127 replies to this topic

[ems88]

I got the same message on the blue screen that I wrote about in my original post: A problem has been detected and windows has been shut down to prevent damage to your computer IRQL_NOT_LESS_OR_EQUAL If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps: Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any window updates your might need. If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select Advanced Startup options, and then select safe mode. Technical information STOP: 0x0000000A (0x000000490, 0x00000002, 0x00000001, 0x806E484A) Beginning dump of physical memory. Physical memory dump complete. Contact your system administrator or technical support group for further assistance.

[ken545]

Lets try running it in Safemode


To Enter Safemode

• Go to Start> Shut off your Computer> Restart
• As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
  this will bring up a menu.
• Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
• Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode


If you still can't get it to run than run TDSSKiller

• Download TDSSKiller and save it to your Desktop.

Extract the file and run it.

Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
Please post the content of that log TDSSKiller

[ems88]

21:31:45:468 3656 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00 21:31:45:468 3656 ================================================================================ 21:31:45:468 3656 SystemInfo: 21:31:45:468 3656 OS Version: 5.1.2600 ServicePack: 2.0 21:31:45:468 3656 Product type: Workstation 21:31:45:468 3656 ComputerName: TURTLE 21:31:45:468 3656 UserName: Elaine Sang 21:31:45:468 3656 Windows directory: C:\WINDOWS 21:31:45:468 3656 Processor architecture: Intel x86 21:31:45:468 3656 Number of processors: 2 21:31:45:468 3656 Page size: 0x1000 21:31:45:468 3656 Boot type: Normal boot 21:31:45:468 3656 ================================================================================ 21:31:45:796 3656 UnloadDriverW: NtUnloadDriver error 2 21:31:45:796 3656 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 21:31:45:953 3656 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 21:31:46:281 3656 UtilityInit: KLMD drop and load success 21:31:46:281 3656 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010) 21:31:46:281 3656 UtilityInit: KLMD open success 21:31:46:281 3656 UtilityInit: Initialize success 21:31:46:281 3656 21:31:46:281 3656 Scanning Services ... 21:31:46:281 3656 CreateRegParser: Registry parser init started 21:31:46:281 3656 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127 21:31:46:281 3656 CreateRegParser: DisableWow64Redirection error 21:31:46:281 3656 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 21:31:46:281 3656 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043 21:31:46:281 3656 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 21:31:46:281 3656 wfopen_ex: Trying to KLMD file open 21:31:46:281 3656 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system 21:31:46:296 3656 wfopen_ex: File opened ok (Flags 2) 21:31:46:296 3656 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: AD48D0 21:31:46:296 3656 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 21:31:46:296 3656 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043 21:31:46:296 3656 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 21:31:46:296 3656 wfopen_ex: Trying to KLMD file open 21:31:46:296 3656 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software 21:31:46:296 3656 wfopen_ex: File opened ok (Flags 2) 21:31:46:296 3656 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: AD4978 21:31:46:296 3656 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127 21:31:46:296 3656 CreateRegParser: EnableWow64Redirection error 21:31:46:296 3656 CreateRegParser: RegParser init completed 21:31:50:375 3656 GetAdvancedServicesInfo: Raw services enum returned 348 services 21:31:50:390 3656 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 21:31:50:390 3656 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 21:31:50:390 3656 21:31:50:390 3656 Scanning Kernel memory ... 21:31:50:390 3656 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 21:31:50:390 3656 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 89DF8A08 21:31:50:390 3656 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects 21:31:50:390 3656 21:31:50:390 3656 DetectCureTDL3: DEVICE_OBJECT: 89DC3C68 21:31:50:390 3656 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DC3C68 21:31:50:390 3656 KLMD_ReadMem: Trying to ReadMemory 0x89DC3C68[0x38] 21:31:50:390 3656 DetectCureTDL3: DRIVER_OBJECT: 89DF8A08 21:31:50:390 3656 KLMD_ReadMem: Trying to ReadMemory 0x89DF8A08[0xA8] 21:31:50:390 3656 KLMD_ReadMem: Trying to ReadMemory 0xE1581480[0x18] 21:31:50:390 3656 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 21:31:50:390 3656 DetectCureTDL3: IrpHandler (0) addr: BA0EEC30 21:31:50:390 3656 DetectCureTDL3: IrpHandler (1) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (2) addr: BA0EEC30 21:31:50:390 3656 DetectCureTDL3: IrpHandler (3) addr: BA0E8D9B 21:31:50:390 3656 DetectCureTDL3: IrpHandler (4) addr: BA0E8D9B 21:31:50:390 3656 DetectCureTDL3: IrpHandler (5) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (6) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (7) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (8) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (9) addr: BA0E9366 21:31:50:390 3656 DetectCureTDL3: IrpHandler (10) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (11) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (12) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (13) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (14) addr: BA0E944D 21:31:50:390 3656 DetectCureTDL3: IrpHandler (15) addr: BA0ECFC3 21:31:50:390 3656 DetectCureTDL3: IrpHandler (16) addr: BA0E9366 21:31:50:390 3656 DetectCureTDL3: IrpHandler (17) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (18) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (19) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (20) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (21) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (22) addr: BA0EAEF3 21:31:50:390 3656 DetectCureTDL3: IrpHandler (23) addr: BA0EFA24 21:31:50:390 3656 DetectCureTDL3: IrpHandler (24) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (25) addr: 804F4544 21:31:50:390 3656 DetectCureTDL3: IrpHandler (26) addr: 804F4544 21:31:50:390 3656 TDL3_FileDetect: Processing driver: Disk 21:31:50:390 3656 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 21:31:50:390 3656 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 21:31:50:468 3656 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 21:31:50:468 3656 21:31:50:468 3656 DetectCureTDL3: DEVICE_OBJECT: 89DF4C68 21:31:50:468 3656 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DF4C68 21:31:50:468 3656 KLMD_ReadMem: Trying to ReadMemory 0x89DF4C68[0x38] 21:31:50:468 3656 DetectCureTDL3: DRIVER_OBJECT: 89DF8A08 21:31:50:468 3656 KLMD_ReadMem: Trying to ReadMemory 0x89DF8A08[0xA8] 21:31:50:468 3656 KLMD_ReadMem: Trying to ReadMemory 0xE1581480[0x18] 21:31:50:468 3656 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 21:31:50:468 3656 DetectCureTDL3: IrpHandler (0) addr: BA0EEC30 21:31:50:468 3656 DetectCureTDL3: IrpHandler (1) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (2) addr: BA0EEC30 21:31:50:468 3656 DetectCureTDL3: IrpHandler (3) addr: BA0E8D9B 21:31:50:468 3656 DetectCureTDL3: IrpHandler (4) addr: BA0E8D9B 21:31:50:468 3656 DetectCureTDL3: IrpHandler (5) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (6) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (7) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (8) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (9) addr: BA0E9366 21:31:50:468 3656 DetectCureTDL3: IrpHandler (10) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (11) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (12) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (13) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (14) addr: BA0E944D 21:31:50:468 3656 DetectCureTDL3: IrpHandler (15) addr: BA0ECFC3 21:31:50:468 3656 DetectCureTDL3: IrpHandler (16) addr: BA0E9366 21:31:50:468 3656 DetectCureTDL3: IrpHandler (17) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (18) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (19) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (20) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (21) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (22) addr: BA0EAEF3 21:31:50:468 3656 DetectCureTDL3: IrpHandler (23) addr: BA0EFA24 21:31:50:468 3656 DetectCureTDL3: IrpHandler (24) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (25) addr: 804F4544 21:31:50:468 3656 DetectCureTDL3: IrpHandler (26) addr: 804F4544 21:31:50:468 3656 TDL3_FileDetect: Processing driver: Disk 21:31:50:468 3656 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 21:31:50:468 3656 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 21:31:50:500 3656 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 21:31:50:500 3656 21:31:50:500 3656 DetectCureTDL3: DEVICE_OBJECT: 89DBFA50 21:31:50:500 3656 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DBFA50 21:31:50:500 3656 KLMD_ReadMem: Trying to ReadMemory 0x89DBFA50[0x38] 21:31:50:500 3656 DetectCureTDL3: DRIVER_OBJECT: 89DF8A08 21:31:50:500 3656 KLMD_ReadMem: Trying to ReadMemory 0x89DF8A08[0xA8] 21:31:50:500 3656 KLMD_ReadMem: Trying to ReadMemory 0xE1581480[0x18] 21:31:50:500 3656 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 21:31:50:500 3656 DetectCureTDL3: IrpHandler (0) addr: BA0EEC30 21:31:50:500 3656 DetectCureTDL3: IrpHandler (1) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (2) addr: BA0EEC30 21:31:50:500 3656 DetectCureTDL3: IrpHandler (3) addr: BA0E8D9B 21:31:50:500 3656 DetectCureTDL3: IrpHandler (4) addr: BA0E8D9B 21:31:50:500 3656 DetectCureTDL3: IrpHandler (5) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (6) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (7) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (8) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (9) addr: BA0E9366 21:31:50:500 3656 DetectCureTDL3: IrpHandler (10) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (11) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (12) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (13) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (14) addr: BA0E944D 21:31:50:500 3656 DetectCureTDL3: IrpHandler (15) addr: BA0ECFC3 21:31:50:500 3656 DetectCureTDL3: IrpHandler (16) addr: BA0E9366 21:31:50:500 3656 DetectCureTDL3: IrpHandler (17) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (18) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (19) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (20) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (21) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (22) addr: BA0EAEF3 21:31:50:500 3656 DetectCureTDL3: IrpHandler (23) addr: BA0EFA24 21:31:50:500 3656 DetectCureTDL3: IrpHandler (24) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (25) addr: 804F4544 21:31:50:500 3656 DetectCureTDL3: IrpHandler (26) addr: 804F4544 21:31:50:500 3656 TDL3_FileDetect: Processing driver: Disk 21:31:50:500 3656 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 21:31:50:500 3656 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 21:31:50:515 3656 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 21:31:50:515 3656 21:31:50:515 3656 DetectCureTDL3: DEVICE_OBJECT: 89D8BAB8 21:31:50:515 3656 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D8BAB8 21:31:50:515 3656 DetectCureTDL3: DEVICE_OBJECT: 89DC3940 21:31:50:515 3656 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DC3940 21:31:50:515 3656 KLMD_ReadMem: Trying to ReadMemory 0x89DC3940[0x38] 21:31:50:515 3656 DetectCureTDL3: DRIVER_OBJECT: 89D8F598 21:31:50:515 3656 KLMD_ReadMem: Trying to ReadMemory 0x89D8F598[0xA8] 21:31:50:515 3656 KLMD_ReadMem: Trying to ReadMemory 0xE1589C98[0x1A] 21:31:50:515 3656 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 21:31:50:515 3656 DetectCureTDL3: IrpHandler (0) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (1) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (2) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (3) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (4) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (5) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (6) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (7) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (8) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (9) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (10) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (11) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (12) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (13) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (14) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (15) addr: 89D03C50 21:31:50:515 3656 DetectCureTDL3: IrpHandler (16) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (17) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (18) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (19) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (20) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (21) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (22) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (23) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (24) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (25) addr: B9F3A9F2 21:31:50:515 3656 DetectCureTDL3: IrpHandler (26) addr: B9F3A9F2 21:31:50:515 3656 KLMD_ReadMem: Trying to ReadMemory 0xB9F387C6[0x400] 21:31:50:515 3656 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 21:31:50:515 3656 TDL3_FileDetect: Processing driver: atapi 21:31:50:515 3656 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 21:31:50:515 3656 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 21:31:50:546 3656 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean 21:31:50:546 3656 21:31:50:546 3656 Completed 21:31:50:546 3656 21:31:50:546 3656 Results: 21:31:50:546 3656 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 21:31:50:546 3656 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 21:31:50:546 3656 File objects infected / cured / cured on reboot: 0 / 0 / 0 21:31:50:546 3656 21:31:50:562 3656 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 21:31:50:562 3656 UtilityDeinit: KLMD(ARK) unloaded successfully

[ken545]

That log looks like it came back ok.


Lets reset your hosts file

Download the HostsXpert 4.2.0.0. - Hosts File Manager.

• Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
• Click HostsXpert.exe to Run HostsXpert - Hosts File Manager from its new home
• Click "Make Hosts Writable?" in the upper right corner (If available).
• Click Restore Microsoft's Hosts file and then click OK.
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Are you still being redirected ??

[ken545]

Looking through your logs I see we already reset your hosts file so lets skip that step.

I would like you to run this tool , it wont fix anything but will give a good report of your system.

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scan box paste this in
  
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

[ems88]

OTL Extras logfile created on: 2/16/2010 12:23:07 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Elaine Sang\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.34 Gb Total Space | 8.77 Gb Free Space | 17.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TURTLE
Current User Name: Elaine Sang
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"8241:TCP" = 8241:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"8241:TCP" = 8241:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Disabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{867e5ceb-2493-e530-e5ef-8baf59de1ea6}" = Keepsake Countdown
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A15ED800-19FF-11D5-AF7F-0050BA1191E9}" = InterVideo FilterSDK
"{a2bca9f1-566c-4805-97d1-7fdc93386723}" = Adobe AIR
"{A85C3B40-B4E6-49F2-8515-D970C05CEA5E}" = Mpeg2 SoftWare Decoder
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E31C348B-63A9-4CBF-8D7F-D932ABB63244}" = Ad-Aware 2007
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"adobe air" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Toolbar" = AOL Toolbar 2.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP-LaserJet 1018" = LaserJet 1018
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"InstallShield_{A85C3B40-B4E6-49F2-8515-D970C05CEA5E}" = Mpeg2 SoftWare Decoder
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Intel® PROSet/Wireless Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xqdcXSP_is1" = XQDC X-Setup Pro 9.2.100
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GCalc 3" = GCalc 3
"Molecular Workbench" = Molecular Workbench
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/15/2010 11:52:48 PM | Computer Name = TURTLE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 2/15/2010 9:49:39 PM | Computer Name = TURTLE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 2/15/2010 9:49:45 PM | Computer Name = TURTLE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio

Error - 2/15/2010 11:52:11 PM | Computer Name = TURTLE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 2/15/2010 11:52:16 PM | Computer Name = TURTLE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio

Error - 2/16/2010 12:05:33 AM | Computer Name = TURTLE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 2/16/2010 12:05:40 AM | Computer Name = TURTLE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio

Error - 2/16/2010 12:53:50 AM | Computer Name = TURTLE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 2/16/2010 12:53:58 AM | Computer Name = TURTLE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio

Error - 2/16/2010 1:09:08 AM | Computer Name = TURTLE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 2/16/2010 1:09:13 AM | Computer Name = TURTLE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio


< End of report >

OTL logfile created on: 2/16/2010 12:23:07 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Elaine Sang\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.34 Gb Total Space | 8.77 Gb Free Space | 17.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TURTLE
Current User Name: Elaine Sang
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Elaine Sang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( )
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\NetWaiting\netwaiting.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Elaine Sang\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (TermService) -- C:\WINDOWS\system32\termsrv32.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ad-Watch Connect Filter) -- C:\WINDOWS\system32\drivers\NSDriver.sys (Lavasoft AB)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (CdaD10BA) -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS (Macrovision Europe Ltd)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (SONYPVU1) Sony USB Filter Driver (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.startup.homepage: " [url="http://www.msn.com""]http://www.msn.com"[/url]
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..keyword.URL: "http://slirsredirect...ir=2706&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/09/23 19:46:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/07 21:06:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/11 22:39:37 | 000,000,000 | ---D | M]

[2009/07/22 02:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Sang\Application Data\Mozilla\Extensions
[2009/07/22 02:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Sang\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/15 20:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Sang\Application Data\Mozilla\Firefox\Profiles\lsvyk9hr.default\extensions
[2010/02/11 22:39:37 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Elaine Sang\Application Data\Mozilla\Firefox\Profiles\lsvyk9hr.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/02/11 22:39:27 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Elaine Sang\Application Data\Mozilla\Firefox\Profiles\lsvyk9hr.default\searchplugins\AIM Search.xml
[2010/02/15 20:09:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/31 16:19:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/10/18 21:24:49 | 000,000,000 | ---D | M] (New.net Quick! Search) -- C:\Program Files\Mozilla Firefox\extensions\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DellTransferAgent] C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( )
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06071909.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8b37a9d2-0c67-11df-a0d2-0015c53a9238}\Shell\AutoRun\command - "" = E:\CA_EDGEmobile.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 12:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/02/16 00:17:47 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elaine Sang\Desktop\OTL.exe
[2010/02/14 01:05:45 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/02/11 22:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/02/11 22:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\AIM Toolbar
[2010/02/11 22:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/02/11 22:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/02/11 22:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/02/11 22:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine Sang\Local Settings\Application Data\AOL
[2010/01/28 17:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine Sang\My Documents\Downloads
[2010/01/27 15:01:12 | 008,327,264 | ---- | C] (Mozilla) -- C:\Documents and Settings\Elaine Sang\Desktop\Firefox Setup 3.6.exe
[2010/01/25 04:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine Sang\Application Data\ImgBurn
[2010/01/25 04:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/01/25 04:28:51 | 002,169,915 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\Elaine Sang\Desktop\SetupImgBurn_2.5.0.0.exe
[2010/01/25 04:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine Sang\Desktop\memtest86-3.5.iso
[2010/01/21 18:31:37 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/01/20 23:37:03 | 000,000,000 | ---D | C] -- C:\HostsXpert
[2010/01/20 23:35:13 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Elaine Sang\Desktop\HijackThisInstaller.exe
[2010/01/20 19:28:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010/01/18 18:09:56 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Elaine Sang\Desktop\erunt_setup.exe
[2010/01/18 18:07:25 | 000,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Elaine Sang\Desktop\SysRestorePoint.exe
[2009/06/01 20:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/03/19 13:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/03/16 19:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/10/18 21:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2007/10/18 21:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2006/10/19 08:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/10/19 08:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/07/18 16:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2004/08/10 13:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/10 12:57:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/08/10 12:57:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[3 C:\Documents and Settings\Elaine Sang\My Documents\*.tmp files -> C:\Documents and Settings\Elaine Sang\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/16 00:17:27 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine Sang\Desktop\OTL.exe
[2010/02/16 00:09:17 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/16 00:09:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/16 00:08:59 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/16 00:08:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/15 20:17:29 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Elaine Sang\ntuser.dat
[2010/02/15 20:17:14 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Elaine Sang\ntuser.ini
[2010/02/14 00:56:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/13 00:44:04 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010/02/11 22:39:52 | 000,002,686 | -H-- | M] () -- C:\IPH.PH
[2010/02/11 22:39:15 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2010/02/08 19:16:43 | 000,305,152 | ---- | M] () -- C:\Documents and Settings\Elaine Sang\My Documents\windiag.iso
[2010/02/07 18:00:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan.job
[2010/02/03 01:11:02 | 000,000,409 | ---- | M] () -- C:\Documents and Settings\Elaine Sang\Desktop\ImgBurn.lnk
[2010/02/03 00:53:10 | 004,263,576 | -H-- | M] () -- C:\Documents and Settings\Elaine Sang\Local Settings\Application Data\IconCache.db
[2010/01/27 15:01:18 | 008,327,264 | ---- | M] (Mozilla) -- C:\Documents and Settings\Elaine Sang\Desktop\Firefox Setup 3.6.exe
[2010/01/25 04:29:03 | 002,169,915 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Elaine Sang\Desktop\SetupImgBurn_2.5.0.0.exe
[2010/01/25 04:19:27 | 000,535,482 | ---- | M] () -- C:\Documents and Settings\Elaine Sang\Desktop\memtest86-3.5.iso.zip
[2010/01/21 19:08:30 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Elaine Sang\Desktop\HijackThis.lnk
[2010/01/20 23:35:12 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Elaine Sang\Desktop\HijackThisInstaller.exe
[2010/01/20 23:26:28 | 000,009,344 | ---- | M] () -- C:\Documents and Settings\Elaine Sang\Desktop\01-craig_david-one_more_lie.mp3
[2010/01/18 18:10:54 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Elaine Sang\Desktop\ERUNT.lnk
[2010/01/18 18:10:00 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Elaine Sang\Desktop\erunt_setup.exe
[2010/01/18 18:07:22 | 000,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Elaine Sang\Desktop\SysRestorePoint.exe
[3 C:\Documents and Settings\Elaine Sang\My Documents\*.tmp files -> C:\Documents and Settings\Elaine Sang\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/13 00:44:12 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010/02/11 22:39:15 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2010/02/08 19:16:43 | 000,305,152 | ---- | C] () -- C:\Documents and Settings\Elaine Sang\My Documents\windiag.iso
[2010/01/25 04:29:45 | 000,000,409 | ---- | C] () -- C:\Documents and Settings\Elaine Sang\Desktop\ImgBurn.lnk
[2010/01/25 04:20:19 | 000,535,482 | ---- | C] () -- C:\Documents and Settings\Elaine Sang\Desktop\memtest86-3.5.iso.zip
[2010/01/21 19:08:30 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Elaine Sang\Desktop\HijackThis.lnk
[2010/01/20 23:06:01 | 000,009,344 | ---- | C] () -- C:\Documents and Settings\Elaine Sang\Desktop\01-craig_david-one_more_lie.mp3
[2010/01/18 18:10:54 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Elaine Sang\Desktop\ERUNT.lnk
[2009/08/15 19:21:07 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2009/08/15 11:58:25 | 000,112,336 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/01/15 00:35:43 | 000,000,135 | ---- | C] () -- C:\WINDOWS\AVerTV.ini
[2006/12/23 18:00:30 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/17 14:30:57 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2006/08/07 15:17:39 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Elaine Sang\Application Data\PFP120JPR.{PB
[2006/08/07 15:17:39 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Elaine Sang\Application Data\PFP120JCM.{PB
[2006/08/07 15:13:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/05 13:01:41 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/05 13:01:41 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D0E5FBB671.sys
[2006/07/23 22:10:44 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Elaine Sang\Local Settings\Application Data\fusioncache.dat
[2006/07/22 14:24:44 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Elaine Sang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/12 13:03:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/12 12:47:03 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/12 12:16:54 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/07/12 12:15:22 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 01:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/02/11 22:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/02/11 22:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/06/04 03:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2009/01/30 23:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2008/12/21 19:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2007/01/11 18:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkillJam
[2008/12/21 20:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/02/11 22:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/17 12:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X-Setup Pro
[2008/03/16 19:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2008/09/14 16:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2006/12/20 23:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Sang\Application Data\acccore
[2006/12/22 14:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Sang\Application Data\Aim
[2010/01/25 04:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Sang\Application Data\ImgBurn
[2009/07/22 03:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Sang\Application Data\LimeWire
[2007/09/25 20:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Sang\Application Data\Molecular Workbench
[2008/05/28 17:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Sang\Application Data\Stamps.com Internet Postage
[2007/01/20 01:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Sang\Application Data\Viewpoint
[2009/08/17 12:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Sang\Application Data\X-Setup Pro

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/01/23 21:18:17 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/02/13 00:44:04 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2009/09/09 17:54:30 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\XPSP3.exe.exe


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2003/07/16 15:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\$AutoStreamer$\I386\sp1.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2003/07/16 15:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\XPSETUP\I386\sp1.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< >
< End of report >

[ken545]

Hi,

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.





Next:

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and re-enable all active protection when done.

[ems88]

I ran DeFogger but it didn't ask me to reboot. After it finished, I just got the same pop-up to click disable or enable.

[ken545]

Thats fine, now run GMER

[ken545]

Hi,

I have had some other people look the issue your having and this is what we need to do.

Open Notepad and type this in

copy C:\windows\system32\dllcache\atapi.sys C:\

Save it as Copy.bat to your desktop
Save it as all files

Double click on Copy.bat to run it, it will just flash before you for a spit second



You need to enable windows to Show all Files and Folders
Instructions for your Operating System HERE

Veryify that atapi.sys is in C:\


Then restart your computer and boot to the Recovery Console.

Then run these commands one at at time hitting enter after each one

cd system32
ren atapi.sys atapi.old
copy c:\atapi.sys
exit


If you did this correctly you should receive a 1 file(s) copied confirmation.

Reboot your computer and see if this fixed the problem

[ems88]

I tried to boot to the Recovery Console but it didn't work. I got this message:
The Recovery Console provides system repair and recovery functionality.
Type EXIT to quit the Recovery console and restart the computer.
1: C:\Windows
Which Windows installation would you like to log onto <To cancel, press ENTER>?

I pressed enter and my computer started again as if I just turned it on. It sounds like pressing exit would've yielded the same results...?

I noticed that everytime I start up Firefox, there's a pop-up
"The version of the Silverlight plug-in installed on your system is no longer valid. Please go to http://go2.microsoft.../?LinkId-128377 for the latest version.' There's a yes or no option.
I didn't know I had this on my computer...

Also, I tried running GMER but it took so long (7+ hours) that my computer froze. Is it supposed to take that long?

Edited by ems88, 18 February 2010 - 07:50 PM.

[ken545]

Hi,

Open Firefox and go to Tools > Options >General Tab > Manage Add Ons and if Silverlight is listed , just remove it.


As far as GMER, on some systems it takes awhile but not 7 hours.



To re-enable your Emulation drivers, double click DeFogger to run the tool.

• The application window will appear
• Click the Re-enable button to re-enable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.




The Recovery Console. I see you posted that it went to C:\windows. Thats where you want to run these commands

cd system32
ren atapi.sys atapi.old
copy c:\atapi.sys
exit



If your unable to do that, do you have your windows CD ?

[ems88]

I tried typing in the commands right after 'Which Windows installation would you like to log onto <to cancel, press ENTER>?' but it only lets me type in one character

[ken545]

Ok, lets try it this way.

Save the highlighted text to Notepad and save it as a text file ( not all files ) and name it ems88.txt

Save it to your C:\ drive.

cd system32
ren atapi.sys atapi.old
copy c:\atapi.sys
exit





Boot to the RC and at the command prompt press 1 on your keyboard then Enter and this will bring you to C:\Windows prompt

Then type this in and press enter

Batch C:\ems88.txt

You should get a notification that the file was copied successfully

Then hit Enter to get out of the RC.

Reboot your system and see how things are running now

[ems88]

After I typed in Batch C:\ems88.txt, I got the message "The system cannot find the file or directory specified. 1 file(s) copied."