000,104 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/08/09 17:10:44 | 000,053,693 | R--- | C] () -- C:\WINDOWS\639601.sys
    [2006/08/09 17:10:42 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2A.exe
    [2006/04/29 11:36:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
    [2006/04/29 11:20:52 | 000,040,610 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2006/04/29 11:20:16 | 000,699,112 | ---- | C] () -- C:\WINDOWS\cd32.exe
    [2006/02/22 13:35:13 | 000,000,191 | ---- | C] () -- C:\WINDOWS\hpfaxset.ini
    [2006/02/22 13:13:05 | 000,019,968 | R--- | C] () -- C:\WINDOWS\System32\RunSetup.dll
    [2006/01/31 18:47:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2006/01/27 11:57:33 | 000,033,533 | ---- | C] () -- C:\WINDOWS\System32\CoreVorbis-uninstall.exe
    [2005/10/05 22:08:26 | 000,003,718 | ---- | C] () -- C:\WINDOWS\extend.dat
    [2005/06/03 20:27:02 | 000,014,379 | R--- | C] () -- C:\WINDOWS\TW5A.INI
    [2005/04/30 06:23:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2005/04/30 04:04:48 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2005/04/29 13:27:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2005/04/29 13:27:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2005/04/29 13:27:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2005/04/29 13:27:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2005/04/29 13:27:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2005/04/29 13:27:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2004/11/19 07:19:08 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/11/19 07:09:09 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2004/11/19 06:58:47 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
    [2004/08/07 07:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/07 07:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/08/07 07:10:30 | 000,433,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/07 07:10:30 | 000,067,858 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/07 07:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/07 07:02:54 | 000,253,472 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/07 06:57:54 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/07 06:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/04 02:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
    [2004/08/04 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 02:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
    [2004/08/04 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 02:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
    [2004/08/04 02:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
    [2004/08/04 02:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
    [2004/08/04 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/03/25 16:53:04 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
    [2004/03/16 01:28:00 | 000,048,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
    [2004/02/25 20:46:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2003/02/19 18:00:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
    [2002/05/28 02:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2002/05/28 02:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [1996/11/17 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
    [1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
    [1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
    [1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

    ========== LOP Check ==========

    [2010/10/20 09:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2011/05/11 23:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2010/04/11 19:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
    [2011/02/01 21:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
    [2007/04/28 21:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gramerrorstorechic
    [2009/02/11 00:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2011/03/14 18:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2007/06/28 14:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Move Bash Eq Plan
    [2004/11/19 07:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    [2011/02/03 18:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2009/06/22 22:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
    [2011/01/20 00:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
    [2010/02/18 18:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/12/25 22:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2011/05/14 08:11:14 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2005/08/24 23:06:10 | 000,000,040 | ---- | M] () -- C:\Auth.prof
    [2011/05/13 18:59:49 | 000,000,327 | ---- | M] () -- C:\Boot.bak
    [2011/05/13 19:39:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/05/13 19:52:20 | 000,016,862 | ---- | M] () -- C:\ComboFix.txt
    [2005/10/24 18:41:46 | 000,032,331 | ---- | M] () -- C:\DNSP1.LOG
    [2007/11/25 01:45:19 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
    [2010/12/01 12:18:12 | 000,000,076 | ---- | M] () -- C:\DVDPATH.TXT
    [2005/10/22 12:16:49 | 000,004,959 | -H-- | M] () -- C:\ffastun.ffa
    [2005/10/22 12:16:49 | 000,311,296 | -H-- | M] () -- C:\ffastun.ffl
    [2005/10/22 12:16:49 | 000,135,168 | -H-- | M] () -- C:\ffastun.ffo
    [2005/10/22 12:16:49 | 001,290,240 | -H-- | M] () -- C:\ffastun0.ffx
    [2005/10/24 18:35:58 | 000,000,086 | ---- | M] () -- C:\HSC.log
    [2005/06/03 09:17:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/02/09 00:36:15 | 000,000,439 | -H-- | M] () -- C:\IPH.PH
    [2010/06/15 15:11:46 | 000,707,852 | ---- | M] () -- C:\logfile
    [2005/06/03 09:17:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2005/10/24 18:36:51 | 000,012,716 | ---- | M] () -- C:\mszone.log
    [2005/10/24 18:37:35 | 000,000,087 | ---- | M] () -- C:\muvee.log
    [2010/06/07 12:29:02 | 000,001,234 | ---- | M] () -- C:\net_save.dna
    [2004/08/04 02:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
    [2011/02/01 20:37:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/05/14 08:04:08 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys
    [2005/10/24 18:39:56 | 000,000,161 | ---- | M] () -- C:\sedinst.log
    [2005/10/24 18:39:55 | 000,000,189 | ---- | M] () -- C:\sedinst2.log
    [2007/02/21 21:16:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2007/03/09 21:01:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2007/06/26 23:39:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2007/06/26 23:50:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2007/07/11 22:18:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2007/11/04 23:25:34 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2008/02/06 23:44:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2008/03/06 20:54:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2008/04/18 22:09:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2008/09/27 13:10:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2008/10/11 17:36:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2008/10/11 22:55:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2008/11/28 00:31:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2009/01/04 18:39:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2009/07/25 10:55:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2007/02/21 21:16:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2007/03/09 21:01:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2007/06/26 23:39:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2007/06/26 23:50:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2007/07/11 22:18:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2007/11/04 23:25:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2008/02/06 23:44:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2008/03/06 20:54:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2008/04/18 22:09:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2008/09/27 13:10:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2008/10/11 17:36:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2008/10/11 22:55:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2008/11/28 00:31:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2009/01/04 18:39:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2009/07/25 10:55:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2005/10/24 18:40:47 | 000,017,198 | ---- | M] () -- C:\sunjava.log
    [2007/10/22 23:42:00 | 000,919,874 | ---- | M] () -- C:\TB.log
    [2011/05/13 20:54:29 | 000,047,550 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_13.05.2011_20.43.23_log.txt
    [2010/03/28 14:35:00 | 000,398,592 | ---- | M] () -- C:\work.log

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/07 06:57:38 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2005/04/08 20:43:36 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
    [2003/06/18 19:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/05/10 06:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/04/17 01:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/06 23:45:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/06 23:45:26 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/06 23:45:26 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2011/02/01 20:46:34 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2004/11/19 06:56:24 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/07 07:04:04 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/05/13 18:23:59 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\7z920.exe
    [2011/05/13 18:58:04 | 004,347,800 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2011/05/13 02:35:41 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/05/14 10:33:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Documents and Settings\Administrator\Desktop\remover.exe
    [2011/05/13 17:10:46 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wx3cv4m1.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2002/07/21 04:47:28 | 000,007,431 | R--- | M] () -- C:\WINDOWS\TW5A.SRC
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2011/05/11 23:11:59 | 056,923,744 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\setup_av_free.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2004/11/19 06:56:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/05/14 10:31:22 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 18:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

    < End of report >
     
  22. alejandrobadill

    alejandrobadill TS Rookie Topic Starter Posts: 42

    AND NOW HERE IT IS THE EXTRAS LOG

    OTL Extras logfile created on: 5/14/2011 10:35:14 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.88 Gb Total Space | 7.60 Gb Free Space | 13.61% Space Free | Partition Type: NTFS

    Computer Name: ALEJANDRO | User Name: Administrator | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "58531:TCP" = 58531:TCP:*:Enabled:pando Media Booster
    "58531:UDP" = 58531:UDP:*:Enabled:pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "58531:TCP" = 58531:TCP:*:Enabled:pando Media Booster
    "58531:UDP" = 58531:UDP:*:Enabled:pando Media Booster
    "8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
    "8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
    "C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe" = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe:*:Enabled:Startup -- ()
    "C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe" = C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe:*:Enabled:OdHost -- ()
    "C:\WINDOWS\system32\WgaTray.exe" = C:\WINDOWS\system32\WgaTray.exe:*:Enabled:WgaTray -- (Microsoft Corporation)
    "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware -- (SUPERAntiSpyware.com)
    "C:\Program Files\Steam\steamapps\alejandrobadillo99422\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\steamapps\alejandrobadillo99422\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\Steam\steamnew\Steam.exe" = C:\Program Files\Steam\steamnew\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
    "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
    "{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}" = Wireless-G Notebook Adapter
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{37E31FCE-A048-4D8C-B167-31891BCF6585}" = muvee autoProducer 3.5 - SE
    "{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
    "{38A076B0-94A5-4E3E-A686-7A2F27534D69}" = Mirar
    "{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends
    "{3C818E20-D069-4C2F-A008-10334A418995}" = CameraMate Real-Time Video Driver
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
    "{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
    "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{649C7197-6E44-4DD9-81E3-78C122BCECEE}" = ProPix DVD
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{6B350CA4-0031-0002-3131-34999AD85AEC}" = InterVideo WinDVD Creator 2
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{97355297-21C8-40CD-96D3-48E58037A9B8}" = TI1620/1520
    "{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
    "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
    "{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B5
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
    "7-Zip" = 7-Zip 9.20
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced SystemCare 3_is1" = Advanced SystemCare 3
    "Agere Systems Soft Modem" = Agere Systems AC'97 Modem
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "avast" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
    "FrostWire" = FrostWire 4.21.3
    "Game Booster_is1" = Game Booster
    "HijackThis" = HijackThis 2.0.2
    "HP Imaging Device Functions" = HP Imaging Device Functions 5.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{3C818E20-D069-4C2F-A008-10334A418995}" = CameraMate Real-Time Video Driver
    "InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
    "InstallShield_{649C7197-6E44-4DD9-81E3-78C122BCECEE}" = ProPix DVD
    "InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
    "InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
    "InstallShield_{97355297-21C8-40CD-96D3-48E58037A9B8}" = PCI 1620 Cardbus Controller and Software
    "InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
    "InterActual Player" = InterActual Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Miro" = Miro
    "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Recuva" = Recuva
    "Smart Defrag 2_is1" = Smart Defrag 2
    "SP2ConnectionPatcher" = SP2 Connection Patcher
    "Startup Delayer" = Startup Delayer v2.5 (build 138)
    "Steam App 320" = Half-Life 2: Deathmatch
    "Steam App 340" = Half-Life 2: Lost Coast
    "Veoh Web Player Beta" = Veoh Web Player
    "WebSTAR DPC2100 Uninstall" = Scientific-Atlanta WebSTAR 2000 series Cable Modem
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/11/2011 2:31:19 AM | Computer Name = ALEJANDRO | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
    3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 5/11/2011 2:31:28 AM | Computer Name = ALEJANDRO | Source = Microsoft Security Client | ID = 5000
    Description =

    Error - 5/12/2011 2:24:52 AM | Computer Name = ALEJANDRO | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x715b9e59.

    Error - 5/12/2011 4:30:10 PM | Computer Name = ALEJANDRO | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
    3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 5/13/2011 8:09:36 PM | Computer Name = ALEJANDRO | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
    3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 5/13/2011 8:41:55 PM | Computer Name = ALEJANDRO | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x715b9e59.

    Error - 5/13/2011 8:48:21 PM | Computer Name = ALEJANDRO | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x715b9e59.

    Error - 5/13/2011 8:49:19 PM | Computer Name = ALEJANDRO | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x715b9e59.

    Error - 5/13/2011 9:00:19 PM | Computer Name = ALEJANDRO | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x715b9e59.

    Error - 5/13/2011 9:04:23 PM | Computer Name = ALEJANDRO | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x715b9e59.

    [ System Events ]
    Error - 5/14/2011 2:51:14 AM | Computer Name = ALEJANDRO | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Aavmker4 aswSP aswTdi eabfiltr Fips intelppm MpFilter SASDIFSV SASKUTIL

    Error - 5/14/2011 2:59:04 AM | Computer Name = ALEJANDRO | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 5/14/2011 3:03:30 AM | Computer Name = ALEJANDRO | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 5/14/2011 3:04:13 AM | Computer Name = ALEJANDRO | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Aavmker4 aswSP aswTdi eabfiltr Fips intelppm MpFilter SASDIFSV SASKUTIL

    Error - 5/14/2011 3:07:50 AM | Computer Name = ALEJANDRO | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 5/14/2011 3:24:39 AM | Computer Name = ALEJANDRO | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 5/14/2011 3:25:20 AM | Computer Name = ALEJANDRO | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Aavmker4 aswSP aswTdi eabfiltr Fips intelppm MpFilter SASDIFSV SASKUTIL

    Error - 5/14/2011 3:30:14 AM | Computer Name = ALEJANDRO | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 5/14/2011 10:05:25 AM | Computer Name = ALEJANDRO | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 5/14/2011 10:06:03 AM | Computer Name = ALEJANDRO | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Aavmker4 aswSP aswTdi eabfiltr Fips intelppm MpFilter SASDIFSV SASKUTIL


    < End of report >
     
  23. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (NetFxUpdate_v1.1.4322)
      SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
      SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Value error. File not found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Value error. File not found
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
      O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} http://forms.real.com/real/player/do...e_Inst_Win.cab (Reg Error: Key error.)
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [2010/04/11 19:34:10 | 000,014,832 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1nsO3pTQCOnL
      [2010/04/11 11:45:46 | 000,001,424 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\xiNN54TR6Jl5
      [2010/04/11 11:45:46 | 000,001,424 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xiNN54TR6Jl5
      [2010/04/04 21:32:34 | 000,015,656 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VHx0W
      [2010/04/03 02:32:34 | 000,001,344 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH
      [2010/04/03 02:32:33 | 000,001,344 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Wv7V1mEL4UH
      [2010/03/29 21:43:05 | 000,001,206 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\5lRk1
      [2010/03/29 21:43:05 | 000,001,206 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5lRk1
      [2010/03/23 18:27:13 | 000,001,010 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\20xYJkS83BHk4
      [2010/03/23 18:27:12 | 000,001,010 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\20xYJkS83BHk4
      [2010/04/11 19:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
      [2008/12/25 22:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
      @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
     
  24. alejandrobadill

    alejandrobadill TS Rookie Topic Starter Posts: 42

    ok here it is the log.

    All processes killed
    ========== OTL ==========
    Service NetFxUpdate_v1.1.4322 stopped successfully!
    Service NetFxUpdate_v1.1.4322 deleted successfully!
    Service CLTNetCnService stopped successfully!
    Service CLTNetCnService deleted successfully!
    Service ACDaemon stopped successfully!
    Service ACDaemon deleted successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
    Starting removal of ActiveX control {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
    C:\WINDOWS\Downloaded Program Files\RhapX.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ not found.
    Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
    C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\SETB3.tmp deleted successfully.
    C:\WINDOWS\System32\SETB5.tmp deleted successfully.
    C:\WINDOWS\System32\SETC1.tmp deleted successfully.
    C:\WINDOWS\002928_.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\1nsO3pTQCOnL moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\xiNN54TR6Jl5 moved successfully.
    C:\Documents and Settings\All Users\Application Data\xiNN54TR6Jl5 moved successfully.
    C:\Documents and Settings\All Users\Application Data\VHx0W moved successfully.
    C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Wv7V1mEL4UH moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\5lRk1 moved successfully.
    C:\Documents and Settings\All Users\Application Data\5lRk1 moved successfully.
    C:\Documents and Settings\All Users\Application Data\20xYJkS83BHk4 moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\20xYJkS83BHk4 moved successfully.
    C:\Documents and Settings\All Users\Application Data\avG folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 20048020 bytes
    ->Flash cache emptied: 2454 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 52929 bytes

    User: INES AURORA BADILLO
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes
    ->FireFox cache emptied: 2245903 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 10352 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 1008 bytes
    ->Flash cache emptied: 34977 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7902 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 3032974 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 24.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: INES AURORA BADILLO

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Owner

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 05142011_111522

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  25. Broni

    Broni Malware Annihilator Posts: 52,899   +344

     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...