Svchost.exe usage high & redirecting of search results

Solved
By Kayuri
Jun 21, 2011
Topic Status:
Not open for further replies.
  1. Hello there!
    As the title suggests, one of my svchosts is being extremely greedy with my memory usage, and simultaneously my web search results have been re-directed to different sites, as well as an occasional new tab (with "bad" site ratings from WOT) popping up as well. This just started happening today, about 2 hours ago. Here are the logs you requested in the Preliminary Removal (they will be posted in subsequent replies due to post length if needed).
    Any help from hereon out would be greatly appreciated. My thanks in advance! :)
    -----
    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6907

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    6/20/2011 8:22:35 PM
    mbam-log-2011-06-20 (20-22-34).txt

    Scan type: Quick scan
    Objects scanned: 204367
    Time elapsed: 27 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    -----
    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-20 21:03:43
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.8.16
    Running: 1s22pbgs.exe; Driver: C:\DOCUME~1\RAMONL~1\LOCALS~1\Temp\agtdypod.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 832F251B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 832F251B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 832F251B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 832F251B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 832F251B

    AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Plus 5.0/McAfee Security)
    AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Plus 5.0/McAfee Security)
    AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Plus 5.0/McAfee Security)
    AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Plus 5.0/McAfee Security)
    AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    -----DDS
    .
    DDS (Ver_2011-06-12.02) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
    Run by RAMON LAT at 20:46:47 on 2011-06-20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.39 [GMT -7:00]
    .
    AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: Personal Firewall Plus *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Nexon\Mabinogi\npkcmsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\2Wire Wireless Manager\2Wire.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Documents and Settings\RAMON LAT\Desktop\1s22pbgs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
    TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
    uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
    uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
    uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
    mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
    mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
    mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
    mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
    mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
    mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
    mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
    mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [2Wire Wireless Manager] "c:\program files\2wire wireless manager\2Wire.exe" -a
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
    IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
    IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
    IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
    IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\ramon lat\start menu\programs\imvu\Run IMVU.lnk
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
    DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxps://lms.hilton.com/courses/authorwareplayer/awswaxd.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/22.26/uploader2.cab
    DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.my/com/EGamesPlugin.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
    DPF: {5C8ACBF0-FE91-11D4-93DD-0004AC152B66} - hxxp://eis.hilton.com/cis/ReportViewer/ReportViewer.CAB
    DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v8.cab
    DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
    DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {BFBC3059-9C61-5BA1-2075-85C8B6ECFC07} - hxxp://mabinogi.or.tp/etc/mwfre.2.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{ED1BCCC1-7CD1-43D2-9077-9A024C08C5DF} : DhcpNameServer = 192.168.1.254
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\ramon lat\application data\mozilla\firefox\profiles\7uwnnzk6.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
    FF - component: c:\documents and settings\ramon lat\application data\mozilla\firefox\profiles\7uwnnzk6.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\ramon lat\application data\mozilla\firefox\profiles\7uwnnzk6.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}\plugins\npmabiwebframe.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPHoldemFireLauncher.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Mabinogi Avatar Renderer: {077a24e9-0db5-435f-9010-5261c53e5925} - %profile%\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: YouTube mp3: info@youtube-mp3.org - %profile%\extensions\info@youtube-mp3.org
    FF - Ext: AOL Messaging Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2005-1-24 83325]
    R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2011-6-14 2304]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-30 198944]
    R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-12-26 126976]
    R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-12-26 122368]
    S2 0215001222663327mcinstcleanup;McAfee Application Installer Cleanup (0215001222663327);c:\windows\temp\021500~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\021500~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-26 136176]
    S2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2005-1-24 122880]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-26 136176]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-3 39984]
    S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-1-24 245760]
    S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2005-1-24 23296]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?]
    S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]
    S3 XDva280;XDva280;\??\c:\windows\system32\xdva280.sys --> c:\windows\system32\XDva280.sys [?]
    S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]
    S3 XDva310;XDva310;\??\c:\windows\system32\xdva310.sys --> c:\windows\system32\XDva310.sys [?]
    S3 XDva323;XDva323;\??\c:\windows\system32\xdva323.sys --> c:\windows\system32\XDva323.sys [?]
    S3 XDva346;XDva346;\??\c:\windows\system32\xdva346.sys --> c:\windows\system32\XDva346.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-06-21 01:47:02 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-06-21 01:47:02 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-06-15 08:38:58 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-15 08:37:26 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
    2011-06-14 21:20:15 2304 ----a-w- c:\windows\system32\HtsysmNT.sys
    2011-06-14 21:09:33 -------- dc----w- C:\Atlus Online
    2011-06-08 21:17:06 -------- d-----w- c:\documents and settings\ramon lat\local settings\application data\Temp
    2011-05-30 04:36:42 -------- d-----w- c:\documents and settings\all users\application data\Nexon
    2011-05-29 03:26:47 -------- d-----w- c:\documents and settings\ramon lat\application data\go
    2011-05-29 03:26:33 -------- d-----w- c:\documents and settings\all users\application data\Easybits GO
    2011-05-27 00:11:43 -------- d-----w- c:\documents and settings\ramon lat\local settings\application data\Google
    2011-05-27 00:11:17 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras
    2011-05-27 00:09:06 -------- d-----r- c:\program files\Skype
    2011-05-26 23:56:44 -------- d-----w- c:\program files\AIM Toolbar
    2011-05-26 23:56:44 -------- d-----w- c:\documents and settings\all users\application data\AIM Toolbar
    2011-05-26 23:56:11 -------- d-----w- c:\program files\common files\Software Update Utility
    .
    ==================== Find3M ====================
    .
    2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 14:47:19 81920 ----a-w- c:\windows\system32\ieencode.dll
    2011-04-25 14:47:19 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 14:47:19 61952 ----a-w- c:\windows\system32\tdc.ocx
    2011-04-25 12:56:44 369664 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2007-07-23 17:56:20 1207026 -c--a-w- c:\program files\wrar370.exe
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST380011A rev.8.16 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x832F26D0]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x832f89d0]; MOV EAX, [0x832f8a4c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8335A238]
    3 CLASSPNP[0xF8838FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8333C868]
    \Driver\atapi[0x8335BCA0] -> IRP_MJ_CREATE -> 0x832F26D0
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x832F251B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 20:50:17.26 ===============

    ------ATTACH
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-12.02)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/24/2008 4:56:55 PM
    System Uptime: 6/20/2011 8:29:55 PM (0 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0F8403
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 72 GiB total, 20.083 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP46: 3/24/2011 8:33:01 PM - Software Distribution Service 3.0
    RP47: 4/2/2011 3:18:32 PM - System Checkpoint
    RP48: 4/15/2011 6:38:17 PM - System Checkpoint
    RP49: 4/15/2011 10:24:24 PM - Software Distribution Service 3.0
    RP50: 4/25/2011 7:45:58 PM - System Checkpoint
    RP51: 4/27/2011 4:15:32 PM - System Checkpoint
    RP52: 4/28/2011 9:20:07 PM - Software Distribution Service 3.0
    RP53: 5/2/2011 4:21:36 PM - System Checkpoint
    RP54: 5/4/2011 10:21:35 PM - System Checkpoint
    RP55: 5/5/2011 11:16:16 PM - System Checkpoint
    RP56: 5/7/2011 7:31:53 AM - System Checkpoint
    RP57: 5/8/2011 6:54:59 PM - System Checkpoint
    RP58: 5/10/2011 4:11:51 PM - System Checkpoint
    RP59: 5/13/2011 5:54:36 PM - Software Distribution Service 3.0
    RP60: 5/15/2011 9:40:10 PM - System Checkpoint
    RP61: 5/18/2011 6:17:46 AM - System Checkpoint
    RP62: 5/23/2011 4:47:05 PM - System Checkpoint
    RP63: 5/24/2011 5:34:56 PM - System Checkpoint
    RP64: 5/25/2011 6:44:26 PM - System Checkpoint
    RP65: 5/28/2011 12:59:17 PM - System Checkpoint
    RP66: 5/29/2011 1:47:24 PM - System Checkpoint
    RP67: 5/31/2011 4:59:59 PM - System Checkpoint
    RP68: 6/1/2011 11:33:33 PM - System Checkpoint
    RP69: 6/3/2011 5:10:10 PM - System Checkpoint
    RP70: 6/4/2011 6:02:49 PM - System Checkpoint
    RP71: 6/5/2011 6:55:52 PM - System Checkpoint
    RP72: 6/8/2011 1:20:06 AM - System Checkpoint
    RP73: 6/9/2011 12:07:57 PM - System Checkpoint
    RP74: 6/10/2011 1:17:53 PM - System Checkpoint
    RP75: 6/11/2011 2:28:32 PM - System Checkpoint
    RP76: 6/12/2011 3:37:05 PM - System Checkpoint
    RP77: 6/14/2011 2:45:22 AM - System Checkpoint
    RP78: 6/15/2011 3:00:28 AM - Software Distribution Service 3.0
    RP79: 6/16/2011 3:48:08 AM - System Checkpoint
    RP80: 6/17/2011 3:49:18 AM - System Checkpoint
    RP81: 6/18/2011 3:58:15 AM - System Checkpoint
    RP82: 6/19/2011 7:26:39 AM - System Checkpoint
    RP83: 6/20/2011 7:58:24 AM - System Checkpoint
    RP84: 6/20/2011 6:46:09 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    2WIRE Wireless LAN - USB Driver
    2Wire Wireless Manager
    ABBYY FineReader 6.0 Sprint Plus
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3
    Adobe Shockwave Player 11.5
    AIM 7
    AOL Messaging Toolbar
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AT&T Yahoo! Applications
    Audacity 1.2.6
    Audition
    Bonjour
    BroadJump Client Foundation
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Chinese Traditional Fonts Support For Adobe Reader 9
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Driver Reset Tool
    Dell Media Experience
    Dell Photo AIO Printer 962
    Dell Picture Studio v3.0
    Dell Support 5.0.0 (630)
    Dell System Restore
    DivX ;-) Audio Compressor 4.02
    DivX Content Uploader
    DivX Web Player
    Download Updater (AOL LLC)
    EarthLink setup files
    EasyBits GO
    Get High Speed Internet!
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hamachi 1.0.2.3
    HolicUSA
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    iTunes
    Japanese Fonts Support For Adobe Reader 9
    Jasc Paint Shop Photo Album
    Jasc Paint Shop Photo Album 5
    Jasc Paint Shop Pro 8 Dell Edition
    Jasc Paint Shop Pro Studio, Dell Editon
    Java Auto Updater
    Java(TM) 6 Update 20
    Kaspersky Online Scanner
    Mabinogi
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware version 1.51.0.1200
    MapleStory
    McAfee Personal Firewall Plus
    McAfee SecurityCenter
    McAfee SiteAdvisor
    McAfee SpamKiller
    McAfee VirusScan
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Professional
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    Mozilla Firefox (3.6.17)
    MPlugin
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Musicmatch for Windows Media Player
    Musicmatch® Jukebox
    musicshakeENG
    NetZeroInstallers
    Nexon Game Manager
    OpenOffice.org Installer 1.0
    Pando Media Booster
    PandoraSaga version 1.0
    PlayStation(R)Network Downloader
    PowerDVD 5.3
    Print to Fax
    Pure Networks Port Magic
    QuickTime
    RealPlayer Basic
    Registry Patrol v3.0
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2482017)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2497640)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2530548)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype Toolbars
    Skype™ 5.3
    Sonic DLA
    Sonic RecordNow!
    SpywareBlaster 4.1
    System Requirements Lab
    The World
    Uniblue RegistryBooster 2009
    UnInstall_SealOnlineUSA
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    URGE
    Viewpoint Media Player
    WebFldrs XP
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    WordPerfect Office 12
    XML Paper Specification Shared Components Pack 1.0
    Xvid 1.1.3 final uninstall
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/20/2011 7:27:02 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    6/17/2011 5:22:53 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    6/17/2011 5:22:53 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    6/15/2011 9:52:15 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    6/15/2011 9:52:12 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/15/2011 9:51:54 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
    6/15/2011 9:51:54 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    6/15/2011 9:51:54 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service MCVSRte with arguments "/Embedding" in order to run the server: {305F5F49-F5B1-4501-BDDF-712C5E67154A}
    6/15/2011 9:51:54 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
    6/15/2011 9:51:36 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server service to connect.
    6/15/2011 9:51:36 AM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the file specified.
    6/15/2011 9:51:36 AM, error: Service Control Manager [7000] - The McAfee SpamKiller Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/15/2011 9:51:36 AM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. Kayuri

    Kayuri Newcomer, in training Topic Starter

    Oh yay~ a speedy reply! Much appreciated! Here's the log you requested~ :)

    2011/06/20 22:15:25.0859 2108 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
    2011/06/20 22:15:26.0734 2108 ================================================================================
    2011/06/20 22:15:26.0734 2108 SystemInfo:
    2011/06/20 22:15:26.0734 2108
    2011/06/20 22:15:26.0734 2108 OS Version: 5.1.2600 ServicePack: 3.0
    2011/06/20 22:15:26.0734 2108 Product type: Workstation
    2011/06/20 22:15:26.0734 2108 ComputerName: RAMON_LAT
    2011/06/20 22:15:26.0734 2108 UserName: RAMON LAT
    2011/06/20 22:15:26.0734 2108 Windows directory: C:\WINDOWS
    2011/06/20 22:15:26.0734 2108 System windows directory: C:\WINDOWS
    2011/06/20 22:15:26.0734 2108 Processor architecture: Intel x86
    2011/06/20 22:15:26.0734 2108 Number of processors: 2
    2011/06/20 22:15:26.0734 2108 Page size: 0x1000
    2011/06/20 22:15:26.0734 2108 Boot type: Normal boot
    2011/06/20 22:15:26.0734 2108 ================================================================================
    2011/06/20 22:15:30.0812 2108 Initialize success
    2011/06/20 22:15:47.0578 0344 ================================================================================
    2011/06/20 22:15:47.0578 0344 Scan started
    2011/06/20 22:15:47.0578 0344 Mode: Manual;
    2011/06/20 22:15:47.0578 0344 ================================================================================
    2011/06/20 22:15:50.0656 0344 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/06/20 22:15:50.0812 0344 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/06/20 22:15:50.0984 0344 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/06/20 22:15:51.0078 0344 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/06/20 22:15:51.0265 0344 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/06/20 22:15:51.0390 0344 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    2011/06/20 22:15:51.0578 0344 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/06/20 22:15:51.0734 0344 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/06/20 22:15:51.0890 0344 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/06/20 22:15:51.0984 0344 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/06/20 22:15:52.0109 0344 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/06/20 22:15:52.0281 0344 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/06/20 22:15:52.0421 0344 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/06/20 22:15:52.0578 0344 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/06/20 22:15:52.0734 0344 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/06/20 22:15:52.0921 0344 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/06/20 22:15:52.0968 0344 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/06/20 22:15:53.0109 0344 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/06/20 22:15:53.0218 0344 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    2011/06/20 22:15:53.0421 0344 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/06/20 22:15:53.0609 0344 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/06/20 22:15:53.0828 0344 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/06/20 22:15:53.0984 0344 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/06/20 22:15:54.0125 0344 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/06/20 22:15:54.0625 0344 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/06/20 22:15:54.0781 0344 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/06/20 22:15:54.0890 0344 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/06/20 22:15:55.0000 0344 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/06/20 22:15:55.0140 0344 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/06/20 22:15:55.0296 0344 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/06/20 22:15:55.0593 0344 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/06/20 22:15:55.0734 0344 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/06/20 22:15:55.0906 0344 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/06/20 22:15:55.0968 0344 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/06/20 22:15:56.0156 0344 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/06/20 22:15:56.0281 0344 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/06/20 22:15:56.0484 0344 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/06/20 22:15:56.0625 0344 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/06/20 22:15:56.0781 0344 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/06/20 22:15:56.0953 0344 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/06/20 22:15:57.0093 0344 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/06/20 22:15:57.0265 0344 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
    2011/06/20 22:15:57.0359 0344 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
    2011/06/20 22:15:57.0500 0344 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/06/20 22:15:57.0875 0344 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/06/20 22:15:58.0031 0344 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/06/20 22:15:58.0187 0344 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/06/20 22:15:58.0250 0344 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/06/20 22:15:58.0421 0344 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/06/20 22:15:58.0593 0344 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/06/20 22:15:58.0781 0344 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/06/20 22:15:58.0906 0344 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/06/20 22:15:59.0062 0344 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/06/20 22:15:59.0265 0344 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
    2011/06/20 22:15:59.0437 0344 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/06/20 22:15:59.0609 0344 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/06/20 22:15:59.0734 0344 Htsysm (57bd2878b475f530a9cf965c785c74a3) C:\WINDOWS\system32\HtsysmNT.sys
    2011/06/20 22:15:59.0953 0344 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/06/20 22:16:00.0125 0344 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/06/20 22:16:00.0265 0344 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/06/20 22:16:00.0421 0344 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/06/20 22:16:00.0656 0344 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2011/06/20 22:16:00.0921 0344 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/06/20 22:16:01.0093 0344 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/06/20 22:16:01.0265 0344 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
    2011/06/20 22:16:01.0531 0344 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
    2011/06/20 22:16:01.0781 0344 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
    2011/06/20 22:16:01.0937 0344 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/06/20 22:16:02.0109 0344 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/06/20 22:16:02.0265 0344 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/06/20 22:16:02.0375 0344 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/06/20 22:16:02.0609 0344 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/06/20 22:16:02.0765 0344 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/06/20 22:16:02.0859 0344 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/06/20 22:16:03.0046 0344 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/06/20 22:16:03.0218 0344 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/06/20 22:16:03.0312 0344 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/06/20 22:16:03.0453 0344 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/06/20 22:16:03.0625 0344 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/06/20 22:16:03.0843 0344 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2011/06/20 22:16:04.0062 0344 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/06/20 22:16:04.0218 0344 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/06/20 22:16:04.0406 0344 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2011/06/20 22:16:04.0562 0344 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
    2011/06/20 22:16:04.0656 0344 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/06/20 22:16:04.0781 0344 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/06/20 22:16:04.0953 0344 MPFIREWL (8867e5937ecae0782bdba20c8a6ad586) C:\WINDOWS\system32\Drivers\MpFirewall.sys
    2011/06/20 22:16:05.0031 0344 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/06/20 22:16:05.0171 0344 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/06/20 22:16:05.0328 0344 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/06/20 22:16:05.0546 0344 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/06/20 22:16:05.0718 0344 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/06/20 22:16:05.0890 0344 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/06/20 22:16:06.0031 0344 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/06/20 22:16:06.0203 0344 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/06/20 22:16:06.0296 0344 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    2011/06/20 22:16:06.0468 0344 NaiFiltr (102de6d24087fb53ad47ca059a32fb66) C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
    2011/06/20 22:16:06.0625 0344 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/06/20 22:16:06.0781 0344 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/06/20 22:16:06.0890 0344 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/06/20 22:16:07.0062 0344 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/06/20 22:16:07.0234 0344 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/06/20 22:16:07.0328 0344 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/06/20 22:16:07.0515 0344 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/06/20 22:16:07.0718 0344 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/06/20 22:16:07.0968 0344 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/06/20 22:16:08.0171 0344 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/06/20 22:16:08.0343 0344 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/06/20 22:16:08.0593 0344 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/06/20 22:16:08.0703 0344 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/06/20 22:16:08.0843 0344 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/06/20 22:16:09.0000 0344 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/06/20 22:16:09.0109 0344 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/06/20 22:16:09.0250 0344 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/06/20 22:16:09.0359 0344 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/06/20 22:16:09.0500 0344 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/06/20 22:16:09.0609 0344 PCTINDIS5 (351bd8c80b2c411ea5a122fcfed4d7c8) C:\WINDOWS\system32\PCTINDIS5.SYS
    2011/06/20 22:16:10.0015 0344 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/06/20 22:16:10.0140 0344 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/06/20 22:16:10.0312 0344 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/06/20 22:16:10.0515 0344 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/06/20 22:16:10.0656 0344 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/06/20 22:16:10.0765 0344 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/06/20 22:16:10.0921 0344 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/06/20 22:16:11.0031 0344 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/06/20 22:16:11.0171 0344 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/06/20 22:16:11.0296 0344 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/06/20 22:16:11.0453 0344 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/06/20 22:16:11.0562 0344 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/06/20 22:16:11.0734 0344 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/06/20 22:16:11.0812 0344 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/06/20 22:16:11.0968 0344 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/06/20 22:16:12.0140 0344 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/06/20 22:16:12.0312 0344 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/06/20 22:16:12.0531 0344 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/06/20 22:16:12.0687 0344 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/06/20 22:16:12.0875 0344 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/06/20 22:16:13.0031 0344 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/06/20 22:16:13.0234 0344 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
    2011/06/20 22:16:13.0421 0344 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/06/20 22:16:13.0546 0344 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/06/20 22:16:13.0703 0344 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/06/20 22:16:13.0906 0344 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/06/20 22:16:14.0140 0344 smwdm (86c4d93b7b7818d066c52fdb03c6c921) C:\WINDOWS\system32\drivers\smwdm.sys
    2011/06/20 22:16:14.0328 0344 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/06/20 22:16:14.0500 0344 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/06/20 22:16:14.0625 0344 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/06/20 22:16:14.0765 0344 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/06/20 22:16:14.0937 0344 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
    2011/06/20 22:16:15.0062 0344 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
    2011/06/20 22:16:15.0203 0344 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/06/20 22:16:15.0296 0344 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/06/20 22:16:15.0437 0344 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/06/20 22:16:15.0593 0344 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/06/20 22:16:15.0750 0344 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/06/20 22:16:15.0890 0344 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/06/20 22:16:16.0046 0344 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/06/20 22:16:16.0187 0344 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/06/20 22:16:16.0359 0344 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/06/20 22:16:16.0531 0344 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/06/20 22:16:16.0656 0344 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/06/20 22:16:16.0812 0344 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
    2011/06/20 22:16:16.0984 0344 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
    2011/06/20 22:16:17.0062 0344 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
    2011/06/20 22:16:17.0203 0344 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
    2011/06/20 22:16:17.0359 0344 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
    2011/06/20 22:16:17.0593 0344 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
    2011/06/20 22:16:17.0750 0344 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
    2011/06/20 22:16:17.0921 0344 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
    2011/06/20 22:16:18.0078 0344 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
    2011/06/20 22:16:18.0250 0344 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/06/20 22:16:18.0421 0344 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/06/20 22:16:18.0609 0344 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/06/20 22:16:18.0750 0344 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/06/20 22:16:18.0937 0344 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/06/20 22:16:19.0062 0344 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/06/20 22:16:19.0218 0344 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/06/20 22:16:19.0296 0344 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/06/20 22:16:19.0437 0344 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/06/20 22:16:19.0609 0344 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/06/20 22:16:19.0687 0344 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/06/20 22:16:19.0812 0344 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/06/20 22:16:19.0968 0344 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/06/20 22:16:20.0062 0344 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/06/20 22:16:20.0218 0344 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/06/20 22:16:20.0312 0344 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/06/20 22:16:20.0453 0344 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    2011/06/20 22:16:20.0656 0344 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/06/20 22:16:20.0921 0344 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/06/20 22:16:21.0031 0344 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/06/20 22:16:21.0187 0344 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/06/20 22:16:21.0375 0344 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/06/20 22:16:21.0968 0344 ZD1211BU(ZyDAS) (154fe6a5a608cd725266877901e883c2) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
    2011/06/20 22:16:22.0062 0344 MBR (0x1B8) (87f75abb087c82bee3a1fbec42bbabd0) \Device\Harddisk0\DR0
    2011/06/20 22:16:22.0078 0344 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/06/20 22:16:22.0078 0344 ================================================================================
    2011/06/20 22:16:22.0078 0344 Scan finished
    2011/06/20 22:16:22.0078 0344 ================================================================================
    2011/06/20 22:16:22.0109 3600 Detected object count: 1
    2011/06/20 22:16:22.0109 3600 Actual detected object count: 1
    2011/06/20 22:16:44.0484 3600 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/06/20 22:16:44.0484 3600 \Device\Harddisk0\DR0 - ok
    2011/06/20 22:16:44.0484 3600 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
    2011/06/20 22:16:58.0125 1340 Deinitialize success
  4. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Very well :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
  5. Kayuri

    Kayuri Newcomer, in training Topic Starter

    Requested logs ready to go :)

    aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-21 15:33:50
    -----------------------------
    15:33:50.265 OS Version: Windows 5.1.2600 Service Pack 3
    15:33:50.265 Number of processors: 2 586 0x401
    15:33:50.265 ComputerName: RAMON_LAT UserName: RAMON LAT
    15:33:52.375 Initialize success
    15:34:07.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    15:34:07.875 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
    15:34:09.906 Disk 0 MBR read successfully
    15:34:09.906 Disk 0 MBR scan
    15:34:09.906 Disk 0 unknown MBR code
    15:34:11.906 Disk 0 scanning sectors +156232125
    15:34:11.921 Disk 0 scanning C:\WINDOWS\system32\drivers
    15:34:22.125 Service scanning
    15:34:24.234 Disk 0 trace - called modules:
    15:34:24.265 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    15:34:24.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8335c030]
    15:34:24.265 3 CLASSPNP.SYS[f8838fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83346b00]
    15:34:24.281 Scan finished successfully
    15:34:58.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\RAMON LAT\Desktop\MBR.dat"
    15:34:58.859 The log file has been saved successfully to "C:\Documents and Settings\RAMON LAT\Desktop\aswMBR.txt"

    _______


    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2265088 bytes
    0x804D7000 RAW 2265088 bytes
    0x804D7000 WMIxWDM 2265088 bytes
    0xBF800000 Win32k 1859584 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xF7B83000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)
    0xF7A01000 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)
    0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
    0xF781B000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
    0xF796C000 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)
    0xF8586000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xEE57E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xF7795000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xEE765000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xEDBD1000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xBF159000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xEDC51000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xF78F2000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
    0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
    0xF8729000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xEDD82000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xF8559000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xF8684000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
    0xECDCB000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xEE5EE000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xEE703000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xF7946000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
    0xEE72B000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xF78CE000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xF7B4B000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xF7B28000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xEE6B9000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
    0x80700000 ACPI_HAL 134400 bytes
    0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xF8664000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xF86F9000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xF853F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xF86B0000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
    0xEE020000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
    0xEE007000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF86C9000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xEE0C7000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xF86E1000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
    0xF8626000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xF7804000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xEE039000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF863D000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
    0xED696000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xEE751000 C:\WINDOWS\System32\Drivers\MpFirewall.sys 81920 bytes (McAfee Security, McAfee Personal Firewall Plus 5.0)
    0xF7932000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
    0xF7B6F000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xEE7BE000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xF8613000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xF8652000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xF8718000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xF77F3000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xEE6A9000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xF8457000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xF8467000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xF7D41000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xF8487000 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 61440 bytes (Intel Corporation, Modem AFE Driver)
    0xF88C8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xED969000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xF88D8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xF87D8000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
    0xF87A8000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
    0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
    0xF8838000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xF8477000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xF7D31000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xF8798000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xF8818000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
    0xF8808000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
    0xF7D11000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xF8878000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
    0xF88A8000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
    0xF8888000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
    0xF8898000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
    0xED2FE000 C:\DOCUME~1\RAMONL~1\LOCALS~1\Temp\aswMBR.sys 45056 bytes
    0xF8928000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xF7D51000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xF8788000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xF7D21000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xF8868000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
    0xF8978000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
    0xF8778000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xF7CE1000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xF87F8000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
    0xF87C8000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
    0xF8858000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
    0xF7CF1000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xED3D6000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0xF8828000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xF8938000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xF8497000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xED919000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
    0xF7D01000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xF8918000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xF8848000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xF87B8000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
    0xF8988000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF87E8000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
    0xF8908000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xF8B60000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
    0xF8AD0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xF8A28000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
    0xF8A38000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
    0xF8AA8000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xF8B50000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xF8A10000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
    0xF8AE0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xF8A58000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
    0xF89F8000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xEE27A000 C:\WINDOWS\system32\PCTINDIS5.SYS 28672 bytes (PCTEL Inc., PCTEL NDIS 5.0 Protocol Driver)
    0xF8A60000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
    0xF8A30000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
    0xF8AF8000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF8AD8000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
    0xF8A40000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
    0xF8A48000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
    0xF8B78000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xF8B68000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xF8B58000 C:\WINDOWS\system32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)
    0xF8B70000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xF8AB8000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
    0xF8B48000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xF8AC0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xF8A50000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
    0xF8A90000 C:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
    0xF8A20000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
    0xF8A18000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
    0xF8AC8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xF8A00000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xF8A70000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xF8A88000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xF8A08000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
    0xF8B80000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xEE7F9000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xF8B90000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
    0xF8B9C000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
    0xF8BA4000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
    0xF8B8C000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
    0xF8B94000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
    0xF8BA0000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
    0xF8C64000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
    0xF8C2C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xEDFF7000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xF82DA000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xEE0BF000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF84FB000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
    0xF8B98000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
    0xF8B88000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xEE6FF000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xF84F7000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xF8C74000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
    0xF82CE000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xF8517000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xF84FF000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
    0xF8C7C000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
    0xF8CD0000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows (R) 2000 DDK provider, TR Manager)
    0xF8CE8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xF8C86000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
    0xF8C7E000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
    0xF8D22000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xF8CE6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xF8C84000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
    0xF8C78000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xF8CEA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xF8C88000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
    0xF8CEC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xF8CCA000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
    0xF8CCC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xF8CBC000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF8C80000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
    0xF8CDC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xF8C82000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0xF8C7A000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xF8D46000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xF8D45000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xF8D60000 C:\WINDOWS\system32\HtsysmNT.sys 4096 bytes
    0xF8E1A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xF8D40000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0xF8D86000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF8D8C000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
    ==============================================
    >Stealth
    ==============================================
    WARNING: Virus alike driver modification [adpu160m.sys]
    WARNING: Virus alike driver modification [amsint.sys]
    WARNING: Virus alike driver modification [ws2ifsl.sys]
    WARNING: Virus alike driver modification [ftdisk.sys]
    WARNING: Virus alike driver modification [aha154x.sys]
    WARNING: Virus alike driver modification [fltmgr.sys]
    WARNING: Virus alike driver modification [cbidf2k.sys]
    WARNING: Virus alike driver modification [dac960nt.sys]
    WARNING: Virus alike driver modification [asc3550.sys]
    WARNING: Virus alike driver modification [cpqarray.sys]
    WARNING: Virus alike driver modification [ini910u.sys]
    WARNING: Virus alike driver modification [netbt.sys]
    WARNING: Virus alike driver modification [mraid35x.sys]
    WARNING: Virus alike driver modification [rdbss.sys]
    WARNING: Virus alike driver modification [dac2w2k.sys]
    WARNING: Virus alike driver modification [i2omp.sys]
    WARNING: Virus alike driver modification [acpi.sys]
    WARNING: Virus alike driver modification [sparrow.sys]
    WARNING: Virus alike driver modification [dpti2o.sys]
    WARNING: Virus alike driver modification [vga.sys]
    WARNING: Virus alike driver modification [asc3350p.sys]
    WARNING: Virus alike driver modification [mouclass.sys]
    WARNING: Virus alike driver modification [ssrtln.sys]
    WARNING: Virus alike driver modification [abp480n5.sys]
    WARNING: Virus alike driver modification [kbdclass.sys]
    WARNING: Virus alike driver modification [hpn.sys]
    WARNING: Virus alike driver modification [asc.sys]
    WARNING: Virus alike driver modification [perc2.sys]
    WARNING: Virus alike driver modification [sym_hi.sys]
    WARNING: Virus alike driver modification [sym_u3.sys]
    WARNING: Virus alike driver modification [symc8xx.sys]
    WARNING: Virus alike driver modification [ql10wnt.sys]
    WARNING: Virus alike driver modification [netbios.sys]
    WARNING: Virus alike driver modification [tcpip.sys]
    WARNING: Virus alike driver modification [disk.sys]
    WARNING: Virus alike driver modification [intelppm.sys]
    WARNING: Virus alike driver modification [pxhelp20.sys]
    WARNING: Virus alike driver modification [ultra.sys]
    WARNING: Virus alike driver modification [isapnp.sys]
    WARNING: Virus alike driver modification [ql1080.sys]
    WARNING: Virus alike driver modification [ql1240.sys]
    WARNING: Virus alike driver modification [termdd.sys]
    WARNING: Virus alike driver modification [sisagp.sys]
    WARNING: Virus alike driver modification [imapi.sys]
    WARNING: Virus alike driver modification [rdpcdd.sys]
    WARNING: Virus alike driver modification [viaagp.sys]
    WARNING: Virus alike driver modification [agp440.sys]
    WARNING: Virus alike driver modification [alim1541.sys]
    WARNING: Virus alike driver modification [amdagp.sys]
    WARNING: Virus alike driver modification [agpcpq.sys]
    WARNING: Virus alike driver modification [ql12160.sys]
    WARNING: Virus alike driver modification [ql1280.sys]
    WARNING: Virus alike driver modification [toside.sys]
    WARNING: Virus alike driver modification [aliide.sys]
    WARNING: Virus alike driver modification [i8042prt.sys]
    WARNING: Virus alike driver modification [viaide.sys]
    WARNING: Virus alike driver modification [intelide.sys]
    WARNING: Virus alike driver modification [perc2hib.sys]
    WARNING: Virus alike driver modification [aic78u2.sys]
    WARNING: Virus alike driver modification [sscdbhk5.sys]
    WARNING: Virus alike driver modification [aic78xx.sys]
    WARNING: Virus alike driver modification [redbook.sys]
    WARNING: Virus alike driver modification [cdrom.sys]
    WARNING: Virus alike driver modification [serial.sys]
    WARNING: Virus alike driver modification [cmdide.sys]
    WARNING: Virus alike driver modification [pci.sys]
    WARNING: Virus alike driver modification [sr.sys]
    WARNING: Virus alike driver modification [ipsec.sys]
    WARNING: Virus alike driver modification [cd20xrnt.sys]
    WARNING: Virus alike driver modification [MpFirewall.sys]
    WARNING: Virus alike driver modification [drvmcdb.sys]
    WARNING: Virus alike driver modification [rasacd.sys]
    WARNING: Virus alike driver modification [atapi.sys]
  6. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  7. Kayuri

    Kayuri Newcomer, in training Topic Starter

    I didn't have to resort to Scenario #2, so here's the solitary ComboFix log. :)

    ComboFix 11-06-21.05 - RAMON LAT 06/21/2011 17:37:41.7.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.316 [GMT -7:00]
    Running from: c:\documents and settings\RAMON LAT\Desktop\ComboFix.exe
    AV: McAfee VirusScan *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: Personal Firewall Plus *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-22 to 2011-06-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-21 01:47 . 2011-06-21 01:47 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-06-15 08:38 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-15 08:37 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
    2011-06-14 21:20 . 2010-11-04 07:00 2304 ----a-w- c:\windows\system32\HtsysmNT.sys
    2011-06-14 21:09 . 2011-06-14 21:09 -------- dc----w- C:\Atlus Online
    2011-06-08 21:17 . 2011-06-08 21:17 -------- d-----w- c:\documents and settings\RAMON LAT\Local Settings\Application Data\Temp
    2011-05-30 04:36 . 2011-05-30 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon
    2011-05-29 03:26 . 2011-06-19 15:03 -------- d-----w- c:\documents and settings\RAMON LAT\Application Data\go
    2011-05-29 03:26 . 2011-06-19 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Easybits GO
    2011-05-27 00:17 . 2011-06-08 21:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2011-05-27 00:12 . 2011-05-27 00:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2011-05-27 00:11 . 2011-05-27 00:11 -------- d-----w- c:\documents and settings\RAMON LAT\Local Settings\Application Data\Google
    2011-05-27 00:11 . 2011-05-29 03:22 -------- d-----w- c:\documents and settings\RAMON LAT\Application Data\skypePM
    2011-05-27 00:11 . 2011-06-19 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
    2011-05-27 00:10 . 2011-06-19 21:12 -------- d-----w- c:\documents and settings\RAMON LAT\Application Data\Skype
    2011-05-27 00:10 . 2011-05-27 00:12 -------- d-----w- c:\program files\Google
    2011-05-27 00:09 . 2011-05-27 00:09 -------- d-----w- c:\program files\Common Files\Skype
    2011-05-27 00:09 . 2011-05-27 00:09 -------- d-----r- c:\program files\Skype
    2011-05-27 00:08 . 2011-05-27 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2011-05-26 23:56 . 2011-05-26 23:56 -------- d-----w- c:\program files\AIM Toolbar
    2011-05-26 23:56 . 2011-05-26 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM Toolbar
    2011-05-26 23:56 . 2011-05-26 23:56 -------- d-----w- c:\program files\Common Files\Software Update Utility
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-29 16:11 . 2010-07-03 19:04 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 16:11 . 2010-07-03 19:04 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-02 15:31 . 2004-08-04 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19 . 2004-08-12 14:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 14:47 . 2004-08-12 14:09 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 14:47 . 2004-08-12 14:07 61952 ----a-w- c:\windows\system32\tdc.ocx
    2011-04-25 14:47 . 2004-08-12 13:58 81920 ----a-w- c:\windows\system32\ieencode.dll
    2011-04-25 12:56 . 2004-08-12 13:57 369664 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2004-08-12 14:01 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2007-07-23 17:56 . 2007-07-23 17:56 1207026 -c--a-w- c:\program files\wrar370.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
    "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-10-27 2075896]
    "Aim"="c:\program files\AIM\aim.exe" [2010-09-16 4425048]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-27 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
    "VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 139264]
    "MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
    "MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
    "VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 180224]
    "MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2004-06-17 98304]
    "Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
    "BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
    "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "2Wire Wireless Manager"="c:\program files\2Wire Wireless Manager\2Wire.exe" [2007-10-01 61440]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0a\aoltray.exe [2005-8-10 156784]
    ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-3 54776]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^RAMON LAT^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk]
    path=c:\documents and settings\RAMON LAT\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk
    backup=c:\windows\pss\Microsoft Office Shortcut Bar.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2004-07-19 13:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2004-08-13 07:05 122939 -c--a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]
    2004-08-27 19:29 417792 -c--a-w- c:\program files\Dell Photo AIO Printer 962\dlbxmon.exE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-10-12 22:54 57344 -c--a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2005-09-20 17:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    2006-01-17 20:03 53248 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    2006-01-17 20:03 135168 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    2004-08-22 21:31 1327104 -c--a-w- c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
    2004-06-17 07:33 98304 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    2004-08-04 02:18 1083392 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2005-01-25 03:25 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-10-14 21:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\SYSTEM32\\dlbxcoms.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\America Online 9.0a\\waol.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "17398:TCP"= 17398:TCP:pORT_17398
    "58801:TCP"= 58801:TCP:pando Media Booster
    "58801:UDP"= 58801:UDP:pando Media Booster
    "58697:TCP"= 58697:TCP:pando Media Booster
    "58697:UDP"= 58697:UDP:pando Media Booster
    "56415:TCP"= 56415:TCP:pando Media Booster
    "56415:UDP"= 56415:UDP:pando Media Booster
    .
    R2 Htsysm;Htsysm;c:\windows\SYSTEM32\HtsysmNT.sys [6/14/2011 2:20 PM 2304]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/30/2008 3:14 PM 198944]
    S2 0215001222663327mcinstcleanup;McAfee Application Installer Cleanup (0215001222663327);c:\windows\TEMP\021500~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\021500~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2011 5:11 PM 136176]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2011 5:11 PM 136176]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [7/3/2010 12:04 PM 39984]
    S3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [1/24/2005 8:22 PM 23296]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
    S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
    S3 XDva280;XDva280;\??\c:\windows\system32\XDva280.sys --> c:\windows\system32\XDva280.sys [?]
    S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
    S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?]
    S3 XDva323;XDva323;\??\c:\windows\system32\XDva323.sys --> c:\windows\system32\XDva323.sys [?]
    S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - BLACKBOX
    *Deregistered* - aswMBR
    *Deregistered* - BlackBox
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
    .
    2011-06-11 c:\windows\Tasks\dfrg.job
    - c:\windows\system32\dfrg.msc [2004-08-12 13:56]
    .
    2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 00:11]
    .
    2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 00:11]
    .
    2011-06-21 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (RAMON_LAT-RAMON LAT).job
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-01-25 21:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
    uInternet Settings,ProxyOverride = *.local
    IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\RAMON LAT\Start Menu\Programs\IMVU\Run IMVU.lnk
    DPF: {5C8ACBF0-FE91-11D4-93DD-0004AC152B66} - hxxp://eis.hilton.com/cis/ReportViewer/ReportViewer.CAB
    DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
    DPF: {BFBC3059-9C61-5BA1-2075-85C8B6ECFC07} - hxxp://mabinogi.or.tp/etc/mwfre.2.cab
    FF - ProfilePath - c:\documents and settings\RAMON LAT\Application Data\Mozilla\Firefox\Profiles\7uwnnzk6.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Mabinogi Avatar Renderer: {077a24e9-0db5-435f-9010-5261c53e5925} - %profile%\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: YouTube mp3: info@youtube-mp3.org - %profile%\extensions\info@youtube-mp3.org
    FF - Ext: AOL Messaging Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-21 17:51
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3872)
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\progra~1\mcafee.com\vso\McVSSkt.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-06-21 17:58:15
    ComboFix-quarantined-files.txt 2011-06-22 00:58
    ComboFix2.txt 2010-07-03 05:11
    .
    Pre-Run: 21,328,175,104 bytes free
    Post-Run: 23,736,262,656 bytes free
    .
    - - End Of File - - AC19F9917CA822E8B641182D6937C875
  8. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    How is redirection?
    How is computer doing?

    Uninstall Uniblue RegistryBooster 2009.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ====================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  9. Kayuri

    Kayuri Newcomer, in training Topic Starter

    The redirection of searches are no longer occurring, and my computer seems to be running fine. Thanks for the help :)

    Here are your requested logs! They're a bit long, so they'll have to be split up.

    OTL logfile created on: 6/21/2011 6:49:34 PM - Run 1
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\RAMON LAT\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    509.98 Mb Total Physical Memory | 284.86 Mb Available Physical Memory | 55.86% Memory free
    1.22 Gb Paging File | 0.95 Gb Available in Paging File | 78.33% Paging File free
    Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71.53 Gb Total Space | 22.11 Gb Free Space | 30.91% Space Free | Partition Type: NTFS

    Computer Name: RAMON_LAT | User Name: RAMON LAT | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/21 18:47:51 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RAMON LAT\Desktop\OTL.exe
    PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    PRC - [2008/09/08 08:50:32 | 000,198,944 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/02 13:33:50 | 000,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe
    PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2005/10/13 20:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
    PRC - [2005/09/22 19:29:08 | 000,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2005/08/24 17:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
    PRC - [2004/08/26 14:57:02 | 000,450,560 | ---- | M] (Dell) -- C:\WINDOWS\SYSTEM32\dlbxcoms.exe
    PRC - [2004/08/19 11:31:36 | 000,467,001 | ---- | M] (Networks Associates Technology, Inc) -- c:\Program Files\McAfee.com\VSO\McVSEscn.exe
    PRC - [2004/07/01 14:16:20 | 000,237,568 | ---- | M] (Networks Associates Technology, Inc) -- c:\Program Files\McAfee.com\VSO\mcvsftsn.exe
    PRC - [2004/06/17 00:33:02 | 000,098,304 | ---- | M] (Networks Associates Technology, Inc) -- C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
    PRC - [2002/09/10 22:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/21 18:47:51 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RAMON LAT\Desktop\OTL.exe
    MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/09/08 08:50:36 | 000,012,576 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
    MOD - [2004/06/17 00:33:42 | 000,086,016 | ---- | M] (Networks Associates Technology, Inc) -- C:\Program Files\McAfee\SpamKiller\MSKOEPlg.dll
    MOD - [2004/04/28 09:54:12 | 000,106,496 | ---- | M] (Networks Associates Technology, Inc) -- c:\Program Files\McAfee.com\VSO\McVSSkt.Dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - File not found [Auto | Stopped] -- -- (AOL ACS)
    SRV - File not found [Auto | Stopped] -- -- (0215001222663327mcinstcleanup) McAfee Application Installer Cleanup (0215001222663327)
    SRV - [2009/03/16 17:39:00 | 002,800,669 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2008/09/08 08:50:32 | 000,198,944 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2007/08/02 13:33:50 | 000,080,528 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc)
    SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2005/10/13 20:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
    SRV - [2005/08/24 17:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
    SRV - [2005/07/01 20:22:50 | 000,245,760 | ---- | M] (McAfee, Inc) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
    SRV - [2004/08/26 16:57:22 | 000,122,880 | ---- | M] (Networks Associates Technology, Inc) [Auto | Stopped] -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe -- (MCVSRte)
    SRV - [2004/08/26 14:57:02 | 000,450,560 | ---- | M] (Dell) [On_Demand | Running] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)
    SRV - [2004/08/22 14:31:44 | 000,577,536 | ---- | M] (McAfee Corporation) [Auto | Stopped] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
    SRV - [2004/06/17 17:52:08 | 000,906,752 | ---- | M] (Networks Associates Technology. Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2010/11/04 00:00:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\HtsysmNT.sys -- (Htsysm)
    DRV - [2007/11/03 16:04:49 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hamachi.sys -- (hamachi)
    DRV - [2007/10/01 16:20:40 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\PCTINDIS5.sys -- (PCTINDIS5)
    DRV - [2006/08/24 13:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
    DRV - [2005/01/24 20:25:11 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
    DRV - [2004/08/09 11:30:18 | 000,083,325 | ---- | M] (McAfee Security) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFirewall.sys -- (MPFIREWL)
    DRV - [2004/06/15 21:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
    DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
    DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
    DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
    DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2002/03/13 07:50:36 | 000,023,296 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NaiFiltr.sys -- (NaiFiltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-187182159-18414740-2408625527-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKU\S-1-5-21-187182159-18414740-2408625527-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-187182159-18414740-2408625527-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
    IE - HKU\S-1-5-21-187182159-18414740-2408625527-1006\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    IE - HKU\S-1-5-21-187182159-18414740-2408625527-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-187182159-18414740-2408625527-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "eSnips Search"
    FF - prefs.js..browser.search.order.1: "eSnips Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {077a24e9-0db5-435f-9010-5261c53e5925}:2008.1.9
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
    FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.2
    FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6760
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
    FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="


    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2008/11/16 18:11:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/21 17:29:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 17:29:54 | 000,000,000 | ---D | M]

    [2008/08/26 17:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\RAMON LAT\Application Data\Mozilla\Extensions
    [2011/06/21 12:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\RAMON LAT\Application Data\Mozilla\Firefox\Profiles\7uwnnzk6.default\extensions
    [2010/04/06 19:54:32 | 000,000,000 | ---D | M] (Mabinogi Avatar Renderer) -- C:\Documents and Settings\RAMON LAT\Application Data\Mozilla\Firefox\Profiles\7uwnnzk6.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}
    [2010/05/08 19:34:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\RAMON LAT\Application Data\Mozilla\Firefox\Profiles\7uwnnzk6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/07/04 11:14:01 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\RAMON LAT\Application Data\Mozilla\Firefox\Profiles\7uwnnzk6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/05/26 16:57:03 | 000,000,000 | ---D | M] (AOL Messaging Toolbar) -- C:\Documents and Settings\RAMON LAT\Application Data\Mozilla\Firefox\Profiles\7uwnnzk6.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
    [2010/05/22 19:02:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\RAMON LAT\Application Data\Mozilla\Firefox\Profiles\7uwnnzk6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/08/06 11:33:48 | 000,000,000 | ---D | M] (YouTube mp3) -- C:\Documents and Settings\RAMON LAT\Application Data\Mozilla\Firefox\Profiles\7uwnnzk6.default\extensions\info@youtube-mp3.org
    [2011/05/26 16:57:44 | 000,002,342 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Application Data\Mozilla\Firefox\Profiles\7uwnnzk6.default\searchplugins\aol-search.xml
    [2011/06/21 12:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/05/26 17:09:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2010/07/04 10:30:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/07/04 10:30:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2008/11/16 18:11:11 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
    [2004/07/02 15:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll
    [2004/07/02 15:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll
    [2010/07/04 10:30:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2008/08/21 18:17:06 | 000,103,864 | ---- | M] (ASP) -- C:\Program Files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
    [2008/08/21 18:17:08 | 000,120,248 | ---- | M] (MGame) -- C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
    [2010/03/14 17:08:48 | 000,001,927 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\esnips.xml

    Hosts file not found
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
    O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (Networks Associates Technology, Inc)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [2Wire Wireless Manager] C:\Program Files\2Wire Wireless Manager\2Wire.exe (2Wire)
    O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
    O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\IME\IMKR6_1\imekrmig.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
    O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
    O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (Networks Associates Technology, Inc)
    O4 - HKLM..\Run: [Pure Networks Port Magic] C:\Program Files\Pure Networks\Port Magic\PortAOL.exe (Pure Networks, Inc.)
    O4 - HKLM..\Run: [VirusScan Online] c:\Program Files\McAfee.com\VSO\mcvsshld.exe (Networks Associates Technology, Inc)
    O4 - HKLM..\Run: [VSOCheckTask] c:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (Networks Associates Technology, Inc)
    O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-187182159-18414740-2408625527-1006..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
    O4 - HKU\S-1-5-21-187182159-18414740-2408625527-1006..\Run: [Uniblue RegistryBooster 2009] File not found
    O4 - HKU\S-1-5-21-187182159-18414740-2408625527-1006..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
    O4 - HKU\S-1-5-21-187182159-18414740-2408625527-1006..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe (America Online, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-187182159-18414740-2408625527-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-187182159-18414740-2408625527-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-187182159-18414740-2408625527-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-187182159-18414740-2408625527-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/04/26 20:51:09 | 000,000,000 | ---D | M]
    O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/04/26 20:51:09 | 000,000,000 | ---D | M]
    O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/04/26 20:51:09 | 000,000,000 | ---D | M]
    O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-187182159-18414740-2408625527-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab (CKAVWebScan Object)
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
    O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} https://lms.hilton.com/courses/authorwareplayer/awswaxd.cab (Macromedia Authorware Web Player Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/22.26/uploader2.cab (UploadListView Class)
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} https://www.e-games.com.my/com/EGamesPlugin.cab (EGamesPlugin Class)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
    O16 - DPF: {5C8ACBF0-FE91-11D4-93DD-0004AC152B66} http://eis.hilton.com/cis/ReportViewer/ReportViewer.CAB (ReportViewerCtl.ctlReportViewer)
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v8.cab (GameLauncher Control)
    O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab (MabinogiWebAvatarRenderer Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.com/mplugin/mglaunch_USAv1005.cab (MGLaunch_v1004 Class)
    O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} http://www.gogobox.com.tw/neo.fld/GNowStarter.cab (Reg Error: Key error.)
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {BFBC3059-9C61-5BA1-2075-85C8B6ECFC07} http://mabinogi.or.tp/etc/mwfre.2.cab ({BFBC3059-9C61-5BA1-2075-85C8B6ECFC07})
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\RAMON LAT\Desktop\Images & Videos\desktopnew.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\RAMON LAT\Desktop\Images & Videos\desktopnew.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/05/24 16:53:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Hacked With Joy !)
    Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/21 18:47:50 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\RAMON LAT\Desktop\OTL.exe
    [2011/06/21 17:32:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/06/21 17:32:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/06/21 17:32:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/06/21 17:32:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/06/21 17:32:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/06/21 17:28:46 | 004,133,944 | R--- | C] (Swearware) -- C:\Documents and Settings\RAMON LAT\Desktop\ComboFix.exe
    [2011/06/21 15:33:20 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\RAMON LAT\Desktop\aswMBR.exe
    [2011/06/20 20:45:29 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\RAMON LAT\Desktop\dds.scr
    [2011/06/17 23:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RAMON LAT\My Documents\DragonNest
    [2011/06/14 14:20:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Atlus Online
    [2011/06/14 14:09:33 | 000,000,000 | ---D | C] -- C:\Atlus Online
    [2011/06/08 14:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RAMON LAT\Local Settings\Application Data\Temp
    [2011/05/29 21:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nexon
    [2011/05/28 20:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RAMON LAT\Application Data\go
    [2011/05/28 20:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
    [2011/05/26 17:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2011/05/26 17:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2011/05/26 17:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RAMON LAT\Local Settings\Application Data\Google
    [2011/05/26 17:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RAMON LAT\Application Data\skypePM
    [2011/05/26 17:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
    [2011/05/26 17:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RAMON LAT\Application Data\Skype
    [2011/05/26 17:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2011/05/26 17:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
    [2011/05/26 17:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2011/05/26 17:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
    [2011/05/26 17:09:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2011/05/26 17:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
    [2011/05/26 16:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\AIM Toolbar
    [2011/05/26 16:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
    [2011/05/26 16:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
    [2011/05/26 16:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
    [2011/05/25 20:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RAMON LAT\Desktop\Business Documents (Nora)
    [2011/05/25 20:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RAMON LAT\Desktop\Images & Videos
    [2011/05/25 20:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RAMON LAT\Desktop\Music
    [5 C:\Documents and Settings\RAMON LAT\My Documents\*.tmp files -> C:\Documents and Settings\RAMON LAT\My Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/06/21 18:47:51 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RAMON LAT\Desktop\OTL.exe
    [2011/06/21 18:22:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/21 17:28:59 | 004,133,944 | R--- | M] (Swearware) -- C:\Documents and Settings\RAMON LAT\Desktop\ComboFix.exe
    [2011/06/21 17:28:17 | 000,000,763 | ---- | M] () -- C:\WINDOWS\dellstat.ini
    [2011/06/21 15:35:13 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Desktop\RKUnhookerLE.EXE
    [2011/06/21 15:34:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Desktop\MBR.dat
    [2011/06/21 15:33:26 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\RAMON LAT\Desktop\aswMBR.exe
    [2011/06/21 14:22:04 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/21 12:41:45 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (RAMON_LAT-RAMON LAT).job
    [2011/06/21 12:40:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2011/06/21 12:40:46 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/20 22:14:18 | 001,309,375 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Desktop\tdsskiller.zip
    [2011/06/20 20:59:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/06/20 20:45:30 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\RAMON LAT\Desktop\dds.scr
    [2011/06/20 20:39:36 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Desktop\1s22pbgs.exe
    [2011/06/18 22:11:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2011/06/17 23:28:45 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DragonNest.url
    [2011/06/17 22:36:14 | 000,019,687 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Desktop\dnicon.PNG
    [2011/06/17 21:16:26 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/17 16:04:10 | 037,447,794 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Desktop\YAYM Making.avi
    [2011/06/17 14:26:11 | 000,878,886 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Desktop\calc.bmp
    [2011/06/15 03:48:30 | 000,505,756 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2011/06/15 03:48:30 | 000,089,824 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2011/06/15 03:30:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/06/15 01:36:29 | 079,902,080 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Desktop\MS 2011-06-03 Hey!Say!JUMP - OVER (704x396).avi
    [2011/06/14 20:38:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/06/14 14:20:26 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PandoraSaga.lnk
    [2011/06/11 17:25:57 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Desktop\ Mabinogi .lnk
    [2011/06/10 22:45:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2011/06/10 19:32:04 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\dfrg.job
    [2011/05/29 20:59:45 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MapleStory.url
    [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/05/26 17:11:44 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/05/26 16:56:02 | 000,001,402 | -H-- | M] () -- C:\IPH.PH
    [2011/05/26 16:55:34 | 000,068,800 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
    [2011/05/26 16:55:24 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2011/05/26 16:55:23 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
    [5 C:\Documents and Settings\RAMON LAT\My Documents\*.tmp files -> C:\Documents and Settings\RAMON LAT\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/06/21 17:32:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/06/21 17:32:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/06/21 17:32:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/06/21 17:32:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/06/21 17:32:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/06/21 15:35:12 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\RAMON LAT\Desktop\RKUnhookerLE.EXE
    [2011/06/21 15:34:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\RAMON LAT\Desktop\MBR.dat
    [2011/06/20 22:14:09 | 001,309,375 | ---- | C] () -- C:\Documents and Settings\RAMON LAT\Desktop\tdsskiller.zip
    [2011/06/20 20:39:35 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\RAMON LAT\Desktop\1s22pbgs.exe
    [2011/06/20 19:01:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/06/17 23:28:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DragonNest.url
    [2011/06/17 22:36:02 | 000,019,687 | ---- | C] () -- C:\Documents and Settings\RAMON LAT\Desktop\dnicon.PNG
    [2011/06/17 15:59:39 | 037,447,794 | ---- | C] () -- C:\Documents and Settings\RAMON LAT\Desktop\YAYM Making.avi
    [2011/06/17 14:26:08 | 000,878,886 | ---- | C] () -- C:\Documents and Settings\RAMON LAT\Desktop\calc.bmp
    [2011/06/15 01:30:05 | 079,902,080 | ---- | C] () -- C:\Documents and Settings\RAMON LAT\Desktop\MS 2011-06-03 Hey!Say!JUMP - OVER (704x396).avi
    [2011/06/14 14:20:26 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PandoraSaga.lnk
    [2011/06/14 14:20:15 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\HtsysmNT.sys
    [2011/05/29 20:59:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MapleStory.url
    [2011/05/28 20:26:52 | 000,001,849 | ---- | C] () -- C:\Documents and Settings\RAMON LAT\Start Menu\Programs\Play games (EasyBits GO).lnk
    [2011/05/26 17:12:10 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/26 17:12:07 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/26 17:11:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/05/26 17:09:08 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2011/05/25 22:09:42 | 000,001,142 | ---- | C] () -- C:\Documents and Settings\RAMON LAT\Desktop\ Mabinogi .lnk
    [2010/07/18 15:19:19 | 000,070,552 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/04/14 11:41:47 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini
    [2009/03/14 12:49:47 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
    [2009/03/14 12:49:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2009/03/14 12:49:46 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2009/01/18 22:45:49 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
    [2008/11/17 23:52:36 | 000,000,094 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
    [2008/05/10 11:35:18 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2008/04/06 19:00:57 | 000,001,370 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2008/03/06 19:35:34 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\RAMON LAT\Application Data\0047d0a9f6.dat
    [2008/01/06 17:42:58 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/01/06 17:42:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2007/11/27 20:53:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\FxSetDll.INI
    [2007/10/30 19:56:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
    [2007/09/03 12:19:28 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
    [2007/07/23 11:16:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\9DSetup.ini
    [2007/07/23 10:56:13 | 001,207,026 | ---- | C] () -- C:\Program Files\wrar370.exe
    [2007/04/02 18:10:16 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/01/13 17:14:04 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
    [2006/11/24 22:15:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
    [2006/07/10 16:47:15 | 000,679,956 | ---- | C] () -- C:\WINDOWS\System32\celdqffb.dll
    [2006/05/01 21:27:19 | 003,076,141 | ---- | C] () -- C:\WINDOWS\System32\MSOWC.DLL
    [2005/12/08 00:19:22 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\EGamesPlugin.dll
    [2005/12/08 00:19:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\EGameEncrypt.dll
    [2005/12/04 10:26:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\msbb.exe.temp
    [2005/09/11 21:25:33 | 000,095,232 | ---- | C] () -- C:\Documents and Settings\RAMON LAT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2005/08/10 17:56:43 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
    [2005/07/31 15:17:50 | 000,131,024 | ---- | C] () -- C:\WINDOWS\System32\5qihi5nl.dat
    [2005/07/31 15:17:50 | 000,047,880 | ---- | C] () -- C:\WINDOWS\System32\k7pk1h9r.dat
    [2005/07/31 15:17:50 | 000,004,728 | ---- | C] () -- C:\WINDOWS\System32\4k0ngtr1.dat
    [2005/07/31 15:17:50 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\3desel0c.dat
    [2005/07/31 15:17:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\j07qv9e6.dat
    [2005/07/31 15:17:45 | 000,003,514 | ---- | C] () -- C:\WINDOWS\System32\9vuihjuq.ini
    [2005/07/31 15:17:45 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\g6vhm81m.ini
    [2005/02/02 23:44:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
    [2005/02/02 22:42:25 | 000,000,763 | ---- | C] () -- C:\WINDOWS\dellstat.ini
    [2005/02/02 22:41:05 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
    [2005/02/02 22:41:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
    [2005/02/02 22:41:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
    [2005/02/02 22:41:03 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
    [2005/02/02 22:41:03 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
    [2005/02/02 22:41:03 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
    [2005/02/02 22:41:03 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
    [2005/02/02 22:41:03 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
    [2005/02/02 22:41:02 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
    [2005/01/31 23:43:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/01/24 20:27:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/01/24 20:23:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2005/01/24 20:22:57 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\NaiFiltr.sys
    [2005/01/24 20:19:46 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/01/24 20:06:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2005/01/24 20:05:16 | 000,505,756 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2005/01/24 20:05:16 | 000,089,824 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2005/01/24 19:47:50 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2004/09/15 21:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/12 07:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/12 07:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/12 07:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/12 07:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/12 07:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/12 06:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/12 06:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/12 06:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/12 06:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/10 12:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
    [2004/08/10 12:08:08 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/10 12:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/10 12:02:16 | 000,023,444 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
    [2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
    [2004/07/19 15:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
    [2002/09/26 17:32:26 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
    [1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

    ========== LOP Check ==========

    [2009/03/14 12:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2Wire
    [2010/08/02 23:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2011/05/26 16:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
    [2005/02/02 22:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2011/06/19 14:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
    [2011/05/29 21:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
    [2010/02/23 16:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
    [2011/06/14 13:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2009/01/01 01:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/02/08 23:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2006/11/24 22:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
    [2010/06/13 20:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/06/21 18:47:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
    [2008/07/30 17:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2009/09/05 16:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NORA LAT\Application Data\2Wire
    [2009/03/14 12:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RAMON LAT\Application Data\2Wire
    [2010/08/02 23:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RAMON LAT\Application Data\acccore
    [2010/04/26 20:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RAMON LAT\Application Data\ATTToolbar
    [2010/07/14 21:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RAMON LAT\Application Data\GetRightToGo
    [2011/06/19 08:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RAMON LAT\Application Data\go
    [2010/03/14 17:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RAMON LAT\Application Data\Logia
    [2008/06/06 17:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RAMON LAT\Application Data\Nexon
    [2008/09/03 21:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RAMON LAT\Application Data\STOIK
    [2009/01/26 22:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RAMON LAT\Application Data\SystemRequirementsLab
    [2009/05/21 18:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RAMON LAT\Application Data\Uniblue
    [2011/06/10 19:32:04 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\dfrg.job

    ========== Purity Check ==========

    (to be continued)
  10. Kayuri

    Kayuri Newcomer, in training Topic Starter

    OTL.txt continued

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/05/12 19:52:01 | 000,000,741 | ---- | M] () -- C:\892.cin
    [2005/12/06 10:58:02 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
    [2005/12/06 10:58:02 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
    [2008/05/24 16:53:48 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008/05/24 16:49:29 | 000,000,211 | -HS- | M] () -- C:\BOOT.BAK
    [2009/06/11 14:43:10 | 000,000,282 | ---- | M] () -- C:\boot.ini
    [2004/08/12 07:05:03 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/06/21 17:58:18 | 000,018,752 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/01/24 19:52:38 | 000,004,566 | RH-- | M] () -- C:\DELL.SDR
    [2008/05/11 21:24:21 | 000,000,606 | ---- | M] () -- C:\dlbx.log
    [2010/05/31 22:55:29 | 000,006,933 | ---- | M] () -- C:\dlbxscan.log
    [2011/06/21 12:40:46 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
    [2008/05/24 16:43:16 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2011/05/26 16:56:02 | 000,001,402 | -H-- | M] () -- C:\IPH.PH
    [2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/12 07:02:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/04/16 18:17:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/06/21 12:40:43 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
    [2005/12/04 10:00:53 | 000,001,010 | ---- | M] () -- C:\PPCleanDeleteAtReboot.bat
    [2007/10/22 08:35:22 | 000,000,023 | ---- | M] () -- C:\presets.ini
    [2005/02/02 22:47:16 | 000,000,172 | ---- | M] () -- C:\setupfax.log
    [2011/06/21 12:41:57 | 000,001,527 | ---- | M] () -- C:\SMax.log
    [2005/01/24 20:07:30 | 000,001,529 | ---- | M] () -- C:\SMax.log.bak
    [2005/01/24 20:26:08 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2005/08/10 17:52:29 | 000,000,303 | -H-- | M] () -- C:\T4Metrics.log
    [2011/06/20 22:16:58 | 000,051,248 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_20.06.2011_22.15.25_log.txt
    [2006/11/02 21:02:29 | 000,000,110 | ---- | M] () -- C:\update.URL
    [2007/05/18 15:34:55 | 000,019,240 | -HS- | M] () -- C:\vm404.log
    [2006/11/24 22:17:03 | 000,000,146 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2008/05/24 16:53:05 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2004/09/14 10:49:02 | 000,073,728 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\dlbxPP5C.DLL
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
    [2003/01/16 21:37:14 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\lxprint2000.dll
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >
    [2010/04/23 16:13:20 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\Favorites\helpme_att.lnk
    [2004/05/18 11:50:58 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\My Yahoo!.url
    [2004/05/18 11:49:54 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo! Bookmarks.url
    [2004/05/18 17:26:04 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo! Mail.url
    [2004/05/18 17:13:06 | 000,000,207 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Yahoo!

    < %APPDATA%\Microsoft\*.* >
    [2010/04/23 16:43:09 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\RAMON LAT\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2007/07/23 10:56:20 | 001,207,026 | ---- | M] () -- C:\Program Files\wrar370.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/05/24 09:34:08 | 000,524,288 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\default.sav
    [2008/05/24 16:11:16 | 000,499,712 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\security.sav
    [2008/05/24 09:34:08 | 025,690,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\software.sav
    [2008/05/24 09:34:08 | 004,980,736 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/04/16 18:23:56 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI
    [2004/06/23 10:40:18 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\NetZero - First Month Free!.exe

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/04/16 18:37:09 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\RAMON LAT\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/04/16 18:37:09 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/06/20 20:39:36 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Desktop\1s22pbgs.exe
    [2011/06/21 15:33:26 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\RAMON LAT\Desktop\aswMBR.exe
    [2011/06/21 17:28:59 | 004,133,944 | R--- | M] (Swearware) -- C:\Documents and Settings\RAMON LAT\Desktop\ComboFix.exe
    [2011/06/21 18:47:51 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RAMON LAT\Desktop\OTL.exe
    [2011/06/21 15:35:13 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Desktop\RKUnhookerLE.EXE

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\FXSEXT.ECF

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/04/16 18:37:09 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\RAMON LAT\Favorites\Desktop.ini
    [2010/04/23 16:13:20 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\RAMON LAT\Favorites\helpme_att.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/06/21 17:56:50 | 000,589,824 | ---- | M] () -- C:\Documents and Settings\RAMON LAT\Cookies\INDEX.DAT

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\INF\unregmp2.exe
    [2 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\LOGOWIN.GIF
    [2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\LVBACK.GIF
    [2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 00:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\NEWALERT.WAV
    [2004/08/04 00:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\NEWEMAIL.WAV
    [2004/08/04 00:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\ONLINE.WAV
    [2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\TYPE.WAV
    [2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\XPMSGR.CHM

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 500 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C595FF3

    < End of report >
  11. Kayuri

    Kayuri Newcomer, in training Topic Starter

    Extras.txt

    OTL Extras logfile created on: 6/21/2011 6:49:34 PM - Run 1
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\RAMON LAT\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    509.98 Mb Total Physical Memory | 284.86 Mb Available Physical Memory | 55.86% Memory free
    1.22 Gb Paging File | 0.95 Gb Available in Paging File | 78.33% Paging File free
    Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71.53 Gb Total Space | 22.11 Gb Free Space | 30.91% Space Free | Partition Type: NTFS

    Computer Name: RAMON_LAT | User Name: RAMON LAT | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = YBrowser.HTML] -- C:\Program Files\Yahoo!\browser\ybrowser.exe (Yahoo!, Inc.)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-187182159-18414740-2408625527-1006\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    https [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 (Yahoo!, Inc.)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "58697:TCP" = 58697:TCP:*:Enabled:pando Media Booster
    "58697:UDP" = 58697:UDP:*:Enabled:pando Media Booster
    "56415:TCP" = 56415:TCP:*:Enabled:pando Media Booster
    "56415:UDP" = 56415:UDP:*:Enabled:pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "17398:TCP" = 17398:TCP:*:Enabled:pORT_17398
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "58801:TCP" = 58801:TCP:*:Enabled:pando Media Booster
    "58801:UDP" = 58801:UDP:*:Enabled:pando Media Booster
    "58697:TCP" = 58697:TCP:*:Enabled:pando Media Booster
    "58697:UDP" = 58697:UDP:*:Enabled:pando Media Booster
    "56415:TCP" = 56415:TCP:*:Enabled:pando Media Booster
    "56415:UDP" = 56415:UDP:*:Enabled:pando Media Booster

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
    "C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\SYSTEM32\dlbxcoms.exe" = C:\WINDOWS\SYSTEM32\dlbxcoms.exe:*:Disabled:Dell 962 Server -- (Dell)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
    "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
    "C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
    "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
    "C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:AT&T Yahoo! Music Jukebox -- (Yahoo!)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0BD4A941-1E31-4E1E-9FC2-114889FC4B95}_is1" = PandoraSaga version 1.0
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CE11B98-C61C-4692-9E0E-59934761C3BE}" = 2Wire Wireless Manager
    "{3D281B1C-BF39-4893-B32A-EAB3B84BDE34}" = Audition
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
    "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
    "{581CE7EA-A30D-0000-1211-088635773309}" = 2WIRE Wireless LAN - USB Driver
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
    "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
    "{6102D63A-9387-4FC8-98E4-181121F8C0BA}" = MPlugin
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
    "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
    "{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
    "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
    "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
    "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint Plus
    "{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
    "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
    "{E12E647D-864B-4505-BFA7-03EFC1F3364F}" = HolicUSA
    "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EBDDCDA9-DAE7-4F8E-9580-33921AB598C7}" = musicshakeENG
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AIM Toolbar" = AOL Messaging Toolbar
    "AIM_7" = AIM 7
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "Audacity_is1" = Audacity 1.2.6
    "BroadJump Client Foundation" = BroadJump Client Foundation
    "CAL" = Canon Camera Access Library
    "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CSCLIB" = Canon Camera Support Core Library
    "Dell Photo AIO Printer 962" = Dell Photo AIO Printer 962
    "DellSupport" = Dell Support 5.0.0 (630)
    "DIVXAudioCompressor4.02" = DivX ;-) Audio Compressor 4.02
    "EOS Utility" = Canon Utilities EOS Utility
    "Hamachi" = Hamachi 1.0.2.3
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
    "Kaspersky Online Scanner" = Kaspersky Online Scanner
    "Mabinogi" = Mabinogi
    "Macromedia Shockwave Player" = Macromedia Shockwave Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
    "MapleStory" = MapleStory
    "McAfee Personal Firewall Plus" = McAfee Personal Firewall Plus
    "Mcafee SecurityCenter" = McAfee SecurityCenter
    "McAfee SpamKiller" = McAfee SpamKiller
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Port Magic" = Pure Networks Port Magic
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RealPlayer 6.0" = RealPlayer Basic
    "Registry Patrol v3.0" = Registry Patrol v3.0
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "SealOnline Setup" = UnInstall_SealOnlineUSA
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SpywareBlaster_is1" = SpywareBlaster 4.1
    "SystemRequirementsLab" = System Requirements Lab
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VirusScan Online" = McAfee VirusScan
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Xvid_is1" = Xvid 1.1.3 final uninstall
    "Yahoo! Applications" = AT&T Yahoo! Applications
    "Yahoo! Toolbar" = Yahoo! Toolbar
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-187182159-18414740-2408625527-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "AOL Messaging Toolbar" = AOL Messaging Toolbar
    "Game Organizer" = EasyBits GO
    "The World" = The World

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/17/2011 8:24:51 PM | Computer Name = RAMON_LAT | Source = Bonjour Service | ID = 100
    Description = 456: Could not write data to client because of error - aborting connection

    Error - 6/17/2011 8:24:51 PM | Computer Name = RAMON_LAT | Source = Bonjour Service | ID = 100
    Description = 456: DNSServiceQueryRecord RAMON\032LAT’s\032Library._home-sharing._tcp.local.
    (TXT)

    Error - 6/17/2011 8:25:08 PM | Computer Name = RAMON_LAT | Source = Bonjour Service | ID = 100
    Description = 456: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 6/20/2011 9:21:58 PM | Computer Name = RAMON_LAT | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 6/20/2011 9:22:01 PM | Computer Name = RAMON_LAT | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 6/20/2011 9:23:07 PM | Computer Name = RAMON_LAT | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 6/20/2011 9:23:08 PM | Computer Name = RAMON_LAT | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 6/20/2011 9:29:09 PM | Computer Name = RAMON_LAT | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.4127, faulting
    module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

    Error - 6/21/2011 1:15:07 AM | Computer Name = RAMON_LAT | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 6/21/2011 1:15:21 AM | Computer Name = RAMON_LAT | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    [ System Events ]
    Error - 6/21/2011 1:19:08 AM | Computer Name = RAMON_LAT | Source = Service Control Manager | ID = 7000
    Description = The npkcrypt service failed to start due to the following error: %%2

    Error - 6/21/2011 1:20:25 AM | Computer Name = RAMON_LAT | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 6/21/2011 1:20:58 AM | Computer Name = RAMON_LAT | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).

    Error - 6/21/2011 3:41:12 PM | Computer Name = RAMON_LAT | Source = Service Control Manager | ID = 7000
    Description = The AOL Connectivity Service service failed to start due to the following
    error: %%2

    Error - 6/21/2011 3:41:12 PM | Computer Name = RAMON_LAT | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server
    service to connect.

    Error - 6/21/2011 3:41:12 PM | Computer Name = RAMON_LAT | Source = Service Control Manager | ID = 7000
    Description = The McAfee SpamKiller Server service failed to start due to the following
    error: %%1053

    Error - 6/21/2011 3:41:12 PM | Computer Name = RAMON_LAT | Source = Service Control Manager | ID = 7000
    Description = The npkcrypt service failed to start due to the following error: %%2

    Error - 6/21/2011 3:42:17 PM | Computer Name = RAMON_LAT | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 6/21/2011 3:42:20 PM | Computer Name = RAMON_LAT | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).

    Error - 6/21/2011 8:32:18 PM | Computer Name = RAMON_LAT | Source = Service Control Manager | ID = 7031
    Description = The McAfee Personal Firewall Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    5000 milliseconds: Run the configured recovery program.


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Good news :)

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (0215001222663327mcinstcleanup) McAfee Application Installer Cleanup (0215001222663327)
      O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - No CLSID value found.
      O4 - HKU\S-1-5-21-187182159-18414740-2408625527-1006..\Run: [Uniblue RegistryBooster 2009] File not found
      O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
      O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
      O15 - HKU\S-1-5-21-187182159-18414740-2408625527-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} http://www.gogobox.com.tw/neo.fld/GNowStarter.cab (Reg Error: Key error.)
      O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/sof...iveXPlugin.cab (Reg Error: Key error.)
      [5 C:\Documents and Settings\RAMON LAT\My Documents\*.tmp files -> C:\Documents and Settings\RAMON LAT\My Documents\*.tmp -> ]
      [2008/03/06 19:35:34 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\RAMON LAT\Application Data\0047d0a9f6.dat
      [2005/12/04 10:26:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\msbb.exe.temp
      [2005/07/31 15:17:50 | 000,131,024 | ---- | C] () -- C:\WINDOWS\System32\5qihi5nl.dat
      [2005/07/31 15:17:50 | 000,047,880 | ---- | C] () -- C:\WINDOWS\System32\k7pk1h9r.dat
      [2005/07/31 15:17:50 | 000,004,728 | ---- | C] () -- C:\WINDOWS\System32\4k0ngtr1.dat
      [2005/07/31 15:17:50 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\3desel0c.dat
      [2005/07/31 15:17:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\j07qv9e6.dat
      [2005/07/31 15:17:45 | 000,003,514 | ---- | C] () -- C:\WINDOWS\System32\9vuihjuq.ini
      [2005/07/31 15:17:45 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\g6vhm81m.ini
      [2007/02/08 23:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2011/06/21 18:47:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
      [2009/05/21 18:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RAMON LAT\Application Data\Uniblue
      @Alternate Data Stream - 500 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
      @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
      @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C595FF3
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  13. Kayuri

    Kayuri Newcomer, in training Topic Starter

    Hello there~ I followed your instructions (including unchecking "remove found threats"), but at the end of the ESET scan it still said something along the lines that when the computer restarted, the threats would be removed. Is this an okay thing? :/ (I hardly ever turn off my computer btw.)
    Regardless, here are the logs you requested.

    _____OTL
    All processes killed
    ========== OTL ==========
    Error: No service named 0215001222663327mcinstcleanup) McAfee Application Installer Cleanup (0215001222663327 was found to stop!
    Service\Driver key 0215001222663327mcinstcleanup) McAfee Application Installer Cleanup (0215001222663327 not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{339BB23F-A864-48C0-A59F-29EA915965EC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{339BB23F-A864-48C0-A59F-29EA915965EC} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC}\ not found.
    Registry value HKEY_USERS\S-1-5-21-187182159-18414740-2408625527-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Uniblue RegistryBooster 2009 deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
    Registry key HKEY_USERS\S-1-5-21-187182159-18414740-2408625527-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0}
    C:\WINDOWS\Downloaded Program Files\GNowStarter.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0}\ not found.
    Starting removal of ActiveX control {A8F2B9BD-A6A0-486A-9744-18920D898429}
    C:\WINDOWS\Downloaded Program Files\SETUP.INF moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F2B9BD-A6A0-486A-9744-18920D898429}\ not found.
    C:\Documents and Settings\RAMON LAT\My Documents\~WRD0000.tmp deleted successfully.
    C:\Documents and Settings\RAMON LAT\My Documents\~WRD2973.tmp deleted successfully.
    C:\Documents and Settings\RAMON LAT\My Documents\~WRL0250.tmp deleted successfully.
    C:\Documents and Settings\RAMON LAT\My Documents\~WRL0961.tmp deleted successfully.
    C:\Documents and Settings\RAMON LAT\My Documents\~WRL2270.tmp deleted successfully.
    C:\Documents and Settings\RAMON LAT\Application Data\0047d0a9f6.dat moved successfully.
    C:\WINDOWS\msbb.exe.temp moved successfully.
    C:\WINDOWS\SYSTEM32\5qihi5nl.dat moved successfully.
    C:\WINDOWS\SYSTEM32\k7pk1h9r.dat moved successfully.
    C:\WINDOWS\SYSTEM32\4k0ngtr1.dat moved successfully.
    C:\WINDOWS\SYSTEM32\3desel0c.dat moved successfully.
    C:\WINDOWS\SYSTEM32\j07qv9e6.dat moved successfully.
    C:\WINDOWS\SYSTEM32\9vuihjuq.ini moved successfully.
    C:\WINDOWS\SYSTEM32\g6vhm81m.ini moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\~0 folder moved successfully.
    C:\Documents and Settings\RAMON LAT\Application Data\Uniblue\Registry Booster2 folder moved successfully.
    C:\Documents and Settings\RAMON LAT\Application Data\Uniblue folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:2C595FF3 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: All Users

    User: Application Data

    User: APRIL LAT
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 49219 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 4029 bytes

    User: NORA LAT
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 772 bytes

    User: RAMON LAT
    ->Temp folder emptied: 10341835 bytes
    ->Temporary Internet Files folder emptied: 7486257 bytes
    ->Java cache emptied: 77020 bytes
    ->FireFox cache emptied: 117700290 bytes
    ->Flash cache emptied: 99852 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 65536 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 160350 bytes

    Total Files Cleaned = 130.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Application Data

    User: APRIL LAT
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: NORA LAT
    ->Flash cache emptied: 0 bytes

    User: RAMON LAT
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.24.1 log created on 06212011_200155

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    _______SECURITY CHECK


    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee VirusScan
    McAfee Personal Firewall Plus
    McAfee SecurityCenter
    McAfee SpamKiller
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 26
    Out of date Java installed!
    Adobe Flash Player 10.0.22.87
    Adobe Reader 9.3
    Chinese Traditional Fonts Support For Adobe Reader 9
    Japanese Fonts Support For Adobe Reader 9
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.18)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````

    ______ESET SCAN

    C:\I386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application
  14. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  15. Kayuri

    Kayuri Newcomer, in training Topic Starter

    Thanks so much for your help over these past few days! :) My computer is running fine, if not better than before the infection! Here's hopefully the final log you'll need to look over~

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: All Users

    User: Application Data

    User: APRIL LAT
    ->Temp folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NORA LAT
    ->Temp folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: RAMON LAT
    ->Temp folder emptied: 149694 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 92409576 bytes
    ->Flash cache emptied: 11570 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 65984 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 88.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Application Data

    User: APRIL LAT
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: NORA LAT
    ->Flash cache emptied: 0 bytes

    User: RAMON LAT
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.24.1 log created on 06222011_223443

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\sqlite_tzqQpNAgckh2lhN moved successfully.
    C:\WINDOWS\temp\sqlite_zfZf9jsEgXU2ZCt moved successfully.

    Registry entries deleted on Reboot...
  16. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Way to go!! [​IMG]
    Good luck and stay safe :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.