WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Closed] Firefox google redirect and random popups

Started by chaoticflash , Mar 21 2010 05:08 PM

This topic is locked

8 replies to this topic

#1 chaoticflash

New Member

Authentic Member
5 posts

Posted 21 March 2010 - 05:08 PM

I've been getting some random redirects when I try and google something, where I get redirected to sites like directrdr and others, but they always end up being blank pages. In addition, random popups for those sites have also occurred. I've tried using spybot search and destroy, Malwarbytes, and updating my Java, but the problem still persists. Any help is appreciated.

Advertisements

Register to Remove

#2 inzanity

♠♠lost♠♠

Malware Team
2,340 posts

Posted 22 March 2010 - 03:05 AM

Hello and

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

Log research takes time, so please be patient and I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
Do not install/uninstall anything on your computer unless advised.
Do not run any other scanning tools other than those instructed for you to use.
Follow the instructions on the order they are given.
Stay with this thread until advised when your computer is clean. Absence of symptoms does not necessarily mean a clean computer.
If you are being helped regarding this problem on another forum please advice us so that we can close this thread.
If you do not reply within 3 days after my last response, I will be asking you whether you still need assistance and if you still don't reply within 24 hours then the topic will be closed.
And lastly, if you have any questions, please ask before proceeding with any of the advised fixes.

_________________________________________________

If you are using Vista or Windows 7, you will need to right click and choose "Run as Administrator" to run the tools we will use.

OTL:

Download OTL to your desktop.
Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
Copy and paste the following bold text into the box under Custom Scan

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
/md5stop
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of the OTL.txt and post it with your next reply along with the Extras.txt log.

--Next--

Posted Image

Download GMER Rootkit Scanner from here or here.

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

To post in your next reply:
1. OTL logs.
2. GMER log.

Proud graduate of WTT Classroom

The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________

#3 chaoticflash

New Member

Authentic Member
5 posts

Posted 23 March 2010 - 05:00 PM

Thank you taking up my problem, its appreciated.

Sorry for the late response, but I'm having problems with the GMER program, more specifically, every time I run the program, the scan goes fine (albeit, it slows my computer down, but I've done the scans with nothing in the background), but when the scan finishes, my computer freezes and I can't save the .txt file.

Here are the OTL logs however:

OTL Extras logfile created on: 3/22/2010 4:36:36 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = D:\Documents and Settings\Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 29.30 Gb Free Space | 60.00% Space Free | Partition Type: NTFS
Drive D: | 249.26 Gb Total Space | 182.49 Gb Free Space | 73.21% Space Free | Partition Type: NTFS
Drive E: | 624.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NUMBER-ONE
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NewspaperDirect\PressReader\PressReader.exe" = C:\Program Files\NewspaperDirect\PressReader\PressReader.exe:*:Enabled:PressReader -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Softnyx\WolfTeam\Wolfteam.bin" = C:\Program Files\Softnyx\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam -- (Softnyx Co., Ltd.)
"C:\WINDOWS\system32\LMabcoms.exe" = C:\WINDOWS\system32\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP -- (Lexmark International, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{063F3C4A-1263-436F-91A9-83BEB989501F}" = Internet Client 2.4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{0933AFF4-3376-4C44-8569-BD7534B4B4E8}" = QuickTax 2002 Platinum
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{1707BF02-0F5C-4A6C-8F17-053BB73E443F}" = Tabbed Browsing (Windows Live Toolbar)
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 18
"{28E24092-3BAE-4D38-A57B-F830862E3A31}" = QuickTax 2003 Platinum
"{294A97F8-CC15-41F7-8718-CEE6B0C7D7E0}" = D-Link Xtreme N Dual Band DWA-160
"{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}" = Soap 3.0 Toolkit
"{30383EB1-E954-4CA3-B7DE-9C3A68B69D26}" = RPS Privacy Manager
"{31DABA20-10A1-4746-9D9F-57955B8DFF66}" = Free Games Offer, Desktop Shortcut
"{3249C40F-A3BF-4ECC-9824-2F3EB9BFE6A1}" = RPS Ksdk
"{332BCC03-A1B7-4BE7-8C8A-2B1333E22C33}" = Opera 10.50
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB5932-AE03-491E-9674-DF8E1F38D253}" = RPS Performance Tool
"{3686AE6A-D426-402A-9A49-973867C92BC4}" = RPS App Detector
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3838AF48-56E2-4E52-8482-D17CABF63441}" = RPS CRT
"{3BC805C1-1AA9-4A1D-9F21-958F1F3F2D6D}" = ErrorSmart
"{4229B337-0C40-4181-9C41-CAC4C5952A7A}" = RPS Burn
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4C68AB1C-95CB-4699-BBDE-EC4FA2931E3A}" = RPS Security Cleanup
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}" = Microsoft Easy Assist
"{53337CA9-E9A4-4C59-9D1C-D980EF9BF0C2}" = QuickTax 2004
"{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8
"{55DBDE34-2CAE-455C-A1CD-D91F5EE8E4E0}" = TELUS security services
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D995085-1609-40D6-85CD-654C13430EE1}" = RPS ParentalControl
"{5DE9ADA1-B9F0-45C5-947F-12E667B01F69}" = RPS Diagnostic Utility
"{5EF2B896-B1C1-46E8-83AD-4F940B7A5982}" = MathGV 4
"{65C1C87A-02D9-4557-BC0D-131F1C419D61}" = Britannica Almanac 2005 CD
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6924B6B2-EEA2-441D-A939-A6C26EE278F9}" = ATIRW15
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69B02159-7624-4DBB-B9EE-F933039830AD}" = QuickBooks Premier Edition 2006
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E1B36B-2C8F-4D89-ABF0-F3FC85516AC5}" = RPS Ad Blocker
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator RAID Edition
"{929A59BE-1E16-41EF-88CA-1006DE77D480}" = RPS AntiSpyware
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A1BDA87-7C0D-4B3A-8C05-026FA41F188F}" = QuickTax 2001
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A296E88E-8459-4CF7-A7C8-AA65A04CAF75}" = RPS Zip
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{ADAF6BDD-EC42-4239-B191-FDE6FFD6E1D6}" = ATI RADEON 9700 Car Paint Demo v1.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B21DE8E2-03E6-4CFD-A94D-95CC42CD49C8}" = RPS Backup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B41FA933-8D07-4AD8-A3A7-F9AA394E93A8}" =
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6DC0CAF-0D27-4ACE-8E34-8594C8D7C1DA}" = MMC85
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B747E7F6-7A2B-4E57-B6A5-AFF21325EE2D}" = ATI RADEON 9700 Bear Demo v1.1
"{B8D0BC3E-67DF-48A3-ACC9-EEAA8DBFBF29}" = QuickTax 2005
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}" = D-Link AirPlus
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0C5C43F-C534-4A35-AC67-98E64242A3FF}" = RPS AntiFraud
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1AD7439-FBCA-4345-A780-2A5617EBA9DE}" = neoDVDplus5
"{D3661269-10B6-495F-B4EE-539ABE3F9AA9}" = DVDDec
"{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}" = Windows Live Favorites for Windows Live Toolbar
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E1374244-A8FE-4FDF-B823-184061FE16C5}" = RPS PopupBlocker
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E503069C-7681-4AEF-ADBD-131957FE5D6D}" = Quicken 2008
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE8B9C76-1E07-4C26-8587-8184024FA345}" = Hoyle Card Games 2005
"{EED7DDDC-A01A-4A0D-884A-272C02E96903}" = RPS Firewall
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F06D2782-4C7B-4778-901D-79D63E1B9BB9}" = RPS AntiVirus
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8B6FBC3-C28F-49D9-A00A-16283E9A1180}" = ATI RADEON 9700 Pipe Dream Demo v1.1
"{FAFDA89B-1031-4BDB-8619-DE20CBDEDF32}" = QuickTax 2006
"{FDDA11D6-00DE-4957-8761-F97145F438B7}" = RPS RpsCore
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ask Toolbar_is1" = Vuze Toolbar
"Browser Defender_is1" = Browser Defender 2.0.6.15
"ClickArt 10,000 Image Pack 1.0" = ClickArt® 10,000 Image Pack
"ClickArt Gallery 1.0" = ClickArt® Gallery
"DSMT6" = MathType 6
"Hollywood FX 4.6" = Pinnacle Hollywood FX 4.6
"Hoyle Casino 4" = Hoyle Casino 4
"hp officejet g series 1080896469" = hp officejet g series
"ICCup Launcher_is1" = ICCup Launcher
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"InstallShield_{6924B6B2-EEA2-441D-A939-A6C26EE278F9}" = ATI Remote Wonder 1.5
"InstallShield_{B6DC0CAF-0D27-4ACE-8E34-8594C8D7C1DA}" = ATI Multimedia Center 8.5.0.0
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{D1AD7439-FBCA-4345-A780-2A5617EBA9DE}" = neoDVDplus
"InstallShield_{D3661269-10B6-495F-B4EE-539ABE3F9AA9}" = ATI DVD Decoder 2.2.0.0
"Lexmark_HostCD" = Lexmark Software Uninstall
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MGI_PRISM_V4_0" = MGI PhotoSuite 4 (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pinnacle Hollywood FX Pack - ATI FX" = Pinnacle Hollywood FX Pack - ATI FX
"PROSet" = Intel® PRO Network Adapters and Drivers
"P-touch Editor ver 3.2" = P-touch Editor 3.2
"RadialpointClientGateway_is1" = TELUS security advisor 2.0.21
"SiSoftware Sandra Professional MAX3! (Jagged Onl~74D864A4_is1" = SiSoftware Sandra Professional MAX3! (Jagged Online Ltd Edition
"SmartSuite V98.0" = Lotus SmartSuite Release 9
"Spyware Doctor" = Spyware Doctor 7.0
"Starcraft" = Starcraft
"VLC media player" = VLC media player 1.0.3
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WolfTeam International_is1" = WolfTeam International
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/22/2008 5:39:44 AM | Computer Name = NUMBER-ONE | Source = WinMgmt | ID = 24
Description = Event provider attempted to register query "SELECT * FROM PDEvent"
whose target class "PDEvent" does not exist. The query will be ignored.

[ System Events ]
Error - 3/21/2010 6:19:13 AM | Computer Name = NUMBER-ONE | Source = Print | ID = 23
Description = Printer Microsoft Office Document Image Writer failed to initialize
because a suitable Microsoft Office Document Image Writer Driver driver could not
be found.

Error - 3/21/2010 6:19:30 AM | Computer Name = NUMBER-ONE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 3/21/2010 6:19:30 AM | Computer Name = NUMBER-ONE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 3/21/2010 1:43:35 PM | Computer Name = NUMBER-ONE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 3/21/2010 1:43:35 PM | Computer Name = NUMBER-ONE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 3/21/2010 1:43:35 PM | Computer Name = NUMBER-ONE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 3/21/2010 1:43:43 PM | Computer Name = NUMBER-ONE | Source = Print | ID = 23
Description = Printer Microsoft Office Document Image Writer failed to initialize
because a suitable Microsoft Office Document Image Writer Driver driver could not
be found.

Error - 3/21/2010 5:40:40 PM | Computer Name = NUMBER-ONE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/22/2010 1:59:36 AM | Computer Name = NUMBER-ONE | Source = NetBT | ID = 4321
Description = The name "HOME :1d" could not be registered on the Interface
with IP address 192.168.0.101. The machine with the IP address 192.168.0.102 did
not allow the name to be claimed by this machine.

Error - 3/22/2010 2:14:06 AM | Computer Name = NUMBER-ONE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JUSTINWONG-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{828DF857-0552-. The master browser is stopping or an election is being
forced.

< End of report >

#4 chaoticflash

New Member

Authentic Member
5 posts

Posted 23 March 2010 - 05:07 PM

OTL logfile created on: 3/22/2010 4:36:36 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = D:\Documents and Settings\Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 392.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 29.30 Gb Free Space | 60.00% Space Free | Partition Type: NTFS
Drive D: | 249.26 Gb Total Space | 182.49 Gb Free Space | 73.21% Space Free | Partition Type: NTFS
Drive E: | 624.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NUMBER-ONE
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - D:\Documents and Settings\Dad\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe (TELUS)
PRC - C:\Program Files\TELUS\TELUS security services\RPS.exe (TELUS)
PRC - C:\Program Files\TELUS\TELUS security services\Fws.exe (TELUS)
PRC - C:\Program Files\TELUS\TELUS security advisor\Tsa.exe (TELUS)
PRC - C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\AirNCFG.exe (D-Link)
PRC - C:\Program Files\TELUS\TELUS security services\Kav\Bin\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\WINDOWS\system32\LMabcoms.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel)
PRC - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel)
PRC - C:\Program Files\D-Link AirPlus\AIRPLUS.EXE (D-Link)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\NILaunch.exe ()

========== Modules (SafeList) ==========

MOD - D:\Documents and Settings\Dad\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (x10nets) -- File not found
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (Radialpoint Security Services) -- C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe (TELUS)
SRV - (RP_FWS) -- C:\Program Files\TELUS\TELUS security services\Fws.exe (TELUS)
SRV - (jswpsapi) -- C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\JSWUtil\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
SRV - (ANIWZCSdService) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)
SRV - (lmab_device) -- C:\WINDOWS\System32\LMabcoms.exe (Lexmark International, Inc.)
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (KL1) -- C:\WINDOWS\System32\DRIVERS\kl1.sys (Kaspersky Lab)
DRV - (arusb(Atheros)) Atheros Wireless Network Adapter Service(Atheros) -- C:\WINDOWS\system32\drivers\arusb.sys (Atheros Communications, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (DefragFS) -- C:\WINDOWS\system32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (RPSKT) Security Services Driver (x86) -- C:\WINDOWS\system32\drivers\rp_skt32.sys (Radialpoint Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (Cdralw2k) -- C:\WINDOWS\system32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (antispyware) -- C:\WINDOWS\system32\DRIVERS\antispyware.sys ()
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (ATIAVAIW) -- C:\WINDOWS\system32\drivers\atinavt2.sys (ATI Technologies Inc.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()
DRV - (cdudf_xp) -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys (Roxio)
DRV - (sf) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc)
DRV - (ATITUNEP) ATI WDM TV Tuner (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atintuxx.sys (ATI Technologies Inc.)
DRV - (ATIXSAudio) ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atinxsxx.sys (ATI Technologies Inc.)
DRV - (atinrvxx) ATI WDM Rage Theater Video (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atinrvxx.sys (ATI Technologies Inc.)
DRV - (ativraxx) ATI WDM Rage Theater Audio (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atinraxx.sys (ATI Technologies Inc.)
DRV - (PCDCODEC) ATI WDM Specialized PCD Codec (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atinpdxx.sys (ATI Technologies Inc.)
DRV - (MVDCODEC) ATI WDM Specialized MVD Codec (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atinmdxx.sys (ATI Technologies Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (cdrbsdrv) -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (AIRPLUS) -- C:\WINDOWS\system32\drivers\AIRPLUS.sys (D-Link)
DRV - (cdrbsvsd) -- C:\WINDOWS\system32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (dvd_2K) -- C:\WINDOWS\system32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\system32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\system32\drivers\pwd_2K.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINDOWS\system32\drivers\UdfReadr_xp.sys (Roxio)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (X10UIF) -- C:\WINDOWS\system32\drivers\x10uif.sys (X10 Wireless Technology, Inc.)
DRV - (SMBios) Intel ® -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (BsStor) -- C:\WINDOWS\system32\drivers\BsStor.sys (B.H.A Co.,Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.mytelus.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

#5 chaoticflash

New Member

Authentic Member
5 posts

Posted 23 March 2010 - 05:08 PM

========== Files/Folders - Created Within 30 Days ==========

[2010/03/22 16:34:35 | 000,555,520 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Dad\Desktop\OTL.exe
[2010/03/21 11:06:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2010/03/21 11:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/21 11:06:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/21 11:06:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/21 11:06:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/20 18:25:56 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2010/03/20 18:21:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/03/20 18:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/03/20 18:14:52 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2010/03/20 18:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2010/03/20 17:43:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dad\Application Data\WinRAR
[2010/03/20 17:15:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dad\Application Data\Roxio
[2010/03/20 16:45:09 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/20 16:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2010/03/20 11:41:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/03/20 11:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/03/18 17:27:09 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Dad\PrivacIE
[2010/03/15 17:30:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dad\Local Settings\Application Data\Opera
[2010/03/15 17:30:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dad\Application Data\Opera
[2010/03/15 17:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/03/15 15:50:05 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Dad\IECompatCache
[2010/03/15 02:27:02 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Dad\IETldCache
[2010/03/15 01:05:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/03/15 00:59:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/03/14 00:16:33 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2010/03/14 00:16:19 | 000,131,072 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXDRVX.DLL
[2010/03/14 00:16:19 | 000,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXCFI.DLL
[2010/03/14 00:16:09 | 000,042,496 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LMABH2BJ.DLL
[2010/03/14 00:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2010/03/14 00:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark_HostCD
[2010/03/14 00:15:44 | 000,638,976 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LMabpmui.dll
[2010/03/14 00:15:42 | 001,105,920 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LMabusb1.dll
[2010/03/14 00:15:41 | 001,191,936 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LMabserv.dll
[2010/03/14 00:15:40 | 000,155,648 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LMabprox.dll
[2010/03/14 00:15:39 | 000,319,488 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LMabppls.exe
[2010/03/14 00:15:37 | 000,114,688 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LMabpplc.dll
[2010/03/14 00:15:36 | 000,499,712 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LMabpar1.dll
[2010/03/14 00:15:34 | 000,479,232 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LMablmpm.dll
[2010/03/14 00:15:33 | 000,688,128 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LMabip1.dll
[2010/03/14 00:15:32 | 000,487,424 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LMabcoms.exe
[2010/03/14 00:15:30 | 000,413,696 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LMabcomm.dll
[2010/03/14 00:15:29 | 000,708,608 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LMabcomc.dll
[2010/03/13 22:32:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dad\Local Settings\Application Data\Threat Expert
[2010/03/12 21:27:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dad\Application Data\Malwarebytes
[2010/03/12 21:26:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/12 21:26:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/12 21:26:47 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/12 21:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/12 21:13:08 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/03/12 21:13:07 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/03/12 21:13:07 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/03/12 21:13:07 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/03/12 21:08:25 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/03/12 21:08:20 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/03/12 21:08:20 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/03/12 21:07:58 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/03/12 21:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/03/12 21:07:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Dad\Application Data\PC Tools
[2010/03/12 21:07:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\PC Tools
[2010/03/12 21:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/03/12 21:06:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/09 20:19:19 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/07 21:03:00 | 000,049,152 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\AQCKGen.dll
[2010/03/07 21:02:59 | 000,692,224 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\ANIWZCS2.dll
[2010/03/07 21:02:58 | 000,204,800 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\aIPH.dll
[2010/03/07 21:02:58 | 000,045,115 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANICtl.dll
[2010/03/07 21:02:57 | 000,262,144 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\wnicapi.dll
[2010/03/07 21:02:56 | 001,327,189 | ---- | C] (Funk Software, Inc.) -- C:\WINDOWS\System32\odSupp_M.dll
[2010/03/07 21:02:33 | 000,048,128 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO64.sys
[2010/03/07 21:02:33 | 000,036,864 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIOApi.dll
[2010/03/07 21:02:33 | 000,028,195 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO.sys
[2010/03/07 21:02:32 | 000,011,904 | ---- | C] (ANI ) -- C:\WINDOWS\System32\anio4.sys
[2010/03/07 21:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\ANI
[2010/03/07 21:02:12 | 000,405,583 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\jswscsup.dll
[2010/03/07 21:02:09 | 000,075,776 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\jswscimdx.sys
[2010/03/07 21:02:08 | 000,057,440 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\jswscimd.sys
[2010/03/07 21:02:08 | 000,057,440 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\jswscimd.sys
[2010/03/07 20:58:46 | 000,434,688 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\arusb.sys
[2010/03/07 20:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2010/03/03 20:09:54 | 000,022,912 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbmodem.sys
[2010/03/03 20:09:54 | 000,012,672 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbbus.sys
[2010/03/03 20:09:53 | 000,021,248 | ---- | C] (LG Electronics Inc.) -- C:\WINDOWS\System32\drivers\lgusbdiag.sys
[2010/03/03 20:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2010/03/03 20:09:16 | 001,471,400 | ---- | C] (LG Electronics ) -- D:\Documents and Settings\Dad\My Documents\LGdareUSBModemDriver_WHQL_Eng_Ver_4.8.1.exe
[2010/02/26 15:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\ICCup
[2007/01/04 20:09:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2007/01/04 20:09:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\Help
[2004/10/07 17:20:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/02/01 20:15:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/02/01 19:50:42 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/02/01 19:50:42 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/22 16:43:28 | 063,612,448 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/03/22 16:41:05 | 006,425,888 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/03/22 16:35:26 | 001,397,504 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\jack_359991560262590.xml
[2010/03/22 16:34:46 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Dad\Desktop\OTL.exe
[2010/03/22 01:29:34 | 001,859,280 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\azn_trix3578264738.xml
[2010/03/22 00:59:10 | 001,236,821 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\the_c_3333346436066.xml
[2010/03/22 00:52:51 | 001,166,331 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\devil_monkey92347432592.xml
[2010/03/22 00:36:30 | 001,376,132 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\austinator727399352.xml
[2010/03/21 23:16:24 | 000,707,405 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\gio_wan3101801582.xml
[2010/03/21 21:30:39 | 000,340,699 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\jtsang933889892726.xml
[2010/03/21 21:29:40 | 000,050,766 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\nightxfire3796295831.xml
[2010/03/21 21:13:25 | 008,388,608 | -H-- | M] () -- D:\Documents and Settings\Dad\NTUSER.DAT
[2010/03/21 19:47:39 | 000,819,011 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\im_not_going_anywhere_23806637750.xml
[2010/03/21 19:47:34 | 000,169,367 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\tonny_helix2702719556.xml
[2010/03/21 10:44:11 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{828DF857-0552-4536-9557-171CEEA316DB}
[2010/03/21 10:44:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/21 10:43:59 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{828DF857-0552-4536-9557-171CEEA316DB}
[2010/03/21 10:43:50 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010/03/21 10:43:49 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/21 10:43:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/21 10:43:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/21 10:42:41 | 000,600,044 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/03/21 10:42:40 | 000,849,416 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/03/21 10:42:17 | 000,000,278 | -HS- | M] () -- D:\Documents and Settings\Dad\ntuser.ini
[2010/03/21 08:18:25 | 000,200,064 | ---- | M] () -- D:\Documents and Settings\Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/21 03:18:50 | 000,634,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/21 00:08:49 | 000,958,689 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\happyhacker_10293847562220996487.xml
[2010/03/20 18:47:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/20 18:26:04 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/03/20 18:24:49 | 000,004,088 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/20 18:23:30 | 000,000,862 | ---- | M] () -- D:\Documents and Settings\Dad\Desktop\Microsoft Excel.lnk
[2010/03/20 18:23:30 | 000,000,860 | ---- | M] () -- D:\Documents and Settings\Dad\Desktop\Microsoft Word.lnk
[2010/03/20 18:14:55 | 000,000,554 | ---- | M] () -- D:\Documents and Settings\Dad\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/03/20 18:14:55 | 000,000,554 | ---- | M] () -- D:\Documents and Settings\Dad\Desktop\MagicDisc.lnk
[2010/03/20 18:04:14 | 000,001,404 | ---- | M] () -- D:\Documents and Settings\Dad\Desktop\MagicISO.lnk
[2010/03/20 17:43:03 | 000,000,618 | ---- | M] () -- D:\Documents and Settings\Dad\Desktop\WinRAR.lnk
[2010/03/20 16:45:09 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/20 14:04:59 | 002,739,814 | -H-- | M] () -- D:\Documents and Settings\Dad\Local Settings\Application Data\IconCache.db
[2010/03/20 14:02:34 | 000,000,150 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/03/20 11:42:25 | 000,000,817 | ---- | M] () -- D:\Documents and Settings\Dad\Desktop\Spybot - Search & Destroy.lnk
[2010/03/18 17:34:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/17 22:13:56 | 000,306,533 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\thebryanjang3322802408.xml
[2010/03/17 21:52:44 | 000,073,816 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\brendon.wonger613361336926.xml
[2010/03/17 20:49:25 | 000,366,687 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\owen.k4177201117.xml
[2010/03/17 14:35:02 | 000,451,152 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\nbajam_932329773183.xml
[2010/03/16 04:42:32 | 000,024,064 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\Biology Portfolio Table of Contents.doc
[2010/03/16 04:28:01 | 000,016,896 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\Table of Contents.xls
[2010/03/16 03:45:11 | 000,119,808 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\portypsowg4.doc
[2010/03/16 02:01:29 | 000,024,576 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\Verbal Instruction1.doc
[2010/03/16 00:18:38 | 000,024,064 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\Bio portfolio table of contents.doc
[2010/03/15 23:00:25 | 000,001,204 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2010/03/15 22:55:01 | 000,024,576 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\Title Page Notes.doc
[2010/03/15 20:24:51 | 000,085,659 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\pk_kungfu_master2277606908.xml
[2010/03/15 19:18:30 | 000,024,576 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\Title Page Notes Recovered.doc
[2010/03/15 19:09:26 | 000,000,162 | -H-- | M] () -- D:\Documents and Settings\Dad\My Documents\~$tle Page Notes Recovered.doc
[2010/03/15 17:29:57 | 000,000,522 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/03/14 17:10:27 | 000,002,055 | ---- | M] () -- D:\Documents and Settings\Dad\Desktop\iTunes.lnk
[2010/03/14 03:05:59 | 000,024,576 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\Verbal Instructions.doc
[2010/03/14 01:01:39 | 000,000,162 | -H-- | M] () -- D:\Documents and Settings\Dad\My Documents\~$tle Page Notes.doc
[2010/03/14 00:21:33 | 000,007,672 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/03/14 00:19:29 | 000,000,507 | ---- | M] () -- C:\WINDOWS\LMABH2DD.ini
[2010/03/14 00:16:08 | 000,000,630 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Lexmark Local Printer Settings Utility.LNK
[2010/03/12 21:26:54 | 000,000,586 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/12 21:16:16 | 000,000,354 | ---- | M] () -- D:\Documents and Settings\Dad\Desktop\fix.reg
[2010/03/12 21:08:18 | 000,001,545 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/03/12 20:56:50 | 000,000,329 | ---- | M] () -- D:\Documents and Settings\Dad\Desktop\exefix.reg
[2010/03/12 20:56:20 | 000,000,329 | ---- | M] () -- D:\Documents and Settings\Dad\Desktop\ecefix.reg
[2010/03/12 20:49:28 | 000,015,150 | -HS- | M] () -- D:\Documents and Settings\Dad\Local Settings\Application Data\ysl0U8AKF0i0
[2010/03/11 21:28:06 | 000,047,616 | ---- | M] () -- D:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/07 21:02:14 | 000,001,419 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2010/03/07 20:22:45 | 000,091,196 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\anime1993603802624757.xml
[2010/03/07 15:53:44 | 000,079,766 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\raydude_rwong1660268865.xml
[2010/03/06 14:10:57 | 000,369,579 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\jasonma73514586155.xml
[2010/03/04 21:51:20 | 000,016,190 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\aaron_cheung_0413987781980.xml
[2010/03/03 20:09:25 | 001,471,400 | ---- | M] (LG Electronics ) -- D:\Documents and Settings\Dad\My Documents\LGdareUSBModemDriver_WHQL_Eng_Ver_4.8.1.exe
[2010/02/26 15:12:12 | 000,001,550 | ---- | M] () -- D:\Documents and Settings\Dad\Desktop\ICCup Launcher.lnk
[2010/02/25 21:20:37 | 000,145,010 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\ProblemSet_1.pdf
[2010/02/24 22:57:52 | 000,052,400 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\bgirlerika4040079541.xml
[2010/02/24 22:57:50 | 000,018,409 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\pretty4angels777296012142.xml
[2010/02/23 23:12:02 | 000,439,808 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\Chooo Online.doc
[2010/02/23 01:30:27 | 000,024,064 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\150 hunt log.doc
[2010/02/21 16:18:33 | 005,210,039 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\jack_359991560262590 - Archive.xml
[2010/02/20 16:53:04 | 000,000,378 | ---- | M] () -- D:\Documents and Settings\Dad\My Documents\lil_michelle_5304278930497.xml
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/20 18:23:30 | 000,000,862 | ---- | C] () -- D:\Documents and Settings\Dad\Desktop\Microsoft Excel.lnk
[2010/03/20 18:23:30 | 000,000,860 | ---- | C] () -- D:\Documents and Settings\Dad\Desktop\Microsoft Word.lnk
[2010/03/20 18:14:55 | 000,000,554 | ---- | C] () -- D:\Documents and Settings\Dad\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/03/20 18:14:55 | 000,000,554 | ---- | C] () -- D:\Documents and Settings\Dad\Desktop\MagicDisc.lnk
[2010/03/20 18:04:14 | 000,001,404 | ---- | C] () -- D:\Documents and Settings\Dad\Desktop\MagicISO.lnk
[2010/03/20 17:43:03 | 000,000,618 | ---- | C] () -- D:\Documents and Settings\Dad\Desktop\WinRAR.lnk
[2010/03/20 11:42:25 | 000,000,817 | ---- | C] () -- D:\Documents and Settings\Dad\Desktop\Spybot - Search & Destroy.lnk
[2010/03/16 04:33:25 | 000,024,064 | ---- | C] () -- D:\Documents and Settings\Dad\My Documents\Biology Portfolio Table of Contents.doc
[2010/03/16 03:45:09 | 000,119,808 | ---- | C] () -- D:\Documents and Settings\Dad\My Documents\portypsowg4.doc
[2010/03/16 02:01:28 | 000,024,576 | ---- | C] () -- D:\Documents and Settings\Dad\My Documents\Verbal Instruction1.doc
[2010/03/16 00:33:07 | 000,016,896 | ---- | C] () -- D:\Documents and Settings\Dad\My Documents\Table of Contents.xls
[2010/03/15 19:08:27 | 000,000,162 | -H-- | C] () -- D:\Documents and Settings\Dad\My Documents\~$tle Page Notes Recovered.doc
[2010/03/15 17:29:57 | 000,000,522 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/03/14 03:12:46 | 000,024,576 | ---- | C] () -- D:\Documents and Settings\Dad\My Documents\Title Page Notes Recovered.doc
[2010/03/14 03:05:59 | 000,024,576 | ---- | C] () -- D:\Documents and Settings\Dad\My Documents\Verbal Instructions.doc
[2010/03/14 01:01:39 | 000,000,162 | -H-- | C] () -- D:\Documents and Settings\Dad\My Documents\~$tle Page Notes.doc
[2010/03/14 00:19:29 | 000,001,204 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.usr
[2010/03/14 00:19:28 | 000,000,507 | ---- | C] () -- C:\WINDOWS\LMABH2DD.ini
[2010/03/14 00:16:20 | 000,065,888 | ---- | C] () -- C:\WINDOWS\System32\LMABH2TH.HLP
[2010/03/14 00:16:07 | 000,000,630 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Lexmark Local Printer Settings Utility.LNK
[2010/03/14 00:15:45 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\LMabpmui.htm
[2010/03/14 00:15:45 | 000,002,978 | ---- | C] () -- C:\WINDOWS\System32\LMabpmui.css
[2010/03/14 00:15:28 | 000,003,500 | ---- | C] () -- C:\WINDOWS\System32\LMab.loc
[2010/03/14 00:15:26 | 000,007,672 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/03/12 21:26:54 | 000,000,586 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/12 21:16:16 | 000,000,354 | ---- | C] () -- D:\Documents and Settings\Dad\Desktop\fix.reg
[2010/03/12 21:13:11 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/03/12 21:13:11 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/03/12 21:13:09 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/03/12 21:13:09 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/03/12 21:13:08 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/03/12 21:13:08 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/03/12 21:08:25 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/03/12 21:08:21 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/03/12 21:08:20 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/03/12 21:08:18 | 000,001,545 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/03/12 21:07:58 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/03/12 20:56:50 | 000,000,329 | ---- | C] () -- D:\Documents and Settings\Dad\Desktop\exefix.reg
[2010/03/12 20:56:20 | 000,000,329 | ---- | C] () -- D:\Documents and Settings\Dad\Desktop\ecefix.reg
[2010/03/12 19:51:58 | 000,015,150 | -HS- | C] () -- D:\Documents and Settings\Dad\Local Settings\Application Data\ysl0U8AKF0i0
[2010/03/09 07:52:10 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010/03/07 21:04:28 | 000,003,284 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCS{828DF857-0552-4536-9557-171CEEA316DB}
[2010/03/07 21:03:28 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{828DF857-0552-4536-9557-171CEEA316DB}
[2010/03/07 21:02:57 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2010/03/07 21:02:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2010/03/07 21:02:33 | 000,016,997 | ---- | C] () -- C:\WINDOWS\System32\ANIO.VXD
[2010/03/07 21:02:14 | 000,001,419 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2010/03/07 21:02:09 | 000,032,811 | ---- | C] () -- C:\WINDOWS\System32\jswscimdpx.cat
[2010/03/07 21:02:09 | 000,032,781 | ---- | C] () -- C:\WINDOWS\System32\jswscimdp.cat
[2010/03/07 21:02:09 | 000,032,368 | ---- | C] () -- C:\WINDOWS\System32\jswscimdx.cat
[2010/03/07 21:02:09 | 000,005,594 | ---- | C] () -- C:\WINDOWS\System32\jswscimdpx.inf
[2010/03/07 21:02:09 | 000,005,529 | ---- | C] () -- C:\WINDOWS\System32\jswscimdp.inf
[2010/03/07 21:02:09 | 000,002,292 | ---- | C] () -- C:\WINDOWS\System32\jswscimdx.inf
[2010/03/07 21:02:08 | 000,032,352 | ---- | C] () -- C:\WINDOWS\System32\jswscimd.cat
[2010/03/07 21:02:08 | 000,002,231 | ---- | C] () -- C:\WINDOWS\System32\jswscimd.inf
[2010/03/01 00:57:12 | 000,002,055 | ---- | C] () -- D:\Documents and Settings\Dad\Desktop\iTunes.lnk
[2010/02/26 15:12:12 | 000,001,550 | ---- | C] () -- D:\Documents and Settings\Dad\Desktop\ICCup Launcher.lnk
[2010/02/25 21:20:37 | 000,145,010 | ---- | C] () -- D:\Documents and Settings\Dad\My Documents\ProblemSet_1.pdf
[2010/02/23 23:12:02 | 000,439,808 | ---- | C] () -- D:\Documents and Settings\Dad\My Documents\Chooo Online.doc
[2010/02/23 21:45:57 | 000,052,400 | ---- | C] () -- D:\Documents and Settings\Dad\My Documents\bgirlerika4040079541.xml
[2010/02/23 01:30:27 | 000,024,064 | ---- | C] () -- D:\Documents and Settings\Dad\My Documents\150 hunt log.doc
[2010/02/21 16:18:30 | 005,210,039 | ---- | C] () -- D:\Documents and Settings\Dad\My Documents\jack_359991560262590 - Archive.xml
[2010/02/20 16:53:04 | 000,000,378 | ---- | C] () -- D:\Documents and Settings\Dad\My Documents\lil_michelle_5304278930497.xml
[2009/04/10 21:47:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\CALPLTDX.INI
[2009/04/10 21:17:13 | 000,000,220 | ---- | C] () -- C:\WINDOWS\OPTIMDX.INI
[2009/04/10 21:07:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AI450.INI
[2009/04/10 21:00:57 | 000,000,646 | ---- | C] () -- C:\WINDOWS\PeakNet.ini
[2009/02/09 17:28:45 | 000,000,126 | ---- | C] () -- D:\Documents and Settings\Dad\Local Settings\Application Data\fusioncache.dat
[2008/07/14 15:37:22 | 000,001,554 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\Services.dat
[2008/07/14 15:37:22 | 000,000,250 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\ActivationInfo.dat
[2008/07/14 15:37:07 | 000,013,615 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\PartnerConfig.dat
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/09 18:18:17 | 000,000,150 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/04/08 22:32:12 | 000,019,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\antispyware.sys
[2008/03/31 14:25:46 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/03/21 13:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 13:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 13:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/03/21 13:28:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/19 16:05:43 | 000,000,169 | ---- | C] () -- D:\Documents and Settings\Dad\Application Data\Wallet.dat.backup
[2008/03/19 16:05:43 | 000,000,169 | ---- | C] () -- D:\Documents and Settings\Dad\Application Data\Wallet.dat
[2008/03/19 16:05:42 | 000,000,242 | ---- | C] () -- D:\Documents and Settings\Dad\Application Data\Privacy.dat.backup
[2008/03/19 16:05:42 | 000,000,242 | ---- | C] () -- D:\Documents and Settings\Dad\Application Data\Privacy.dat
[2008/03/19 00:27:19 | 000,049,528 | ---- | C] () -- D:\Documents and Settings\Dad\Application Data\Firewall.dat.backup
[2008/03/19 00:27:19 | 000,049,528 | ---- | C] () -- D:\Documents and Settings\Dad\Application Data\Firewall.dat
[2008/03/19 00:27:19 | 000,000,147 | ---- | C] () -- D:\Documents and Settings\Dad\Application Data\AdBlocker.dat.backup
[2008/03/19 00:27:19 | 000,000,147 | ---- | C] () -- D:\Documents and Settings\Dad\Application Data\AdBlocker.dat
[2008/03/19 00:20:43 | 000,000,168 | ---- | C] () -- D:\Documents and Settings\Dad\Application Data\Spyware.dat.backup
[2008/03/19 00:20:43 | 000,000,168 | ---- | C] () -- D:\Documents and Settings\Dad\Application Data\Spyware.dat
[2008/03/19 00:20:22 | 000,000,225 | ---- | C] () -- D:\Documents and Settings\Dad\Application Data\freedom.dat.backup
[2008/03/19 00:20:22 | 000,000,225 | ---- | C] () -- D:\Documents and Settings\Dad\Application Data\freedom.dat
[2008/03/19 00:20:03 | 000,001,554 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\Services.dat.backup
[2008/03/19 00:19:55 | 000,013,615 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\PartnerConfig.dat.backup
[2007/06/18 20:03:04 | 000,000,284 | ---- | C] () -- D:\Documents and Settings\Dad\Application Data\ViewerApp.dat
[2007/03/28 21:07:33 | 000,047,616 | ---- | C] () -- D:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/20 14:07:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/01/04 21:31:14 | 000,000,003 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2007/01/01 00:36:31 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/12/31 21:32:43 | 000,000,003 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2006/12/31 17:38:07 | 000,000,246 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/12/31 17:25:42 | 000,034,817 | ---- | C] () -- C:\WINDOWS\System32\32askey.dll
[2006/12/31 16:59:18 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006/12/31 16:59:17 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006/12/31 16:48:17 | 000,057,344 | R--- | C] () -- C:\WINDOWS\System32\PT26F.DLL
[2006/12/31 16:41:17 | 000,000,117 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2006/12/31 16:22:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2006/12/31 16:22:40 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2006/12/31 16:22:40 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2006/12/31 16:22:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2006/12/31 16:22:40 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2006/12/31 15:32:08 | 000,000,023 | ---- | C] () -- C:\WINDOWS\QFP.INI
[2006/12/31 14:59:50 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2006/12/31 14:59:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2006/12/31 14:59:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2006/12/31 03:05:55 | 000,000,070 | ---- | C] () -- C:\WINDOWS\244F6411.ini
[2006/12/31 01:55:05 | 000,000,316 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/12/31 01:55:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2006/12/31 00:42:42 | 000,000,369 | ---- | C] () -- C:\WINDOWS\capture.ini
[2006/10/29 11:34:38 | 000,000,305 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\addr_file.html
[2004/04/03 20:59:57 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/04/02 22:39:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2004/04/02 02:01:12 | 000,002,634 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2004/04/02 01:41:39 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2004/04/01 18:19:26 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2004/02/01 16:47:58 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/01/15 15:57:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI
[2004/01/15 15:56:54 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Approach.ini
[2004/01/15 15:56:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/15 15:53:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2004/01/15 15:44:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/11 21:12:10 | 000,029,697 | ---- | C] () -- C:\WINDOWS\System32\piltsys.dll
[2003/05/11 21:12:10 | 000,024,577 | ---- | C] () -- C:\WINDOWS\System32\mrstkpc.dll
[2003/05/11 21:12:10 | 000,024,577 | ---- | C] () -- C:\WINDOWS\System32\elsxtli.dll
[2003/05/11 21:12:10 | 000,023,553 | ---- | C] () -- C:\WINDOWS\System32\knwug32.dll
[2003/05/11 21:12:10 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\2kno_32.dll
[2003/03/28 14:31:52 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/03/28 14:31:46 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/20 18:51:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[1999/01/04 12:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 01:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[1997/11/14 18:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997/05/13 18:23:00 | 000,000,243 | ---- | C] () -- C:\WINDOWS\acroread.ini
[1996/02/22 18:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1996/01/15 18:23:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll
[1995/09/25 18:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 18:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini

========== LOP Check ==========

[2010/02/11 01:01:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
[2005/02/19 10:12:23 | 000,000,000 | RH-D | M] -- D:\Documents and Settings\All Users\Application Data\Application Data
[2009/04/12 11:15:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Avery
[2009/11/17 21:22:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Azureus
[2007/04/24 20:47:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Bacula
[2006/12/31 18:06:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Bitstream Font Navigator
[2004/04/04 21:05:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2004/04/04 21:04:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/11/16 20:30:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Efofex
[2008/04/08 20:07:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\IDS_COMPANY_NAME
[2008/07/14 15:36:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\logs
[2004/04/01 16:17:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/11/25 21:19:26 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\All Users\Application Data\System Restore
[2008/11/22 18:49:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TELUS
[2010/03/21 10:43:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/09 20:27:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/15 19:49:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/07 23:01:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/03/20 14:02:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\Antispyware
[2010/03/20 17:58:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\Azureus
[2009/09/07 19:34:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\Blitware
[2009/11/16 16:53:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\Design Science
[2009/11/16 20:31:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\Efofex
[2010/01/13 17:06:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\FireShot
[2008/07/14 15:36:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\logs
[2007/04/01 21:36:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\MGI
[2009/02/01 18:21:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\NetMedia Providers
[2008/04/09 18:04:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\Netscape
[2007/03/28 20:50:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\NewspaperDirect
[2010/03/15 17:30:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\Opera
[2009/01/12 21:55:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\Printer Info Cache
[2009/02/01 18:21:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\Publish Providers
[2008/11/22 18:51:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\TELUS
[2008/03/19 00:18:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\test
[2008/03/18 21:11:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Dad\Application Data\X10 Commander

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/04/01 15:24:26 | 000,823,176 | ---- | M] (Microsoft Corporation) -- C:\KeyUpdateTool.exe

< MD5 for: AGP440.SYS >
[2006/12/31 02:09:10 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/22 11:28:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/12/31 02:09:10 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/11/22 11:28:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\i386\AGP440.SYS
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/01/15 14:57:47 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006/12/31 02:09:10 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/22 11:28:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/01/15 14:57:47 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2006/12/31 02:09:10 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/11/22 11:28:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2001/08/23 05:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] () Unable to obtain MD5 -- C:\53a1c9ba8826878aaba3beb7783b5a42\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 03:40:52 | 000,049,152 | ---- | M] () Unable to obtain MD5 -- C:\53a1c9ba8826878aaba3beb7783b5a42\eventlog.dll

< MD5 for: IASTOR.SYS >
[2003/03/03 17:00:00 | 000,201,088 | ---- | M] (Intel Corporation) MD5=18E3972D9632485D80D609D4674F9D83 -- C:\WINDOWS\OemDir\iaStor.sys
[2003/03/03 17:00:00 | 000,201,088 | ---- | M] (Intel Corporation) MD5=18E3972D9632485D80D609D4674F9D83 -- C:\WINDOWS\system32\ReinstallBackups\0035\DriverFiles\iaStor.sys
[2003/07/03 00:00:00 | 000,274,816 | ---- | M] (Intel Corporation) MD5=50B56E7DE809BE4B8F4D24B3F0381520 -- C:\Program Files\Intel\Intel Application Accelerator\Driver\iaStor.sys
[2003/07/03 00:00:00 | 000,274,816 | ---- | M] (Intel Corporation) MD5=50B56E7DE809BE4B8F4D24B3F0381520 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2002/08/29 03:41:08 | 000,399,360 | ---- | M] () Unable to obtain MD5 -- C:\53a1c9ba8826878aaba3beb7783b5a42\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

========== Files - Unicode (All) ==========
[2007/01/05 22:27:42 | 000,069,632 | ---- | C] ()(D:\Documents and Settings\All Users\Documents\?? ??? ????.doc) -- D:\Documents and Settings\All Users\Documents\蘇軾念奴嬌赤壁懷古.doc
[2007/01/05 22:20:15 | 000,069,632 | ---- | M] ()(D:\Documents and Settings\All Users\Documents\?? ??? ????.doc) -- D:\Documents and Settings\All Users\Documents\蘇軾念奴嬌赤壁懷古.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

#6 chaoticflash

New Member

Authentic Member
5 posts

Posted 23 March 2010 - 05:11 PM

There is also suppose to be a firefox log information after IE, but for some reason, every time I try and post it, I get a "the connection was reset". I'm only getting it when the firefox logs are included.

#7 inzanity

♠♠lost♠♠

Malware Team
2,340 posts

Posted 24 March 2010 - 05:50 AM

Hi,

I'm only getting it when the firefox logs are included.

Try posting the logs again but now attach it. Thanks.

--Next--

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty in properly disabling your protective programs, refer to this link - How to Disable your Security Programs

We will re-enable them after we're through.

--Next--

Please go to VirSCAN

Click on Browse.
On the File Upload window, copy/paste the text below into the File name box:
C:\WINDOWS\System32\drivers\PciBus.sys
Click Submit. Allow the file to be scanned. If it says already scanned -- click Reanalyze Now

Repeat the procedure with the following file:
C:\WINDOWS\System32\32askey.dll

Please post the results in your next reply.

--Next--

Can you tell me more about these files (don't double click on them)?
D:\Documents and Settings\Dad\Desktop\fix.reg
D:\Documents and Settings\Dad\Desktop\exefix.reg
D:\Documents and Settings\Dad\Desktop\ecefix.reg

--Next--

Please download DeFogger to your desktop.
Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.

--Next--

Try running GMER again, click on "Files" on the right hand corner to uncheck it, if that fails, try running it in safe mode.
To do this,

Restart your computer.
Keep on tapping f8 when windows starts to boot. Do this before you see the windows screen.
When a list of menu appears, scroll to Safe Mode using the arrow keys then press Enter.

To post in your next reply:
1. OTL log with the firefox section.
2. VirSCAN log.
3. About those .reg files.
4. Defogger log.
5. GMER log.

Proud graduate of WTT Classroom

The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________

#8 inzanity

♠♠lost♠♠

Malware Team
2,340 posts

Posted 27 March 2010 - 06:30 AM

Hi, It's been several days. Do you still need help on this? This thread will be closed if you don't respond within 24 hours.

Proud graduate of WTT Classroom

The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________

#9 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 28 March 2010 - 08:36 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Body Background

skin color theme