Jump to content

Webpage Re-directs and blocked stes with Malwarebytes


Rich50

Recommended Posts

Elsie!!! I need help again. Or anyone who would like to help me.

I am trying to fix my father inlaws computer which is infected with something. This is used for his bussiness and is letting me take it home this weekend to figure it out. It is not letting me run or update Malwarebtye nor is it letting me to the Malwarebtyes forum for help. I will be using my laptop and usb stick to transfer programs and logs.

Malwarebytes is blocking websites online and offline. Slows computer way down. I have run Nortons NIS 2010 and it found nothing. Malwarebyte installed but fails to run. Superantispyware will also install but, will not run. If I type a url in the address bar it gets re-directed. And, if I do a google search and click on a item found, it gets redirected too.

BLOCKED SITES:

IP-BLOCK 213.109.65.68 (Russian Site)

IP-BLOCK 213.109.75.214 (Russian Site)

Thank You

Rich50

Link to post
Share on other sites

Hello Rich50

Welcome to Malwarebytes.

If I bring this system home to work on it should I reset the router there where it resides or mine at home?
It would be his work router since that is the original location.

If it jumps to yours which may or may not be possible then you may need to reset your afterwards as well.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Thank you very much kahdah for hepling me.

Here is my OTL log:

OTL logfile created on: 9/17/2010 9:18:04 PM - Run 1

OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\BC\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 420.00 Mb Available Physical Memory | 41.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.96 Gb Total Space | 134.58 Gb Free Space | 90.35% Space Free | Partition Type: NTFS

Drive D: | 7.85 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 973.17 Mb Total Space | 866.39 Mb Free Space | 89.03% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SHOP

Current User Name: BC

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\BC\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe (ALLDATA\AutoZone)

PRC - C:\AZ Commercial\Transaction Manager\TM.exe (ALLDATA LLC.)

PRC - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

PRC - C:\Program Files\Microsoft SQL Server\MSSQL$ALLDATASC\Data\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)

PRC - C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)

PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)

PRC - C:\WINDOWS\system32\hasplms.exe (Aladdin Knowledge Systems Ltd.)

PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

PRC - C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)

PRC - C:\Program Files\Norton SystemWorks Basic Edition\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

PRC - C:\Program Files\Dell AIO Printer 948\memcard.exe ()

PRC - C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfserv.exe ()

PRC - C:\WINDOWS\system32\dldfcoms.exe ( )

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Dell Network Assistant\ezi_hnm2.exe (SingleClick Systems)

PRC - C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)

PRC - C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)

PRC - C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)

PRC - C:\WINDOWS\system32\PSIService.exe ()

PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

PRC - C:\Documents and Settings\BC\Application Data\U3\0000060435078449\LaunchPad.exe ()

PRC - C:\Program Files\Norton SystemWorks Basic Edition\Norton Utilities\NPROTECT.EXE (Symantec Corporation)

PRC - C:\QUICKENW\QWDLLS.EXE (Intuit)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\BC\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\asOEHook.dll (Symantec Corporation)

MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Motive Communications, Inc.)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)

SRV - (MSSQL$ALLDATASC) SQL Server (ALLDATASC) -- C:\Program Files\Microsoft SQL Server\MSSQL$ALLDATASC\Data\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)

SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (hasplms) -- C:\WINDOWS\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)

SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

SRV - (DellAMBrokerService) -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe ()

SRV - (Speed Disk service) -- C:\Program Files\Norton SystemWorks Basic Edition\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation)

SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (dldfCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe ()

SRV - (dldf_device) -- C:\WINDOWS\System32\dldfcoms.exe ( )

SRV - (hnmsvc) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)

SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()

SRV - (NProtectService) -- C:\Program Files\Norton SystemWorks Basic Edition\Norton Utilities\NPROTECT.EXE (Symantec Corporation)

========== Driver Services (SafeList) ==========

DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found

DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found

DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found

DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100917.003\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100917.003\NAVENG.SYS (Symantec Corporation)

DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100916.001\IDSXpx86.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (ccHP) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys (Symantec Corporation)

DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS (Symantec Corporation)

DRV - (BHDrvx86) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys (Symantec Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS (Symantec Corporation)

DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS (Symantec Corporation)

DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS (Symantec Corporation)

DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS (Symantec Corporation)

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (aksfridge) -- C:\WINDOWS\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)

DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)

DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)

DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)

DRV - (datunidr) -- C:\WINDOWS\system32\drivers\datunidr.sys (Gteko Ltd.)

DRV - (akshhl) -- C:\WINDOWS\system32\drivers\akshhl.sys (Aladdin Knowledge Systems Ltd.)

DRV - (akshasp) -- C:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)

DRV - (aksusb) -- C:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)

DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)

DRV - (NPDriver) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS (Symantec Corporation)

DRV - (PTproct) -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys (Gteko Ltd.)

DRV - (SDdriver) -- C:\WINDOWS\system32\drivers\SdDriver.SYS (Symantec Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (mrtRate) -- C:\WINDOWS\System32\drivers\MrtRate.sys (Marimba, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071210

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071210

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071210

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 08:00:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/27 07:28:45 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)

O4 - HKLM..\Run: [Dell AIO Printer 948 Fax Server] C:\Program Files\Dell AIO Printer 948\fm3032.exe ()

O4 - HKLM..\Run: [dldfmon.exe] C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iSW.exe] C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell AIO Printer 948\memcard.exe ()

O4 - HKLM..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe (Symantec Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [AFW] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)

O4 - HKCU..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Admin Utility.lnk = C:\ALLDATAW\ServiceCenter\Tools\ServiceCenterAutoAdmin.exe (ALLDATA\AutoZone)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\BILLMIND.EXE (Intuit)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE (Intuit)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Transaction Manager.lnk = C:\AZ Commercial\Transaction Manager\TM.exe (ALLDATA LLC.)

O4 - Startup: C:\Documents and Settings\BC\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk ()

O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: motive.com ([pattta.att] https in Trusted sites)

O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.68 213.109.75.214 1.1.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\BC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\BC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/03/24 08:38:38 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/05/11 18:13:39 | 000,000,279 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2002/06/03 00:09:34 | 000,000,090 | ---- | M] () - F:\AUTORUN.INF -- [ FAT ]

O33 - MountPoints2\{0ef98b50-d3ec-11dc-8b2a-001d097c589f}\Shell - "" = AutoRun

O33 - MountPoints2\{0ef98b50-d3ec-11dc-8b2a-001d097c589f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{0ef98b50-d3ec-11dc-8b2a-001d097c589f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

O33 - MountPoints2\{36e00fbe-c100-11df-8e5c-001d097c589f}\Shell - "" = AutoRun

O33 - MountPoints2\{36e00fbe-c100-11df-8e5c-001d097c589f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{36e00fbe-c100-11df-8e5c-001d097c589f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/04/18 18:33:36 | 000,950,272 | R--- | M] ()

O33 - MountPoints2\{36e00fbf-c100-11df-8e5c-001d097c589f}\Shell\AutoRun\command - "" = setupSNK.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/04/18 18:33:36 | 000,950,272 | R--- | M] ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/17 21:12:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BC\Desktop\OTL.exe

[2010/09/16 12:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Geek Squad

[2010/09/15 14:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BC\Application Data\Malwarebytes

[2010/09/15 12:59:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/09/15 12:59:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/09/15 12:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/09/15 12:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/09/15 12:22:35 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\BC\Desktop\ATF-Cleaner.exe

[2010/09/14 12:14:47 | 000,000,000 | R--D | C] -- C:\Program Files\Norton Support

[2007/12/14 14:17:36 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfserv.dll

[2007/12/14 14:17:36 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfusb1.dll

[2007/12/14 14:17:36 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfhcp.dll

[2007/12/14 14:17:36 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfinpa.dll

[2007/12/14 14:17:36 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfiesc.dll

[2007/12/14 14:17:35 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfhbn3.dll

[2007/12/14 14:17:35 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfpmui.dll

[2007/12/14 14:17:35 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldflmpm.dll

[2007/12/14 14:17:35 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfprox.dll

[2007/12/14 14:17:34 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfcomc.dll

[2007/12/14 14:17:34 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldfcomm.dll

[2 C:\Documents and Settings\BC\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\BC\Local Settings\Application Data\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/17 21:17:05 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/09/17 21:13:54 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\BC\Desktop\RKUnhookerLE.EXE

[2010/09/17 21:13:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BC\Desktop\OTL.exe

[2010/09/17 21:05:45 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk

[2010/09/17 21:04:53 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/09/17 21:02:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/09/17 21:02:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/09/17 15:37:57 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\BC\NTUSER.DAT

[2010/09/17 15:37:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\BC\ntuser.ini

[2010/09/17 15:37:17 | 003,776,364 | -H-- | M] () -- C:\Documents and Settings\BC\Local Settings\Application Data\IconCache.db

[2010/09/17 15:37:09 | 000,021,564 | ---- | M] () -- C:\Documents and Settings\BC\Application Data\wklnhst.dat

[2010/09/17 15:37:09 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\BC\Desktop\September 11-17.xlr

[2010/09/17 14:45:54 | 000,000,345 | ---- | M] () -- C:\WINDOWS\dellstat.ini

[2010/09/17 13:21:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2010/09/17 07:39:51 | 000,000,931 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI

[2010/09/15 14:02:44 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/15 14:01:28 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\BC\Desktop\rkill.exe

[2010/09/13 12:36:45 | 000,119,012 | ---- | M] () -- C:\Documents and Settings\All Users\dldf

[2010/09/13 12:00:13 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

[2010/09/13 07:34:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/08/27 08:12:18 | 000,001,133 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MOTOR ALLDATA - AUG10.lnk

[2010/08/23 11:47:01 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\BC\Desktop\September 25 - October 1.xlr

[2010/08/23 11:46:11 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\BC\Desktop\September 18-24.xlr

[2 C:\Documents and Settings\BC\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\BC\Local Settings\Application Data\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/17 21:12:08 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\BC\Desktop\RKUnhookerLE.EXE

[2010/09/17 13:21:44 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2010/09/15 14:01:19 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\BC\Desktop\rkill.exe

[2010/09/15 12:59:23 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/27 08:12:18 | 000,001,133 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MOTOR ALLDATA - AUG10.lnk

[2010/08/23 11:47:01 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\BC\Desktop\September 25 - October 1.xlr

[2010/08/23 11:46:11 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\BC\Desktop\September 18-24.xlr

[2010/08/23 11:45:51 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\BC\Desktop\September 11-17.xlr

[2007/12/17 10:29:23 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\BC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/12/14 15:58:26 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2007/12/14 15:58:26 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\9637E6AD57.sys

[2007/12/14 14:20:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldfvs.dll

[2007/12/14 14:20:28 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldfcoin.dll

[2007/12/14 14:19:54 | 001,377,872 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe

[2007/12/14 14:19:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDFPMON.DLL

[2007/12/14 14:19:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDFFXPU.DLL

[2007/12/14 14:18:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dldfoem.dll

[2007/12/14 14:18:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DLDFPMRC.DLL

[2007/12/14 14:17:36 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\dldfutil.dll

[2007/12/14 14:17:36 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldfinst.dll

[2007/12/14 14:17:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldfgrd.dll

[2007/12/14 14:17:35 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldfinsb.dll

[2007/12/14 14:17:35 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldfins.dll

[2007/12/14 14:17:35 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldfjswr.dll

[2007/12/14 14:17:35 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldfinsr.dll

[2007/12/14 14:17:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldfcub.dll

[2007/12/14 14:17:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldfcu.dll

[2007/12/14 14:17:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldfcur.dll

[2007/12/14 11:12:32 | 000,000,345 | ---- | C] () -- C:\WINDOWS\dellstat.ini

[2007/12/14 11:12:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll

[2007/12/14 11:12:14 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini

[2007/12/13 19:15:38 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys

[2007/12/13 00:03:48 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini

[2007/12/13 00:01:15 | 000,000,931 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2007/12/13 00:01:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini

[2007/12/12 23:53:09 | 000,021,564 | ---- | C] () -- C:\Documents and Settings\BC\Application Data\wklnhst.dat

[2007/12/10 10:50:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/12/10 10:28:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll

[2007/12/10 10:27:30 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2007/05/22 10:17:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dldfcaps.dll

[2007/05/08 14:48:22 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dldfdrs.dll

[2007/04/16 09:47:47 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldfcfg.dll

[2007/03/12 18:17:07 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldfcnv4.dll

[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll

[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll

[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll

========== LOP Check ==========

[2007/12/14 14:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\948 Series

[2009/01/23 13:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T

[2009/01/23 14:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar

[2010/09/16 12:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad

[2008/03/24 08:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies

[2009/04/29 15:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings

[2007/12/10 10:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems

[2007/12/10 10:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2010/09/17 21:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007/12/14 15:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BC\Application Data\948 Series

[2009/01/23 13:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BC\Application Data\AT&T

[2009/01/23 13:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BC\Application Data\ATTToolbar

[2007/12/19 09:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BC\Application Data\MSNInstaller

[2007/12/12 23:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BC\Application Data\Template

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2008/03/24 08:38:38 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT

[2007/12/12 23:51:16 | 000,000,211 | -H-- | M] () -- C:\boot.ini

[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2007/12/10 10:29:36 | 000,006,405 | RH-- | M] () -- C:\dell.sdr

[2007/12/14 15:03:49 | 000,000,000 | ---- | M] () -- C:\faxendPdoc.log

[2007/12/13 19:13:31 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1

[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS

[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS

[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2004/08/04 07:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr

[2010/09/17 21:02:47 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

[2010/09/16 14:13:51 | 000,000,470 | ---- | M] () -- C:\rkill.log

[2010/09/16 13:12:12 | 000,051,920 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_16.09.2010_13.11.35_log.txt

[2010/09/16 13:43:51 | 000,050,754 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_16.09.2010_13.42.14_log.txt

[2010/09/16 14:22:00 | 000,050,292 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_16.09.2010_14.21.42_log.txt

[2008/02/06 16:17:08 | 000,000,162 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2004/08/10 14:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2004/08/10 14:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2004/08/10 14:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010/09/16 13:13:41 | 000,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2003/07/29 10:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL

[2007/05/02 23:38:35 | 000,113,664 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dldfdrpp.dll

[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >

Link to post
Share on other sites

My Extras log:

OTL Extras logfile created on: 9/17/2010 9:18:04 PM - Run 1

OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\BC\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 420.00 Mb Available Physical Memory | 41.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.96 Gb Total Space | 134.58 Gb Free Space | 90.35% Space Free | Partition Type: NTFS

Drive D: | 7.85 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 973.17 Mb Total Space | 866.39 Mb Free Space | 89.03% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SHOP

Current User Name: BC

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol

"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC

"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM

"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\WINDOWS\system32\dldfcoms.exe" = C:\WINDOWS\system32\dldfcoms.exe:*:Enabled:Dell Communications System -- ( )

"C:\Program Files\Dell AIO Printer 948\dldfmon.exe" = C:\Program Files\Dell AIO Printer 948\dldfmon.exe:*:Enabled:Printer Device Monitor -- ()

"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfpswx.exe:*:Enabled:Printer Status Window Interface -- ()

"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldftime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldftime.exe:*:Enabled:Time Executable -- ()

"C:\Program Files\Dell AIO Printer 948\dldfaiox.exe" = C:\Program Files\Dell AIO Printer 948\dldfaiox.exe:*:Enabled:AIOC exe -- ()

"C:\Program Files\Dell AIO Printer 948\DLDFFax.exe" = C:\Program Files\Dell AIO Printer 948\DLDFFax.exe:*:Enabled:Fax Solutions Software -- ()

"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfjswx.exe:*:Enabled:Job Status Window Interface -- ()

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfwbgw.exe:*:Enabled:Dell Web Gateway -- ()

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found

"C:\Program Files\Dell AIO Printer 948\dldfafcn.exe" = C:\Program Files\Dell AIO Printer 948\dldfafcn.exe:*:Enabled: -- ()

"C:\Program Files\Microsoft SQL Server\MSSQL$ALLDATASC\Data\MSSQL.1\MSSQL\Binn\sqlservr.exe" = C:\Program Files\Microsoft SQL Server\MSSQL$ALLDATASC\Data\MSSQL.1\MSSQL\Binn\sqlservr.exe:*:Enabled:Microsoft SQL Server -- (Microsoft Corporation)

"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" = C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:*:Enabled:Microsoft SQL Browser -- (Microsoft Corporation)

"C:\AZ Commercial\Transaction Manager\TM.exe" = C:\AZ Commercial\Transaction Manager\TM.exe:*:Enabled:AZ PartsConnect Transaction Manager -- (ALLDATA LLC.)

"C:\ALLDATAW\ServiceCenter\ServiceCenter.exe" = C:\ALLDATAW\ServiceCenter\ServiceCenter.exe:*:Enabled:ServiceCenter -- (ALLDATA\AutoZone)

"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant

"{0E31CA83-8E2B-4B0D-A84D-F561B6CD482D}" = QBFC 5.0

"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement

"{0FE07808-87DF-45A7-AEF8-97F3A60F4E00}" = FNC 11 Installer

"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ALLDATASC)

"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4

"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{5DF5621C-5071-4F68-B623-69FD2D36DA3C}" = LaserCat

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{707D28BF-E145-4a9b-B97E-94FA586D05F3}" = Norton SystemWorks Basic Edition

"{72470D12-2CCA-4324-AFF9-F1396A2168EA}" = Corel Snapfire muvee autoProducer add-on

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = MOTOR / ALLDATA

"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit

"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.8.0

"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus

"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center

"{9E23C48E-5483-4971-BA50-089F2FABCD66}" = Norton SystemWorks

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{BC3D7E8B-1C54-474B-AADD-3E3988AC307E}" = ServiceCenter

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}" = MSRedist

"{D90AD053-6F8D-4658-9EB8-D57C8BE39092}" = QBFC 7.0

"{E143226A-3D0E-4D26-AFB7-760BCBA0D6B2}" = ALLDATA Manage

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{EE690DCE-5D8D-4E52-9F72-F3ADE168A631}" = QBFC 6.0

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FB55BB78-2BC2-43E9-80FF-517A8D1AE3AD}" = Norton SystemWorks

"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player

"Adobe SVG Viewer" = Adobe SVG Viewer 6.0

"ATT-HSI" = ATT-HSI

"ATT-SST" = AT&T Self Support Tool

"ATTToolbar" = AT&T Toolbar

"DAO 3.5" = DAO 3.5

"Dell AIO Printer 948" = Dell AIO Printer 948

"Dell Photo Printer 720" = Dell Photo Printer 720

"Google Chrome" = Google Chrome

"HDMI" = Intel® Graphics Media Accelerator Driver

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"NIS" = Norton Internet Security

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"Quicken Deluxe 2000" = Quicken Deluxe 2000

"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11

"SymSetup.{707D28BF-E145-4a9b-B97E-94FA586D05F3}" = Norton SystemWorks (Symantec Corporation)

"WIC" = Windows Imaging Component

"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"4c3631d73a4e81f7" = KeyLink - Dayco

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 9/17/2010 11:16:48 AM | Computer Name = SHOP | Source = Application Error | ID = 1000

Description = Faulting application dldfwbgw.exe, version 1.70.0.0, faulting module

dldfuldr.dll, version 1.70.0.0, fault address 0x0001e049.

Error - 9/17/2010 1:21:41 PM | Computer Name = SHOP | Source = Application Error | ID = 1000

Description = Faulting application dldfwbgw.exe, version 1.70.0.0, faulting module

dldfuldr.dll, version 1.70.0.0, fault address 0x0001e049.

Error - 9/17/2010 1:31:23 PM | Computer Name = SHOP | Source = Application Error | ID = 1000

Description = Faulting application dldfwbgw.exe, version 1.70.0.0, faulting module

dldfuldr.dll, version 1.70.0.0, fault address 0x0001e049.

Error - 9/17/2010 1:31:57 PM | Computer Name = SHOP | Source = Application Error | ID = 1000

Description = Faulting application dldfwbgw.exe, version 1.70.0.0, faulting module

dldfuldr.dll, version 1.70.0.0, fault address 0x0001e049.

Error - 9/17/2010 1:32:19 PM | Computer Name = SHOP | Source = Application Error | ID = 1000

Description = Faulting application dldfwbgw.exe, version 1.70.0.0, faulting module

dldfuldr.dll, version 1.70.0.0, fault address 0x0001e049.

Error - 9/17/2010 1:51:12 PM | Computer Name = SHOP | Source = Application Error | ID = 1000

Description = Faulting application dldfwbgw.exe, version 1.70.0.0, faulting module

dldfuldr.dll, version 1.70.0.0, fault address 0x0001e049.

Error - 9/17/2010 1:56:58 PM | Computer Name = SHOP | Source = Application Error | ID = 1000

Description = Faulting application dldfwbgw.exe, version 1.70.0.0, faulting module

dldfuldr.dll, version 1.70.0.0, fault address 0x0001e049.

Error - 9/17/2010 3:32:05 PM | Computer Name = SHOP | Source = Application Error | ID = 1000

Description = Faulting application dldfwbgw.exe, version 1.70.0.0, faulting module

dldfuldr.dll, version 1.70.0.0, fault address 0x0001e049.

Error - 9/17/2010 3:34:43 PM | Computer Name = SHOP | Source = Application Error | ID = 1000

Description = Faulting application dldfwbgw.exe, version 1.70.0.0, faulting module

dldfuldr.dll, version 1.70.0.0, fault address 0x0001e049.

Error - 9/17/2010 9:17:05 PM | Computer Name = SHOP | Source = Google Update | ID = 20

Description =

[ System Events ]

Error - 9/16/2010 1:14:41 PM | Computer Name = SHOP | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring

the volume.

Error - 9/16/2010 1:15:48 PM | Computer Name = SHOP | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

iaStor

Error - 9/16/2010 1:49:20 PM | Computer Name = SHOP | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Fax service to connect.

Error - 9/16/2010 1:49:21 PM | Computer Name = SHOP | Source = Service Control Manager | ID = 7000

Description = The Fax service failed to start due to the following error: %%1053

Error - 9/16/2010 2:34:09 PM | Computer Name = SHOP | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the Browser service.

Error - 9/16/2010 2:40:33 PM | Computer Name = SHOP | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/16/2010 2:41:05 PM | Computer Name = SHOP | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/16/2010 2:47:31 PM | Computer Name = SHOP | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1460

Error - 9/17/2010 7:36:59 AM | Computer Name = SHOP | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000243'

while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped

monitoring the volume.

Error - 9/17/2010 7:42:07 AM | Computer Name = SHOP | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1460

< End of report >

Link to post
Share on other sites

And, Here is my RKunhooker report log:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 2)

Number of processors #2

==============================================

>Drivers

==============================================

0xF6442000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5763072 bytes (Intel Corporation, Intel Graphics Miniport Driver)

0xA9E9E000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4550656 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0xBF1F2000 C:\WINDOWS\System32\igxpdx32.DLL 2732032 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2146304 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2146304 bytes

0x804D7000 RAW 2146304 bytes

0x804D7000 WMIxWDM 2146304 bytes

0xBF800000 Win32k 1851392 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1720320 bytes (Intel Corporation, Component GHAL Driver)

0xA9C8D000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100917.003\NAVEX15.SYS 1359872 bytes (Symantec Corporation, AV Engine)

0xF73B5000 iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0xA9179000 C:\WINDOWS\system32\drivers\hardlock.sys 589824 bytes (Aladdin Knowledge Systems Ltd., Hardlock Device Driver for Windows NT)

0xF7290000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xA9889000 C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)

0xA997F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xA9921000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)

0xA92F9000 C:\WINDOWS\system32\DRIVERS\aksfridge.sys 368640 bytes (Aladdin Knowledge Systems Ltd., Ancillary Function Driver)

0xF6300000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)

0xA9B29000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xA900F000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xA9A8B000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100916.001\IDSxpx86.sys 348160 bytes (Symantec Corporation, IDS Core Driver)

0xA9DD9000 C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS 339968 bytes (Symantec Corporation, Symantec AutoProtect)

0xF7334000 SYMEFA.SYS 323584 bytes

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xA9847000 C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)

0xF63ED000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 266240 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)

0xA8479000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xA9AF5000 C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)

0xF74C4000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xF7263000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xA937B000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xA7D9A000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xA9A16000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)

0xA9A63000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF63A4000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 155648 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0)

0xA9C68000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)

0xA9156000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xF6381000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF63CA000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xA9A41000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0xA9E7C000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xA7F58000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)

0x806E3000 ACPI_HAL 134272 bytes

0x806E3000 C:\WINDOWS\system32\hal.dll 134272 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF7395000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7494000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xA9904000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)

0xF7248000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF747C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xA982F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF731D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF636A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xA9AE0000 C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)

0xA8942000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xA9C54000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100917.003\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)

0xF642E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xA9B81000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)

0xF7383000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF74B3000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF6359000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF76D3000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF7853000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF77B3000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xA89D7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF7843000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF77A3000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF7633000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF77C3000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF7613000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xA96A7000 C:\WINDOWS\system32\drivers\Haspnt.sys 49152 bytes (Aladdin Knowledge Systems, HASP Kernel Device Driver for Windows NT)

0xF77E3000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF7603000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF77D3000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF7823000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF7863000 C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)

0xF7803000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF7623000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF76B3000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xA8C2F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF7793000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xF75F3000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF77F3000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF7683000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xA8D4F000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xA90AE000 C:\WINDOWS\system32\Drivers\NPDRIVER.SYS 36864 bytes (Symantec Corporation, Norton Protection Driver)

0xF7673000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF78DB000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF79E3000 C:\WINDOWS\system32\DRIVERS\SymIM.sys 32768 bytes (Symantec Corporation, NDIS Intermediate Driver)

0xF78E3000 C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS 32768 bytes (Symantec Corporation, NDIS Filter Driver)

0xF79B3000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF78C3000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF7873000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF78EB000 C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS 28672 bytes (Symantec Corporation, IDS Filter Driver)

0xF79AB000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF78FB000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xF79D3000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF79DB000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF78CB000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF78D3000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF787B000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF79C3000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF79CB000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF79BB000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF79A3000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF7913000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xA8A47000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xA9807000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)

0xA9142000 C:\WINDOWS\System32\Drivers\mrtRate.SYS 16384 bytes (Marimba, Inc., Rate Sensing Driver)

0xF7ACF000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xA96F3000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xA96FB000 C:\WINDOWS\system32\DRIVERS\packet.sys 16384 bytes (SingleClick Systems, SCS NDIS 5.0 Auto IP Protocol Driver)

0xF7A03000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xA9E5C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xA8B03000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xA9703000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF7ABF000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF7A93000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7B2F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7B63000 C:\WINDOWS\system32\DRIVERS\datunidr.sys 8192 bytes (Gteko Ltd., GUniDriver)

0xF7B37000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF7B2D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7B1F000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)

0xF7AF3000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7B31000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7B07000 C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys 8192 bytes (Gteko Ltd., Process Trigger Driver)

0xF7B33000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7B15000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7B1B000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7AF5000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7CAF000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7CF9000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7C82000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7BBB000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

==============================================

>Files

==============================================

!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\91CA9432.TMP

!-->[Hidden] C:\RECYCLER\NPROTECT\00005380.DAT

!-->[Hidden] C:\RECYCLER\NPROTECT\00005382.DAT

!-->[Hidden] C:\RECYCLER\NPROTECT\00005385.DAT

!-->[Hidden] C:\RECYCLER\NPROTECT\00005386.DAT

!-->[Hidden] C:\RECYCLER\NPROTECT\00005389.DAT

!-->[Hidden] C:\RECYCLER\NPROTECT\00005391.DAT

!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP702\A0100754.rbf

!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP702\A0100755.rbf

!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP702\A0100756.rbf

!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP702\A0100757.rbf

!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP702\A0100758.rbf

!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP702\A0100759.rbf

==============================================

>Hooks

==============================================

IDT-->Int 06h-->Invalid Opcode, Type: IDT modification[A96AA16D] [Haspnt.sys]

IDT-->Int 0Eh-->Page Fault, Type: IDT modification[A96A9FC2] [Haspnt.sys]

ntkrnlpa.exe+0x0002D4D8, Type: Inline - RelativeJump 0x805044D8-->8050452C [ntkrnlpa.exe]

ntkrnlpa.exe+0x0002D610, Type: Inline - RelativeJump 0x80504610-->80504664 [ntkrnlpa.exe]

ntkrnlpa.exe+0x0002D634, Type: Inline - PushRet 0x80504634-->C45A8644 [unknown_code_page]

ntkrnlpa.exe+0x0002D658, Type: Inline - RelativeJump 0x80504658-->8050462D [ntkrnlpa.exe]

ntkrnlpa.exe+0x0002D810, Type: Inline - RelativeJump 0x80504810-->805047DE [ntkrnlpa.exe]

ntkrnlpa.exe+0x0006EA7E, Type: Inline - RelativeJump 0x80545A7E-->80545A85 [ntkrnlpa.exe]

[192]hasplms.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x00B4B158-->00000000 [unknown_code_page]

[192]hasplms.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x00B4B148-->00000000 [unknown_code_page]

[192]hasplms.exe-->user32.dll-->RegisterDeviceNotificationA, Type: IAT modification 0x00B4B160-->00000000 [unknown_code_page]

Link to post
Share on other sites

This computer is not hook up to the internet at the moment becuase I have it on the kitchen counter. I can try is needed, to hook up via ethernet or I purchased a usb wireless adaptor to try it online when cleanes.

I want to try not to mess anything up so my fatherinlaw cand just hook up an be back up.

Let me know what you think?

- Rich50

Link to post
Share on other sites

The reason you are redirected is because the dns points to a russian ip address.

It is more than likely in the router itself the only way to test it is to bypass the router and plug directly in to the modem.

I need to determine whether it is a router infection or not.

I need you to test that before we have to reset it.

Link to post
Share on other sites

Finally got the direst cable modem going. No redirects either. I will have to take back to his place to reset the router. Its about a 3-0 min drive time, will you be around awhile?

Also Malwarebytes dis open and let me update it but, the blue bar at the top has the numbers 1468875 in it instead of Malwarebytes? I did not run Malewarebytes, just opened and updated it.

- Rich50

Link to post
Share on other sites

======Cleanup======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free 9.0

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.