Jump to content

Recommended Posts

Hey all.

My friend recently sent over his netbook because he was having some issues. But this one I'm stumped on. It's the Windows Repair Virus? I don't get the popup anymore but still having issues with seeing files/folders throughout the computer, and random restarts. I've done the safe mode scans with MBAM, AVG, and Spybot. I get errors when I try to update with AVG and Spybot.

Also when trying to compress the ARK and Attach.txt files, when I go to "Send To", it just says "Empty"....no option for Compressed folder.

Hope someone can help me here! Thanks!

Here is the latest MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6263

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

4/3/2011 10:34:27 PM

mbam-log-2011-04-03 (22-34-27).txt

Scan type: Quick scan

Objects scanned: 139917

Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

And the DDS.txt log:

.

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK

Run by debra goodall at 23:09:41.95 on Sun 04/03/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.739 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\debra goodall\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uStart Page = hxxp://www.yahoo.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uSearch Bar =

mSearchAssistant =

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [syncables] c:\program files\syncables\syncables desktop\Syncables.exe

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2011-4-3 32008]

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-8-29 21488]

R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-8-29 15856]

R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [2008-9-25 103792]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-4 243024]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-2 38912]

R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-4-3 26096]

R3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterhp.sys [2009-8-29 5248]

R3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\drivers\qcusbnethp.sys [2009-8-29 115200]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-4 216400]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-4 29584]

S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-4-3 76696]

S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-8-29 25584]

S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2008-12-12 125424]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-20 921952]

S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-4 308136]

S2 BOTService;BOTService;c:\program files\roxio\backontrack\instant restore\BOTService.exe [2009-3-19 203248]

S2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2011-4-3 6393984]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-19 136176]

S2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2009-3-18 345336]

S2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2010-6-21 56352]

S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-8-29 113664]

S3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserhp.sys [2009-8-29 104448]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

.

=============== Created Last 30 ================

.

2011-04-04 02:01:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-04 02:00:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-04 02:00:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-04 01:45:14 71880 ----a-w- c:\windows\system32\PxSecure.dll

2011-04-04 01:45:13 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys

2011-04-04 01:45:13 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys

2011-04-04 01:45:12 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2011-04-04 01:45:12 -------- d-----w- c:\program files\Prevx

2011-04-04 01:45:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI

2011-04-02 12:18:56 523248 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2011-03-18 14:42:58 -------- d-sh--w- C:\found.000

2011-03-14 14:15:38 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2011-03-09 17:59:51 -------- d--h--w- C:\$AVG

.

==================== Find3M ====================

.

2011-02-09 13:53:52 270848 ---ha-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ---ha-w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 ---ha-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ---ha-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ---ha-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ---ha-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 23:11:16.62 ===============

Link to post
Share on other sites

Welcome to the forum.

Sometimes the malware hides all the files on you.

To fix this:

Download and run this file

-------------------

Then.......

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change These Settings:

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:

Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory and look something like this:

TDSSKiller.2.4.17.0_12.02.2011_14.35.56_log.txt

---------------------------------------

The most important things to remember when running ComboFix is download and run it from your desktop and make sure you disable your anti-virus programs before you run it.

Please download and run ComboFix:

A few notes first:

[*]ComboFix is compatible exclusively with XP and W2K (32-bit only) <===> Vista and Windows 7 (32-bit and 64-bit)

[*]ComboFix must be run from an Administrative account.

[*]Vista and W7 users - Right click, choose "Run as Administrator"

[*]It must be downloaded to and run from your desktop.

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". (see below)

[*]ComboFix Guide <---please read!

Download ComboFix from one of these locations: (you may have to use right click > save target as)

[*]Link 1

[*]Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit.

More info HERE<-------

They may interfere with the running of ComboFix.

Note: If you have AVG or CA Internet Security Suite installed, due to recent changes in how these AV's target the tool's internal files, they must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download and run Opswat AppRemover

[*]Double click on ComboFix.exe & follow the prompts.

[*]Note: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

[*] Note: If you have SP3, use the SP2 package.

If Vista or Windows 7, skip the Recovery Console part

[*]ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[*]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

[*]1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

[*]2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

[*]3. Combofix permanently prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun ASAP!.

[*]4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If a reboot doesn't restore your connection, please try this:

Check HERE

For XP systems download and run WinSockFix and Here

Vista users: Check HERE

Windows 7 systems: Download and run this Winsockfix.bat

[*]5.Give ComboFix at least 20-30 minutes to finish if needed.

MrC

Link to post
Share on other sites

Computer seems to be running smoother already. Just 1 thing though. I did the steps all the way up to the ComboFix part. I tried disabling AVG and it still wouldn't work. I also tried to uninstall AVG and I get a Error at the end of the installation saying this:

Local machine: installation failed

Installation:

Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....

Access is denied.

I'm not sure how to get around this issue.

Link to post
Share on other sites

AVG Version: 9.0.894

Here is the TDSSKiller Log:

2011/04/04 16:04:10.0687 0716 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/04 16:04:10.0812 0716 ================================================================================

2011/04/04 16:04:10.0812 0716 SystemInfo:

2011/04/04 16:04:10.0812 0716

2011/04/04 16:04:10.0812 0716 OS Version: 5.1.2600 ServicePack: 3.0

2011/04/04 16:04:10.0812 0716 Product type: Workstation

2011/04/04 16:04:10.0812 0716 ComputerName: YOUR-5A66F93F18

2011/04/04 16:04:10.0828 0716 UserName: debra goodall

2011/04/04 16:04:10.0828 0716 Windows directory: C:\WINDOWS

2011/04/04 16:04:10.0828 0716 System windows directory: C:\WINDOWS

2011/04/04 16:04:10.0828 0716 Processor architecture: Intel x86

2011/04/04 16:04:10.0828 0716 Number of processors: 2

2011/04/04 16:04:10.0828 0716 Page size: 0x1000

2011/04/04 16:04:10.0828 0716 Boot type: Safe boot with network

2011/04/04 16:04:10.0828 0716 ================================================================================

2011/04/04 16:04:11.0156 0716 Initialize success

2011/04/04 16:04:52.0640 1696 ================================================================================

2011/04/04 16:04:52.0640 1696 Scan started

2011/04/04 16:04:52.0640 1696 Mode: Manual;

2011/04/04 16:04:52.0640 1696 ================================================================================

2011/04/04 16:04:55.0031 1696 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/04/04 16:04:55.0093 1696 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/04/04 16:04:55.0140 1696 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/04/04 16:04:55.0218 1696 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/04/04 16:04:55.0265 1696 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/04/04 16:04:55.0343 1696 AESTAud (f0f8212d86ef2bfdd5ad01f6ab7b017c) C:\WINDOWS\system32\drivers\AESTAud.sys

2011/04/04 16:04:55.0421 1696 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/04/04 16:04:55.0484 1696 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/04/04 16:04:55.0562 1696 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/04/04 16:04:55.0625 1696 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/04/04 16:04:55.0671 1696 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/04/04 16:04:55.0734 1696 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/04/04 16:04:55.0843 1696 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/04/04 16:04:55.0890 1696 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/04/04 16:04:55.0953 1696 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/04/04 16:04:56.0000 1696 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/04/04 16:04:56.0093 1696 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/04/04 16:04:56.0140 1696 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/04/04 16:04:56.0187 1696 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/04/04 16:04:56.0265 1696 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/04/04 16:04:56.0390 1696 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/04/04 16:04:56.0437 1696 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/04/04 16:04:56.0562 1696 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/04/04 16:04:56.0640 1696 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/04/04 16:04:56.0781 1696 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys

2011/04/04 16:04:56.0828 1696 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys

2011/04/04 16:04:56.0921 1696 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys

2011/04/04 16:04:57.0046 1696 BCM43XX (10cf810cbc0b7090c436bb15496b3328) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/04/04 16:04:57.0140 1696 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/04/04 16:04:57.0265 1696 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/04/04 16:04:57.0296 1696 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/04/04 16:04:57.0390 1696 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/04/04 16:04:57.0437 1696 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/04/04 16:04:57.0484 1696 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/04/04 16:04:57.0546 1696 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/04/04 16:04:57.0625 1696 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/04/04 16:04:57.0765 1696 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/04/04 16:04:57.0828 1696 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/04/04 16:04:57.0890 1696 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/04/04 16:04:57.0984 1696 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/04/04 16:04:58.0109 1696 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/04/04 16:04:58.0156 1696 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/04/04 16:04:58.0250 1696 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/04/04 16:04:58.0359 1696 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/04/04 16:04:58.0437 1696 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/04/04 16:04:58.0515 1696 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/04/04 16:04:58.0609 1696 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/04/04 16:04:58.0687 1696 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/04/04 16:04:58.0750 1696 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/04/04 16:04:58.0875 1696 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/04/04 16:04:58.0953 1696 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/04/04 16:04:59.0015 1696 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/04/04 16:04:59.0062 1696 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/04/04 16:04:59.0125 1696 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/04/04 16:04:59.0187 1696 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/04/04 16:04:59.0250 1696 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/04/04 16:04:59.0328 1696 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/04/04 16:04:59.0390 1696 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/04/04 16:04:59.0515 1696 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/04/04 16:04:59.0625 1696 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/04/04 16:04:59.0687 1696 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/04/04 16:04:59.0765 1696 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/04/04 16:04:59.0828 1696 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/04/04 16:05:00.0062 1696 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/04/04 16:05:00.0359 1696 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/04/04 16:05:00.0468 1696 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/04/04 16:05:00.0531 1696 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/04/04 16:05:00.0593 1696 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/04/04 16:05:00.0656 1696 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/04/04 16:05:00.0703 1696 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/04/04 16:05:00.0765 1696 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/04/04 16:05:00.0828 1696 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/04/04 16:05:00.0890 1696 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/04/04 16:05:00.0953 1696 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/04/04 16:05:01.0015 1696 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/04/04 16:05:01.0109 1696 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/04/04 16:05:01.0187 1696 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/04/04 16:05:01.0250 1696 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/04/04 16:05:01.0343 1696 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

2011/04/04 16:05:01.0562 1696 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/04/04 16:05:01.0640 1696 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/04/04 16:05:01.0687 1696 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/04/04 16:05:01.0734 1696 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/04/04 16:05:01.0828 1696 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/04/04 16:05:01.0859 1696 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/04/04 16:05:01.0953 1696 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/04/04 16:05:02.0015 1696 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/04/04 16:05:02.0109 1696 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/04/04 16:05:02.0187 1696 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/04/04 16:05:02.0234 1696 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/04/04 16:05:02.0296 1696 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/04/04 16:05:02.0359 1696 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/04/04 16:05:02.0406 1696 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/04/04 16:05:02.0484 1696 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/04/04 16:05:02.0562 1696 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/04/04 16:05:02.0625 1696 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/04/04 16:05:02.0671 1696 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/04/04 16:05:02.0734 1696 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/04/04 16:05:02.0812 1696 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/04/04 16:05:02.0875 1696 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/04/04 16:05:02.0921 1696 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/04/04 16:05:02.0984 1696 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/04/04 16:05:03.0156 1696 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/04/04 16:05:03.0218 1696 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/04/04 16:05:03.0312 1696 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/04/04 16:05:03.0390 1696 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/04/04 16:05:03.0468 1696 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/04/04 16:05:03.0515 1696 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/04/04 16:05:03.0578 1696 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/04/04 16:05:03.0640 1696 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/04/04 16:05:03.0687 1696 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/04/04 16:05:03.0750 1696 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/04/04 16:05:03.0812 1696 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/04/04 16:05:03.0921 1696 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/04/04 16:05:03.0984 1696 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/04/04 16:05:04.0250 1696 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/04/04 16:05:04.0312 1696 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/04/04 16:05:04.0468 1696 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/04/04 16:05:04.0546 1696 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/04/04 16:05:04.0625 1696 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/04/04 16:05:04.0671 1696 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/04/04 16:05:04.0765 1696 pxkbf (f34af5109da718f102adc715c7cae082) C:\WINDOWS\system32\drivers\pxkbf.sys

2011/04/04 16:05:04.0812 1696 pxrts (12c4fddfa174badedfc0b4277cfe5f3b) C:\WINDOWS\system32\drivers\pxrts.sys

2011/04/04 16:05:04.0875 1696 pxscan (91bc70051410e5a7a3f7b8e8b8ecca71) C:\WINDOWS\system32\drivers\pxscan.sys

2011/04/04 16:05:04.0937 1696 QCFilterhp (0cd1962f0577d96a076c499dbf9fee84) C:\WINDOWS\system32\DRIVERS\qcfilterhp.sys

2011/04/04 16:05:05.0000 1696 qcusbnethp (f6f7657639f8a5831e8e8d8cb4480a6c) C:\WINDOWS\system32\DRIVERS\qcusbnethp.sys

2011/04/04 16:05:05.0078 1696 qcusbserhp (b8030aeecdbdf68894810c6910291035) C:\WINDOWS\system32\DRIVERS\qcusbserhp.sys

2011/04/04 16:05:05.0171 1696 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/04/04 16:05:05.0203 1696 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/04/04 16:05:05.0265 1696 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/04/04 16:05:05.0328 1696 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/04/04 16:05:05.0406 1696 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/04/04 16:05:05.0453 1696 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/04/04 16:05:05.0531 1696 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/04/04 16:05:05.0609 1696 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/04/04 16:05:05.0656 1696 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/04/04 16:05:05.0718 1696 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/04/04 16:05:05.0765 1696 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/04/04 16:05:05.0875 1696 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/04/04 16:05:05.0953 1696 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/04/04 16:05:06.0031 1696 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/04/04 16:05:06.0296 1696 SahdIa32 (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\WINDOWS\system32\Drivers\SahdIa32.sys

2011/04/04 16:05:06.0343 1696 SaibIa32 (7a5f65b16249af2bc9d18d815f5d7172) C:\WINDOWS\system32\Drivers\SaibIa32.sys

2011/04/04 16:05:06.0390 1696 SaibVd32 (e333c9515822de586a3ff759a0c9b7bf) C:\WINDOWS\system32\Drivers\SaibVd32.sys

2011/04/04 16:05:06.0531 1696 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/04/04 16:05:06.0593 1696 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/04/04 16:05:06.0687 1696 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/04/04 16:05:06.0796 1696 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/04/04 16:05:06.0953 1696 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/04/04 16:05:07.0015 1696 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/04/04 16:05:07.0109 1696 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS

2011/04/04 16:05:07.0187 1696 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/04/04 16:05:07.0265 1696 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/04/04 16:05:07.0328 1696 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/04/04 16:05:07.0421 1696 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/04/04 16:05:07.0593 1696 STHDA (dc3489f1ef71ad75b34740d0e6979187) C:\WINDOWS\system32\drivers\sthda.sys

2011/04/04 16:05:07.0703 1696 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/04/04 16:05:07.0750 1696 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/04/04 16:05:07.0812 1696 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/04/04 16:05:07.0906 1696 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/04/04 16:05:07.0953 1696 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/04/04 16:05:08.0015 1696 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/04/04 16:05:08.0062 1696 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/04/04 16:05:08.0171 1696 SynTP (8da49473f997d4c5d821f1e358f94f2d) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/04/04 16:05:08.0218 1696 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/04/04 16:05:08.0296 1696 SysCow (806284d876063ce0395c178124e708d3) C:\WINDOWS\system32\drivers\syscow32x.sys

2011/04/04 16:05:08.0421 1696 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/04/04 16:05:08.0468 1696 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/04/04 16:05:08.0515 1696 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/04/04 16:05:08.0593 1696 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/04/04 16:05:08.0671 1696 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/04/04 16:05:08.0781 1696 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/04/04 16:05:08.0843 1696 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/04/04 16:05:08.0906 1696 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/04/04 16:05:09.0015 1696 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/04/04 16:05:09.0093 1696 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/04/04 16:05:09.0171 1696 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/04/04 16:05:09.0265 1696 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/04/04 16:05:09.0328 1696 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/04/04 16:05:09.0375 1696 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/04/04 16:05:09.0437 1696 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/04/04 16:05:09.0515 1696 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/04/04 16:05:09.0578 1696 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/04/04 16:05:09.0640 1696 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/04/04 16:05:09.0750 1696 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/04/04 16:05:09.0828 1696 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/04/04 16:05:09.0953 1696 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/04/04 16:05:10.0125 1696 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/04/04 16:05:10.0250 1696 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/04/04 16:05:10.0359 1696 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/04/04 16:05:10.0437 1696 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/04/04 16:05:10.0500 1696 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/04/04 16:05:10.0625 1696 X4HSEx (13cf1854fecc1b4d7490983b03cdbcd2) C:\Program Files\Free Ride Games\X4HSEx.Sys

2011/04/04 16:05:10.0812 1696 ================================================================================

2011/04/04 16:05:10.0812 1696 Scan finished

2011/04/04 16:05:10.0812 1696 ================================================================================

Link to post
Share on other sites

Ok that worked.

Here is the ComboFix Log:

ComboFix 11-04-04.01 - debra goodall 04/04/2011 19:36:48.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.639 [GMT -4:00]

Running from: c:\documents and settings\debra goodall\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\HP\HPBTWD.exe

c:\windows\system32\kock

c:\windows\system32\kock\debra_goodall@2o7[1].txt

c:\windows\system32\kock\debra_goodall@a1.interclick[1].txt

c:\windows\system32\kock\debra_goodall@abmr[2].txt

c:\windows\system32\kock\debra_goodall@ad.yieldmanager[1].txt

c:\windows\system32\kock\debra_goodall@ad.yieldmanager[2].txt

c:\windows\system32\kock\debra_goodall@ads.undertone[1].txt

c:\windows\system32\kock\debra_goodall@content.yieldmanager[1].txt

c:\windows\system32\kock\debra_goodall@content.yieldmanager[2].txt

c:\windows\system32\kock\debra_goodall@content.yieldmanager[3].txt

c:\windows\system32\kock\debra_goodall@foxinteractivemedia.122.2o7[1].txt

c:\windows\system32\kock\debra_goodall@health.yahoo[1].txt

c:\windows\system32\kock\debra_goodall@interclick[1].txt

c:\windows\system32\kock\debra_goodall@journalregistercompany.122.2o7[1].txt

c:\windows\system32\kock\debra_goodall@liveperson[1].txt

c:\windows\system32\kock\debra_goodall@liveperson[3].txt

c:\windows\system32\kock\debra_goodall@quantserve[1].txt

c:\windows\system32\kock\debra_goodall@quantserve[2].txt

c:\windows\system32\kock\debra_goodall@revsci[2].txt

c:\windows\system32\kock\debra_goodall@ru4[1].txt

c:\windows\system32\kock\debra_goodall@ru4[2].txt

c:\windows\system32\kock\debra_goodall@scorecardresearch[1].txt

c:\windows\system32\kock\debra_goodall@scorecardresearch[2].txt

c:\windows\system32\kock\debra_goodall@search.yahoo[1].txt

c:\windows\system32\kock\debra_goodall@server.iad.liveperson[1].txt

c:\windows\system32\kock\debra_goodall@server.iad.liveperson[2].txt

c:\windows\system32\kock\debra_goodall@sharethis[2].txt

c:\windows\system32\kock\debra_goodall@specificclick[2].txt

c:\windows\system32\kock\debra_goodall@store.yahoo[2].txt

c:\windows\system32\kock\debra_goodall@store.yahoo[3].txt

c:\windows\system32\kock\debra_goodall@tribalfusion[1].txt

c:\windows\system32\kock\debra_goodall@turn[1].txt

c:\windows\system32\kock\debra_goodall@turn[2].txt

c:\windows\system32\kock\debra_goodall@undertone[1].txt

c:\windows\system32\kock\debra_goodall@www.yahoo[1].txt

c:\windows\system32\kock\debra_goodall@www.yahoo[2].txt

c:\windows\system32\kock\debra_goodall@yahoo[1].txt

c:\windows\system32\kock\debra_goodall@yahoo[2].txt

c:\windows\system32\kock\debra_goodall@yahoo[3].txt

c:\windows\system32\UAs

c:\windows\system32\UAs\iexplore.exe_UAs001.dat

c:\windows\system32\UAs\iexplore.exe_UAs002.dat

c:\windows\system32\UAs\iexplore.exe_UAs003.dat

.

.

((((((((((((((((((((((((( Files Created from 2011-03-04 to 2011-04-04 )))))))))))))))))))))))))))))))

.

.

2011-04-04 20:39 . 2011-04-04 20:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-04-04 02:01 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-04 02:00 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-04 02:00 . 2011-04-04 02:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-18 14:42 . 2011-03-18 14:42 -------- d-----w- C:\found.000

2011-03-14 14:15 . 2011-03-14 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files

2011-03-10 13:03 . 2011-03-10 13:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2011-03-09 17:59 . 2011-03-09 17:59 -------- d-----w- C:\$AVG

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-09 13:53 . 2011-02-09 13:53 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2011-02-09 13:53 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58 . 2011-02-02 07:58 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2011-01-27 11:57 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2011-01-21 14:44 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2011-01-07 14:09 290048 ----a-w- c:\windows\system32\atmfd.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-30 136600]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]

"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-02 173360]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2010-05-17 1773568]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]

2010-04-16 15:25 818288 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender]

2010-05-17 00:40 1773568 ----a-w- c:\program files\Free Ride Games\GPlayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

.

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [8/29/2009 8:03 PM 21488]

R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [8/29/2009 8:03 PM 15856]

R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [9/25/2008 1:09 AM 103792]

R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [8/29/2009 8:03 PM 25584]

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [12/12/2008 1:46 AM 125424]

R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [3/19/2009 3:04 PM 203248]

R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [3/18/2009 2:24 PM 345336]

R2 X4HSEx;X4HSEx;c:\program files\Free Ride Games\X4HSEx.sys [6/21/2010 10:52 PM 56352]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/29/2009 7:47 PM 113664]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 5:03 PM 38912]

R3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterhp.sys [8/29/2009 7:48 PM 5248]

R3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\drivers\qcusbnethp.sys [8/29/2009 7:48 PM 115200]

R3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserhp.sys [8/29/2009 7:48 PM 104448]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/19/2010 1:29 PM 136176]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-04-04 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job

- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-03-19 19:05]

.

2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 17:28]

.

2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 17:28]

.

2011-04-04 c:\windows\Tasks\User_Feed_Synchronization-{B1F49AD2-9F9C-4279-A3B5-B260CFC4E382}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe

HKLM-Run-HP BTW Detect Program - c:\program files\HP\HPBTWD.exe

Notify-avgrsstarter - avgrsstx.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-04 19:50

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2011-04-04 19:56:12

ComboFix-quarantined-files.txt 2011-04-04 23:56

.

Pre-Run: 146,100,228,096 bytes free

Post-Run: 146,227,240,960 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 6764649AF2FC4CC08DF5DDC88CAEE6AF

Link to post
Share on other sites

Here is the MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6271

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/4/2011 8:47:29 PM

mbam-log-2011-04-04 (20-47-29).txt

Scan type: Quick scan

Objects scanned: 141100

Time elapsed: 7 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

OK, Good!

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

For some reason the PC is extremely slow now. Bootup time is probably 5x longer. And when I went to enable Microsoft Security Essentials it took 10min for it to process it, then I got a error message saying this: "Couldn't start the Security Essentials. The program's service has stopped. You can start the service manually or restart your computer, which will start the service." I tried restarting 4 times and I get the same response. Any idea's?

Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTListIt.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OTL.Txt Log:

OTL logfile created on: 4/5/2011 2:22:19 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\debra goodall\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 503.00 Mb Available Physical Memory | 50.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 136.09 Gb Free Space | 91.31% Space Free | Partition Type: NTFS

Computer Name: YOUR-5A66F93F18 | User Name: debra goodall | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/05 14:16:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\debra goodall\Desktop\OTL.exe

PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2009/04/02 04:51:00 | 000,288,560 | ---- | M] (syncables, LLC) -- C:\Program Files\syncables\syncables desktop\MigoMapi.exe

PRC - [2009/04/02 04:51:00 | 000,173,360 | ---- | M] (syncables, LLC) -- C:\Program Files\syncables\syncables desktop\Syncables.exe

PRC - [2009/04/02 04:51:00 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe

PRC - [2009/03/30 16:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe

PRC - [2009/03/18 14:24:28 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe

PRC - [2009/02/18 17:41:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/15 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/04/05 14:16:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\debra goodall\Desktop\OTL.exe

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/03/30 16:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)

SRV - [2009/03/18 14:24:28 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - [2011/04/05 14:10:15 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A4A5CD0-DBB3-482D-A8F4-FBE76B77B699}\MpKsl275ae23b.sys -- (MpKsl275ae23b)

DRV - [2011/04/05 00:31:20 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A4A5CD0-DBB3-482D-A8F4-FBE76B77B699}\MpKslfedcc6d9.sys -- (MpKslfedcc6d9)

DRV - [2010/03/10 21:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)

DRV - [2009/08/29 20:01:01 | 001,735,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)

DRV - [2009/03/30 16:47:00 | 001,550,891 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2009/03/19 14:55:06 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2009/03/18 14:17:08 | 000,115,200 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qcusbnethp.sys -- (qcusbnethp)

DRV - [2009/03/18 14:17:08 | 000,104,448 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qcusbserhp.sys -- (qcusbserhp)

DRV - [2009/03/18 14:17:08 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qcfilterhp.sys -- (QCFilterhp)

DRV - [2009/03/02 17:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)

DRV - [2008/09/25 01:09:40 | 000,103,792 | ---- | M] (Sonic Solutions) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\syscow32x.sys -- (SysCow)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3003282150-900429879-3702308482-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\S-1-5-21-3003282150-900429879-3702308482-1006\..\URLSearchHook: - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-3003282150-900429879-3702308482-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2010/06/10 17:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\debra goodall\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2011/04/04 19:50:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll (Microsoft Corp.)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe (syncables, LLC)

O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)

O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3003282150-900429879-3702308482-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3003282150-900429879-3702308482-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-3003282150-900429879-3702308482-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-3003282150-900429879-3702308482-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Tempest.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Tempest.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 14:16:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\debra goodall\Desktop\OTL.exe

[2011/04/04 20:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2011/04/04 20:08:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/04/04 19:33:08 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/04/04 19:24:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/04/03 22:01:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/04/03 22:01:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/04/03 22:00:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/04/03 22:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/04/03 20:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2011/04/03 19:54:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\debra goodall\Recent

[2011/03/18 10:42:58 | 000,000,000 | ---D | C] -- C:\found.000

[2011/03/14 10:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/03/10 09:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/05 14:16:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\debra goodall\Desktop\OTL.exe

[2011/04/05 14:14:13 | 000,442,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/05 14:14:12 | 000,072,014 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/05 14:12:28 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B1F49AD2-9F9C-4279-A3B5-B260CFC4E382}.job

[2011/04/05 14:09:56 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/04/05 14:09:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/05 14:09:34 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys

[2011/04/05 03:40:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/04/04 23:35:07 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/04/04 23:29:41 | 000,231,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/04 20:16:28 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2011/04/04 20:13:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/04/04 19:50:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/04/04 19:33:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/04/03 22:01:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/04/03 21:45:03 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2011/04/03 20:54:39 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~w3EKc7hfuPONZ4r

[2011/04/03 20:54:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~w3EKc7hfuPONZ4

[2011/04/03 20:54:21 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\w3EKc7hfuPONZ4

[2011/03/25 22:42:46 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2011/03/25 22:42:46 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\debra goodall\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/03/21 14:14:35 | 000,011,571 | -HS- | M] () -- C:\Documents and Settings\debra goodall\My Documents\Folder.jpg

[2011/03/21 14:14:35 | 000,003,063 | -HS- | M] () -- C:\Documents and Settings\debra goodall\My Documents\AlbumArtSmall.jpg

[2011/03/17 15:53:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/03/10 09:03:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/03/08 02:39:07 | 000,000,128 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/04 20:19:19 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/04/04 20:16:28 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif

[2011/04/04 20:14:00 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

[2011/04/04 19:33:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/04/04 19:33:11 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/04/04 18:41:56 | 1064,620,032 | -HS- | C] () -- C:\hiberfil.sys

[2011/04/03 22:01:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/04/03 21:45:03 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011/04/03 20:54:39 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~w3EKc7hfuPONZ4r

[2011/04/03 20:54:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~w3EKc7hfuPONZ4

[2011/04/03 20:54:21 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\w3EKc7hfuPONZ4

[2011/03/21 14:14:35 | 000,011,571 | -HS- | C] () -- C:\Documents and Settings\debra goodall\My Documents\Folder.jpg

[2011/03/21 14:14:35 | 000,003,063 | -HS- | C] () -- C:\Documents and Settings\debra goodall\My Documents\AlbumArtSmall.jpg

[2011/02/26 23:55:01 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat

[2010/10/08 00:45:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/07/19 11:37:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\debra goodall\Application Data\wklnhst.dat

[2010/06/21 22:53:14 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat

[2009/08/29 20:11:37 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/08/29 19:46:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2008/06/24 21:48:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/06/24 21:48:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/06/24 21:26:44 | 000,442,568 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/06/24 21:26:44 | 000,072,014 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/06/24 21:16:28 | 000,231,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/06/24 21:12:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/06/24 21:10:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/04/15 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/15 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/15 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/15 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/15 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/15 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/15 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/15 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2002/05/29 01:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2002/05/29 01:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/04/04 19:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2011/03/14 10:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/06/21 22:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games

[2010/05/09 22:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media

[2010/05/06 21:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2009/08/29 19:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM

[2011/02/02 19:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/08/29 20:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2009/08/29 20:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2010/07/02 14:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite

[2010/08/09 19:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

[2010/05/09 22:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra goodall\Application Data\iWin

[2010/03/31 15:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra goodall\Application Data\Smith Micro

[2010/07/19 11:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debra goodall\Application Data\Template

[2011/04/04 23:35:07 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2011/04/05 14:12:28 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B1F49AD2-9F9C-4279-A3B5-B260CFC4E382}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:131C0EE9

< End of report >

Exras.txt Log:

OTL Extras logfile created on: 4/5/2011 2:22:19 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\debra goodall\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 503.00 Mb Available Physical Memory | 50.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 136.09 Gb Free Space | 91.31% Space Free | Partition Type: NTFS

Computer Name: YOUR-5A66F93F18 | User Name: debra goodall | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe" = C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe:*:Disabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0517F875-BBB2-4812-A63E-733B33CEF215}" = Roxio Instant Restore

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{286D2FF4-8AED-4147-B79D-A81874CCA7E4}" = Microsoft Live Search Toolbar

"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}" = Roxio BackOnTrack

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2

"{6FABA483-0BAD-4EFA-9B1C-599CC4F6677D}" = HP User Guides 0139

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D9B4358-0218-499A-A2F8-04FC7DACA43F}" = Qualcomm Gobi Images for HP

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser

"{918F4F34-2544-4519-9479-9239C8DD69DF}" = syncables desktop

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software

"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1

"{AE469025-08BA-4B2A-915D-CC7765132419}" = Default Manager

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6058AF2-2321-4715-9AC4-765486E08C9D}" = VZAccess Manager

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E8C73C10-96C2-4692-A0D5-D4F580FAD692}" = Qualcomm Gobi Driver Package for HP

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AIM_6" = AIM 6

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter

"exent_405650" = Mahjongg Master Egyptian

"exent_605350" = Magic Encyclopedia

"exent_629350" = Virtual Villagers 2: The Lost Children

"exent_676550" = Bistro Stars

"Google Chrome" = Google Chrome

"HDMI" = Intel® Graphics Media Accelerator Driver

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"The Weather Channel Desktop 6" = The Weather Channel Desktop 6

"ViewpointMediaPlayer" = Viewpoint Media Player

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Software Update" = Yahoo! Software Update

"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-3003282150-900429879-3702308482-1006\..\URLSearchHook: - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
    [2011/04/03 20:54:21 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\w3EKc7hfuPONZ4
    [2011/04/03 20:54:39 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~w3EKc7hfuPONZ4r
    [2011/04/03 20:54:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~w3EKc7hfuPONZ4
    :Commands
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Here is the Log:

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\debra goodall\Local Settings\Temp\hsperfdata_debra goodall\716 not found!

C:\Documents and Settings\debra goodall\Local Settings\Temporary Internet Files\Content.IE5\WCZAEXVY\search[1].htm moved successfully.

C:\Documents and Settings\debra goodall\Local Settings\Temporary Internet Files\Content.IE5\7YUJINMO\index[5].php moved successfully.

C:\Documents and Settings\debra goodall\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

It appears OTL had trouble deleting temp files...so please do this:

Download TFC to your desktop, it will clean out all the temp files on your system.

Open the file and close any other windows.

It will close all programs itself when run, make sure to let it run uninterrupted.

Click the Start button to begin the process. The program should not take long to finish its job

Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

After the reboot, let me know how it is.

MrC

Link to post
Share on other sites

Still having some issues. I'll list the ones I notice here:

-Startup is super slow

-Can't see any anything when I click Add/Remove Programs - It's just a blank page even when I wait for it to load, nothing shows up.

-Microsoft Security Essentials is disabled and when I try to enable it, it takes forever and then gives error.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.