Log in

DragonMaster Jay · 16 Re: bds small on Wed Mar 03, 2010 10:55 am

DragonMaster Jay

Site Owner

Please download RootRepeal from GooglePages.com.

Extract the program file to your Desktop.
Run the program RootRepeal.exe.
Click Settings > Options. Drag the slider to High Level. Then, click the Red X.
Go to the Report tab and click on the Scan button.
Select ALL of the checkboxes and then click OK and it will start scanning your system.
If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
When done, click on Save Report
Save it to the Desktop.
Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).

newmin · 17 Re: bds small on Wed Mar 03, 2010 11:50 am

newmin

Member
Member

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/03/04 00:39
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEFB53000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A9E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: icclegvv.sys
Image Path: icclegvv.sys
Address: 0xF8540000 Size: 54016 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEEBEA000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\the\application data\mozilla\firefox\profiles\bkk79tx6.default\places.sqlite-journal
Status: Size mismatch (API: 57968, Raw: 53864)

Path: c:\documents and settings\the\application data\mozilla\firefox\profiles\bkk79tx6.default\sessionstore.js
Status: Size mismatch (API: 4802, Raw: 4568)

Path: C:\Documents and Settings\The\Application Data\Macromedia\Flash Player\#SharedObjects\3BKGB92G\mail.google.com\8CCB018Cd01
Status: Locked to the Windows API!

Path: c:\documents and settings\the\local settings\application data\mozilla\firefox\profiles\bkk79tx6.default\cache\_cache_002_
Status: Size mismatch (API: 247850, Raw: 240611)

Path: c:\documents and settings\the\local settings\application data\mozilla\firefox\profiles\bkk79tx6.default\cache\_cache_003_
Status: Size mismatch (API: 250235, Raw: 236447)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "" at address 0xf8bcd496

#: 053 Function Name: NtCreateThread
Status: Hooked by "" at address 0xf8bcd48c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "" at address 0xf8bcd49b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "" at address 0xf8bcd4a5

#: 098 Function Name: NtLoadKey
Status: Hooked by "" at address 0xf8bcd4aa

#: 122 Function Name: NtOpenProcess
Status: Hooked by "" at address 0xf8bcd478

#: 128 Function Name: NtOpenThread
Status: Hooked by "" at address 0xf8bcd47d

#: 193 Function Name: NtReplaceKey
Status: Hooked by "" at address 0xf8bcd4b4

#: 204 Function Name: NtRestoreKey
Status: Hooked by "" at address 0xf8bcd4af

#: 247 Function Name: NtSetValueKey
Status: Hooked by "" at address 0xf8bcd4a0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "" at address 0xf8bcd487

==EOF==

DragonMaster Jay · 18 Re: bds small on Wed Mar 03, 2010 11:54 am

DragonMaster Jay

Site Owner

Download Win32kDiag from any of the following locations and save it to your Desktop.
- Download Win32kDiag (Win32kDiag.exe) - #1
- Download Win32kDiag (Win32kDiag.exe) - #2
- Download Win32kDiag (Win32kDiag.exe) - #3

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.

When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.

Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

newmin · 19 Re: bds small on Wed Mar 03, 2010 11:35 pm

newmin

Member
Member

Running from: C:\Documents and Settings\The\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\The\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished!

DragonMaster Jay · 20 Re: bds small on Thu Mar 04, 2010 12:52 am

DragonMaster Jay

Site Owner

Hmm...odd.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
At the bottom of the page
- Hidden Objects Only << Selected
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The
log will be saved automatically in the same folder Sysprot.exe was
extracted to. Open the text file and copy/paste the log here.

DragonMaster Jay · 21 Re: bds small on Thu Mar 04, 2010 1:05 am

DragonMaster Jay

Site Owner

Do this too please:

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
nvstor.sys
nvstor32.sys
atapi.sys
explorer.exe
svchost.exe
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

newmin · 22 Re: bds small on Fri Mar 05, 2010 7:42 pm

newmin

Member
Member

SysProt AntiRootkit v1.0.1.0
by swatkat

****************************************************************************************
****************************************************************************************

No Hidden Processes found

****************************************************************************************
****************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: EFB53000
Module End: EFB6B000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F8AA0000
Module End: F8AA2000
Hidden: Yes

****************************************************************************************
****************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F8C73246
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwCreateThread
Address: F8C7323C
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwDeleteKey
Address: F8C7324B
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwDeleteValueKey
Address: F8C73255
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwLoadKey
Address: F8C7325A
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwOpenProcess
Address: F8C73228
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwOpenThread
Address: F8C7322D
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwReplaceKey
Address: F8C73264
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwRestoreKey
Address: F8C7325F
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwSetValueKey
Address: F8C73250
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwTerminateProcess
Address: F8C73237
Driver Base: 0
Driver End: 0
Driver Name: unknown

**

=====================================

newmin · 23 Re: bds small on Fri Mar 05, 2010 8:07 pm

newmin

Member
Member

OTL logfile created on: 3/6/2010 12:50:58 AM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\The\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 288.00 Mb Available Physical Memory | 57.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 16.59 Gb Free Space | 56.65% Space Free | Partition Type: NTFS
Drive D: | 45.23 Gb Total Space | 21.07 Gb Free Space | 46.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 33B6E9694C134FE
Current User Name: The
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/06 00:41:50 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The\Desktop\OTL.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/10 11:51:39 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/03 23:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/25 16:37:32 | 002,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/10/25 16:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/10/25 16:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/01/01 21:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2010/03/06 00:41:50 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The\Desktop\OTL.exe
MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2006/01/13 01:10:05 | 001,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-flv"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-flv"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.5.1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.1.20080801
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/22 02:29:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 14:35:26 | 000,000,000 | ---D | M]

[2008/11/12 14:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The\Application Data\Mozilla\Extensions
[2010/03/06 00:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The\Application Data\Mozilla\Firefox\Profiles\bkk79tx6.default\extensions
[2008/11/12 14:35:53 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\The\Application Data\Mozilla\Firefox\Profiles\bkk79tx6.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2008/11/16 10:44:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\The\Application Data\Mozilla\Firefox\Profiles\bkk79tx6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/06 00:44:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/28 14:28:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931 (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\The\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/06 20:33:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/06 00:41:46 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The\Desktop\OTL.exe
[2010/03/06 00:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The\Desktop\SysProt
[2010/03/05 18:00:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\The\Recent
[2010/03/02 22:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The\Application Data\Malwarebytes
[2010/03/02 22:32:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/02 22:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/02 22:31:56 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/02 22:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/02 15:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The\Application Data\PrimoPDF
[2010/03/02 15:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/03/02 01:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The\System
[2010/03/02 01:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The\Application Data\SmartDraw
[2010/03/02 01:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\SmartDraw 2010
[2010/03/01 23:28:09 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\The\Desktop\mbam-setup.exe
[2010/03/01 07:00:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/01 06:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The\Desktop\New Folder (2)
[2010/02/28 14:26:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/28 14:19:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/26 00:10:57 | 000,000,000 | ---D | C] -- C:\Commy
[2010/02/24 05:08:35 | 000,000,000 | ---D | C] -- C:\Rooter$
[2010/02/24 05:08:08 | 000,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\The\Desktop\Rooter.exe
[2010/02/24 01:48:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/24 01:46:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/24 01:46:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/24 01:46:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/24 01:46:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/24 01:46:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/22 09:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The\Local Settings\Application Data\Apple Computer
[2010/02/20 15:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/02/20 15:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/02/20 14:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The\Desktop\New Folder
[2010/02/09 00:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/09 00:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/25 20:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/11/06 20:36:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/11/06 20:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/06 20:36:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/06 20:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\The\*.tmp files -> C:\Documents and Settings\The\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/06 00:49:32 | 000,123,392 | ---- | M] () -- C:\Documents and Settings\The\Desktop\3.doc
[2010/03/06 00:41:50 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The\Desktop\OTL.exe
[2010/03/06 00:25:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/06 00:13:57 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/03/06 00:12:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/06 00:12:36 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/03/06 00:12:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/06 00:12:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/06 00:12:27 | 527,880,192 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/05 21:02:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/05 18:01:10 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\The\NTUSER.DAT
[2010/03/05 18:00:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\The\ntuser.ini
[2010/03/05 17:11:01 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/03/05 17:03:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1547161642-725345543-1003UA.job
[2010/03/05 01:17:52 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/04 18:03:02 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1547161642-725345543-1003Core.job
[2010/03/04 12:29:28 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\The\Desktop\Win32kDiag.exe
[2010/03/04 01:03:00 | 000,075,712 | ---- | M] () -- C:\Documents and Settings\The\Desktop\eye.jpg
[2010/03/04 00:43:09 | 000,963,966 | ---- | M] () -- C:\Documents and Settings\The\Desktop\IMG_3385.JPG
[2010/03/03 23:18:16 | 000,190,464 | ---- | M] () -- C:\Documents and Settings\The\Desktop\eye.doc
[2010/03/03 18:33:10 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\The\My Documents\link.doc
[2010/03/03 00:32:40 | 000,150,518 | ---- | M] () -- C:\Documents and Settings\The\Desktop\Video call snapshot 19.png
[2010/03/03 00:16:11 | 000,136,029 | ---- | M] () -- C:\Documents and Settings\The\Desktop\Video call snapshot 17.png
[2010/03/03 00:14:55 | 000,126,697 | ---- | M] () -- C:\Documents and Settings\The\Desktop\Video call snapshot 14.png
[2010/03/03 00:13:23 | 000,122,329 | ---- | M] () -- C:\Documents and Settings\The\Desktop\Video call snapshot 12.png
[2010/03/03 00:12:45 | 000,126,552 | ---- | M] () -- C:\Documents and Settings\The\Desktop\Video call snapshot 11.png
[2010/03/02 22:32:06 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/02 15:20:59 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/03/02 15:20:33 | 000,000,314 | ---- | M] () -- C:\WINDOWS\primopdf.ini
[2010/03/02 15:00:37 | 000,937,472 | ---- | M] () -- C:\Documents and Settings\The\Desktop\Proposal-R.doc
[2010/03/02 13:29:00 | 000,109,931 | ---- | M] () -- C:\Documents and Settings\The\Desktop\Capture.jpg
[2010/03/02 11:26:13 | 001,166,848 | ---- | M] () -- C:\Documents and Settings\The\Desktop\Proposal.doc
[2010/03/02 10:19:39 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\The\Desktop\ganttchart.xls
[2010/03/02 10:19:32 | 000,133,218 | ---- | M] () -- C:\Documents and Settings\The\Desktop\ganttchart.JPG
[2010/03/02 02:03:04 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\The\Desktop\ENG 499 Ghant Chart 2.xls
[2010/03/02 01:08:36 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\The\Desktop\SmartDraw 2010.lnk
[2010/03/01 23:28:09 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\The\Desktop\mbam-setup.exe
[2010/03/01 03:11:40 | 000,032,129 | ---- | M] () -- C:\Documents and Settings\The\Desktop\avatar_character.jpg
[2010/02/28 14:28:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/28 14:28:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/28 14:15:47 | 004,309,504 | ---- | M] () -- C:\Documents and Settings\The\Desktop\FINAL of the finals report.doc
[2010/02/28 07:13:00 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/24 05:08:08 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\The\Desktop\Rooter.exe
[2010/02/24 03:53:17 | 006,420,678 | -H-- | M] () -- C:\Documents and Settings\The\Local Settings\Application Data\IconCache.db
[2010/02/24 01:48:06 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/24 01:40:18 | 003,870,177 | R--- | M] () -- C:\Documents and Settings\The\Desktop\ComboFix.exe
[2010/02/23 02:28:40 | 000,646,144 | ---- | M] () -- C:\Documents and Settings\The\Desktop\KSLT_gantry_to_support_in_PMCAL_Time_reduction_in_SGP.DOC
[2010/02/22 02:45:57 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\The\Desktop\Long Term Pass- Pending........bmp
[2010/02/20 16:15:20 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\expressburnSevenDaysInit.job
[2010/02/20 03:36:11 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\The\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\The\*.tmp files -> C:\Documents and Settings\The\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/04 12:29:27 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\The\Desktop\Win32kDiag.exe
[2010/03/04 09:31:02 | 000,075,712 | ---- | C] () -- C:\Documents and Settings\The\Desktop\eye.jpg
[2010/03/04 00:43:08 | 000,963,966 | ---- | C] () -- C:\Documents and Settings\The\Desktop\IMG_3385.JPG
[2010/03/03 23:18:15 | 000,190,464 | ---- | C] () -- C:\Documents and Settings\The\Desktop\eye.doc
[2010/03/03 18:33:10 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\The\My Documents\link.doc
[2010/03/03 00:35:56 | 000,122,329 | ---- | C] () -- C:\Documents and Settings\The\Desktop\Video call snapshot 12.png
[2010/03/03 00:35:34 | 000,150,518 | ---- | C] () -- C:\Documents and Settings\The\Desktop\Video call snapshot 19.png
[2010/03/03 00:35:20 | 000,126,697 | ---- | C] () -- C:\Documents and Settings\The\Desktop\Video call snapshot 14.png
[2010/03/03 00:34:54 | 000,126,552 | ---- | C] () -- C:\Documents and Settings\The\Desktop\Video call snapshot 11.png
[2010/03/03 00:34:24 | 000,136,029 | ---- | C] () -- C:\Documents and Settings\The\Desktop\Video call snapshot 17.png
[2010/03/02 22:32:06 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/02 15:20:59 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/03/02 15:20:34 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/03/02 13:31:28 | 000,109,931 | ---- | C] () -- C:\Documents and Settings\The\Desktop\Capture.jpg
[2010/03/02 11:25:16 | 001,166,848 | ---- | C] () -- C:\Documents and Settings\The\Desktop\Proposal.doc
[2010/03/02 10:19:31 | 000,133,218 | ---- | C] () -- C:\Documents and Settings\The\Desktop\ganttchart.JPG
[2010/03/02 01:08:35 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\The\Desktop\SmartDraw 2010.lnk
[2010/03/02 01:08:35 | 000,000,476 | ---- | C] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/03/02 01:02:51 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\The\Desktop\ENG 499 Ghant Chart 2.xls
[2010/03/01 19:07:38 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\The\Desktop\ganttchart.xls
[2010/03/01 19:03:05 | 001,663,933 | ---- | C] () -- C:\Documents and Settings\The\Desktop\P1010559.JPG
[2010/03/01 03:11:39 | 000,032,129 | ---- | C] () -- C:\Documents and Settings\The\Desktop\avatar_character.jpg
[2010/02/28 14:15:41 | 004,309,504 | ---- | C] () -- C:\Documents and Settings\The\Desktop\FINAL of the finals report.doc
[2010/02/28 14:15:26 | 000,937,472 | ---- | C] () -- C:\Documents and Settings\The\Desktop\Proposal-R.doc
[2010/02/27 17:11:24 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/02/24 01:48:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/24 01:48:01 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/24 01:46:46 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/24 01:46:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/24 01:46:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/24 01:46:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/24 01:46:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/24 01:40:02 | 003,870,177 | R--- | C] () -- C:\Documents and Settings\The\Desktop\ComboFix.exe
[2010/02/23 13:19:07 | 000,123,392 | ---- | C] () -- C:\Documents and Settings\The\Desktop\3.doc
[2010/02/23 02:28:40 | 000,646,144 | ---- | C] () -- C:\Documents and Settings\The\Desktop\KSLT_gantry_to_support_in_PMCAL_Time_reduction_in_SGP.DOC
[2010/02/22 02:45:57 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\The\Desktop\Long Term Pass- Pending........bmp
[2010/02/20 15:24:08 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\expressburnSevenDaysInit.job
[2009/07/31 01:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/11/28 21:47:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/11/28 21:39:47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX2900EC.ini
[2008/11/08 11:05:08 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/06 22:19:53 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\The\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/06 20:39:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/01/13 02:02:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/13 01:55:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/01/13 01:52:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2006/01/13 01:52:17 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/13 01:40:44 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/01/13 01:40:28 | 001,040,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/01/13 01:39:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/01/13 01:38:40 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2006/01/13 01:33:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/01/13 01:33:47 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMinfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/02/20 15:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/12/27 18:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2008/11/28 21:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/03/02 15:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The\Application Data\PrimoPDF
[2010/03/02 02:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The\Application Data\SmartDraw
[2010/02/20 16:15:20 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnSevenDaysInit.job
[2010/03/05 17:11:01 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2010/03/06 00:12:36 | 000,000,476 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
[2010/03/06 00:13:57 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: ATAPI.SYS >
[2006/01/13 02:01:46 | 008,686,921 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2006/01/06 15:53:12 | 000,095,616 | ---- | M] (Microsoft Corporation) MD5=C4B52426B79C6F6664B70B8E63B1B837 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2006/01/06 15:53:12 | 000,095,616 | ---- | M] (Microsoft Corporation) MD5=C4B52426B79C6F6664B70B8E63B1B837 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2006/01/13 01:31:39 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2006/01/13 01:31:39 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467$\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\DllCache\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2006/01/13 01:59:53 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/01/13 01:22:33 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2006/01/13 01:22:33 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2006/01/13 01:38:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2006/01/13 01:38:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< %systemroot%\system32\*.dll /lockedfiles >
[2009/12/22 05:35:05 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/12/22 05:35:05 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >

===============================================
OTL Extras logfile created on: 3/6/2010 12:50:58 AM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\The\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 288.00 Mb Available Physical Memory | 57.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 16.59 Gb Free Space | 56.65% Space Free | Partition Type: NTFS
Drive D: | 45.23 Gb Total Space | 21.07 Gb Free Space | 46.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 33B6E9694C134FE
Current User Name: The
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Documents and Settings\The\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\The\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\The\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\The\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESCX2800_2900 User's Guide" = ESCX2800_2900 User's Guide
"ExpressBurn" = Express Burn
"FLV Player" = FLV Player 2.0 (build 25)
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"QuicktimeAlt_is1" = QuickTime Alternative 1.67
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SmartDraw 2010" = SmartDraw 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/1/2010 4:12:23 PM | Computer Name = 33B6E9694C134FE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 3/1/2010 4:39:17 PM | Computer Name = 33B6E9694C134FE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 3/2/2010 5:29:58 AM | Computer Name = 33B6E9694C134FE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was C0000005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/2/2010 6:27:17 AM | Computer Name = 33B6E9694C134FE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 3/2/2010 7:39:33 PM | Computer Name = 33B6E9694C134FE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was C0000005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/3/2010 10:32:17 AM | Computer Name = 33B6E9694C134FE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was C0000005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/3/2010 5:05:00 PM | Computer Name = 33B6E9694C134FE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was C0000005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/4/2010 5:27:14 AM | Computer Name = 33B6E9694C134FE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was C0000005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/4/2010 12:24:52 PM | Computer Name = 33B6E9694C134FE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was C0000005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/5/2010 5:02:50 PM | Computer Name = 33B6E9694C134FE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was C0000005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 2/26/2010 3:56:57 AM | Computer Name = 33B6E9694C134FE | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/28/2010 10:19:37 AM | Computer Name = 33B6E9694C134FE | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/28/2010 10:21:39 AM | Computer Name = 33B6E9694C134FE | Source = Service Control Manager | ID = 7034
Description = The SoundMAX Agent Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/28/2010 10:21:39 AM | Computer Name = 33B6E9694C134FE | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/28/2010 10:21:40 AM | Computer Name = 33B6E9694C134FE | Source = Service Control Manager | ID = 7034
Description = The LVCOMSer service terminated unexpectedly. It has done this 1
time(s).

Error - 2/28/2010 10:21:40 AM | Computer Name = 33B6E9694C134FE | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/28/2010 10:21:40 AM | Computer Name = 33B6E9694C134FE | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/28/2010 10:21:40 AM | Computer Name = 33B6E9694C134FE | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

Error - 3/2/2010 7:39:08 PM | Computer Name = 33B6E9694C134FE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 3/3/2010 5:33:47 PM | Computer Name = 33B6E9694C134FE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

< End of report >

DragonMaster Jay · 24 Re: bds small on Sat Mar 06, 2010 1:36 am

DragonMaster Jay

Site Owner

Please run a scan with Avira and post its log.

newmin · 25 Re: bds small on Sat Mar 06, 2010 5:29 am

newmin

Member
Member

Avira AntiVir Personal
Report file date: Saturday, March 06, 2010 17:16

Scanning for 1820270 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : 33B6E9694C134FE

Version information:
BUILD.DAT : 9.0.0.419 21701 Bytes 1/22/2010 18:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 11:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 10:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 11:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 10:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 07:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 18:18:57
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 13:19:29
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 08:52:01
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 00:15:40
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 00:15:41
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 00:15:42
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 00:15:42
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 00:15:43
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 00:15:43
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 00:15:44
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 00:15:44
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 00:15:45
VBASE013.VDF : 7.10.4.212 2048 Bytes 3/5/2010 00:15:45
VBASE014.VDF : 7.10.4.213 2048 Bytes 3/5/2010 00:15:45
VBASE015.VDF : 7.10.4.214 2048 Bytes 3/5/2010 00:15:46
VBASE016.VDF : 7.10.4.215 2048 Bytes 3/5/2010 00:15:46
VBASE017.VDF : 7.10.4.216 2048 Bytes 3/5/2010 00:15:47
VBASE018.VDF : 7.10.4.217 2048 Bytes 3/5/2010 00:15:47
VBASE019.VDF : 7.10.4.218 2048 Bytes 3/5/2010 00:15:48
VBASE020.VDF : 7.10.4.219 2048 Bytes 3/5/2010 00:15:49
VBASE021.VDF : 7.10.4.220 2048 Bytes 3/5/2010 00:15:50
VBASE022.VDF : 7.10.4.221 2048 Bytes 3/5/2010 00:15:50
VBASE023.VDF : 7.10.4.222 2048 Bytes 3/5/2010 00:15:51
VBASE024.VDF : 7.10.4.223 2048 Bytes 3/5/2010 00:15:51
VBASE025.VDF : 7.10.4.224 2048 Bytes 3/5/2010 00:15:52
VBASE026.VDF : 7.10.4.225 2048 Bytes 3/5/2010 00:15:52
VBASE027.VDF : 7.10.4.226 2048 Bytes 3/5/2010 00:15:53
VBASE028.VDF : 7.10.4.227 2048 Bytes 3/5/2010 00:15:53
VBASE029.VDF : 7.10.4.228 2048 Bytes 3/5/2010 00:15:54
VBASE030.VDF : 7.10.4.229 2048 Bytes 3/5/2010 00:15:54
VBASE031.VDF : 7.10.4.233 25088 Bytes 3/5/2010 00:15:56
Engineversion : 8.2.1.180
AEVDF.DLL : 8.1.1.3 106868 Bytes 1/23/2010 13:20:05
AEscript.DLL : 8.1.3.17 1032570 Bytes 2/26/2010 10:53:37
AESCN.DLL : 8.1.5.0 127347 Bytes 2/26/2010 10:53:35
AESBX.DLL : 8.1.2.0 254323 Bytes 2/26/2010 10:53:39
AERDL.DLL : 8.1.4.2 479602 Bytes 2/14/2010 02:16:38
AEPACK.DLL : 8.2.1.0 426356 Bytes 3/3/2010 18:51:23
AEOFFICE.DLL : 8.1.0.39 196987 Bytes 2/20/2010 10:45:58
AEHEUR.DLL : 8.1.1.7 2326902 Bytes 2/20/2010 10:45:56
AEHELP.DLL : 8.1.10.1 237942 Bytes 2/26/2010 10:53:34
AEGEN.DLL : 8.1.2.0 373107 Bytes 2/26/2010 10:53:32
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 07:38:26
AECORE.DLL : 8.1.12.2 188790 Bytes 3/3/2010 18:51:21
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 07:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 15:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 2/18/2010 09:06:11
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 10:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 15:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 10:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 08:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 10:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 15:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 12:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Saturday, March 06, 2010 17:16

Starting search for hidden objects.
'34985' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'googletalk.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '50' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Qoobox\Quarantine\C\Documents and Settings\Start Menu\Programs\Startup\siszyd32.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bredolab.bps back-door program
C:\Qoobox\Quarantine\C\Documents and Settings\The\Start Menu\Programs\Startup\_siszyd32_.exe.zip
[0] Archive type: ZIP
--> siszyd32.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bredolab.bps back-door program
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.iuj back-door program
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_saishci_.sys.zip
[0] Archive type: ZIP
--> saishci.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{899DB6A9-F886-48E9-84A7-5D3108CF06F3}\RP101\A0013325.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bredolab.bps back-door program
C:\System Volume Information\_restore{899DB6A9-F886-48E9-84A7-5D3108CF06F3}\RP106\A0014154.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.iuj back-door program
C:\System Volume Information\_restore{899DB6A9-F886-48E9-84A7-5D3108CF06F3}\RP108\A0014388.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{899DB6A9-F886-48E9-84A7-5D3108CF06F3}\RP109\A0014432.sys
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{899DB6A9-F886-48E9-84A7-5D3108CF06F3}\RP54\A0004332.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
C:\WINDOWS\system32\cmdow.exe
[DETECTION] Contains recognition pattern of the APPL/HideWindows.31232.1 application
Begin scan in 'D:\'
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP783\A0053832.inf
[DETECTION] Is the TR/AutorunINF.662 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP783\A0053867.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lj.4 INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP783\A0053898.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lj.4 INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP783\A0053993.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.PZN.1 worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP783\A0054051.inf
[DETECTION] Is the TR/AutorunINF.572.1 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP784\A0054063.inf
[DETECTION] Is the TR/AutorunINF.572.1 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP785\A0054183.inf
[DETECTION] Is the TR/AutorunINF.572.1 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP785\A0054221.inf
[DETECTION] Is the TR/AutorunINF.569 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP785\A0055250.inf
[DETECTION] Is the TR/AutorunINF.569 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP786\A0055272.inf
[DETECTION] Is the TR/AutorunINF.569 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP786\A0055304.inf
[DETECTION] Is the TR/AutorunINF.572.1 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP786\A0055366.inf
[DETECTION] Is the TR/AutorunINF.572.1 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP786\A0055402.inf
[DETECTION] Is the TR/AutorunINF.572.1 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP786\A0055462.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.ks INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP787\A0055493.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.le INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP787\A0055525.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.ks INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP787\A0055553.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.le INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP787\A0055580.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.le INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP788\A0055592.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.le INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP788\A0055632.inf
[DETECTION] Is the TR/AutorunINF.417 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP788\A0055779.inf
[DETECTION] Is the TR/AutorunINF.417 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP789\A0055833.inf
[DETECTION] Is the TR/AutorunINF.417 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP789\A0055925.inf
[DETECTION] Is the TR/AutorunINF.468.1 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP789\A0055987.inf
[DETECTION] Is the TR/AutorunINF.468.1 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP790\A0056014.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.qpy worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP790\A0056046.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.qpy worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP790\A0056076.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.le INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP791\A0056087.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.qpy worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP792\A0056248.inf
[DETECTION] Is the TR/AutorunINF.442 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP792\A0056293.inf
[DETECTION] Is the TR/AutorunINF.567 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP792\A0056335.inf
[DETECTION] Is the TR/AutorunINF.442 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP792\A0056379.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.qwl.1 worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP792\A0056429.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.qwl.1 worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP792\A0056455.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.VFT.2 worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP792\A0056516.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.VFT.2 worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP793\A0056539.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.qwl.1 worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP793\A0056569.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.qwl.1 worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP793\A0056594.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.VFT.2 worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP793\A0056640.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.VFT.2 worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP794\A0056651.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.rwk worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP794\A0056715.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.rwk worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP795\A0056736.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.rwk worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP795\A0056765.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.rwk worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP795\A0056797.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.rwk worm
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP796\A0056817.inf
[DETECTION] Is the TR/AutorunINF.494 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP796\A0056858.inf
[DETECTION] Is the TR/AutorunINF.494 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP797\A0056865.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP797\A0057864.inf
[DETECTION] Is the TR/AutorunINF.494 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP798\A0057878.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP798\A0057928.inf
[DETECTION] Is the TR/AutorunINF.494 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP799\A0058004.inf
[DETECTION] Is the TR/AutorunINF.494 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP800\A0058067.inf
[DETECTION] Is the TR/AutorunINF.494 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP800\A0058101.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP800\A0058137.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP801\A0058155.inf
[DETECTION] Is the TR/AutorunINF.494 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP801\A0058190.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP801\A0058230.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP801\A0058271.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP801\A0058302.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP801\A0058350.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP802\A0058363.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP802\A0058395.inf
[DETECTION] Is the TR/AutorunINF.438 Trojan
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP802\A0058435.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP803\A0058457.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP804\A0058855.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP804\A0058883.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP804\A0058896.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
D:\System Volume Information\_restore{899DB6A9-F886-48E9-84A7-5D3108CF06F3}\RP54\A0004333.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus

Beginning disinfection:
C:\Qoobox\Quarantine\C\Documents and Settings\The\Start Menu\Programs\Startup\siszyd32.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bredolab.bps back-door program
[NOTE] The file was moved to '4c059d0a.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\The\Start Menu\Programs\Startup\_siszyd32_.exe.zip
[NOTE] The file was moved to '4bfb9d15.qua'
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.iuj back-door program
[NOTE] The file was moved to '4c029d1a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_saishci_.sys.zip
[NOTE] The file was moved to '4bf39d15.qua'!
C:\System Volume Information\_restore{899DB6A9-F886-48E9-84A7-5D3108CF06F3}\RP101\A0013325.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bredolab.bps back-door program
[NOTE] The file was moved to '4bc29cd2.qua'!
C:\System Volume Information\_restore{899DB6A9-F886-48E9-84A7-5D3108CF06F3}\RP106\A0014154.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.iuj back-door program
[NOTE] The file was moved to '4fe54923.qua'!
C:\System Volume Information\_restore{899DB6A9-F886-48E9-84A7-5D3108CF06F3}\RP108\A0014388.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4fe12a03.qua'!
C:\System Volume Information\_restore{899DB6A9-F886-48E9-84A7-5D3108CF06F3}\RP109\A0014432.sys
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4fe75ab3.qua'!
C:\System Volume Information\_restore{899DB6A9-F886-48E9-84A7-5D3108CF06F3}\RP54\A0004332.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '4fe033db.qua'!
C:\WINDOWS\system32\cmdow.exe
[DETECTION] Contains recognition pattern of the APPL/HideWindows.31232.1 application
[NOTE] The file was moved to '4bf69d0f.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP783\A0053832.inf
[DETECTION] Is the TR/AutorunINF.662 Trojan
[NOTE] The file was moved to '4db6447b.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP783\A0053867.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lj.4 INF virus
[NOTE] The file was moved to '4dba6b1b.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP783\A0053898.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lj.4 INF virus
[NOTE] The file was moved to '4fea416b.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP783\A0053993.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.PZN.1 worm
[NOTE] The file was moved to '4cc594b3.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP783\A0054051.inf
[DETECTION] Is the TR/AutorunINF.572.1 Trojan
[NOTE] The file was moved to '4db56cd3.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP784\A0054063.inf
[DETECTION] Is the TR/AutorunINF.572.1 Trojan
[NOTE] The file was moved to '4d35663b.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP785\A0054183.inf
[DETECTION] Is the TR/AutorunINF.572.1 Trojan
[NOTE] The file was moved to '4bc29cd3.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP785\A0054221.inf
[DETECTION] Is the TR/AutorunINF.569 Trojan
[NOTE] The file was moved to '4d246484.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP785\A0055250.inf
[DETECTION] Is the TR/AutorunINF.569 Trojan
[NOTE] The file was moved to '4db894e4.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP786\A0055272.inf
[DETECTION] Is the TR/AutorunINF.569 Trojan
[NOTE] The file was moved to '4d3b9e64.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP786\A0055304.inf
[DETECTION] Is the TR/AutorunINF.572.1 Trojan
[NOTE] The file was moved to '4db9932c.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP786\A0055366.inf
[DETECTION] Is the TR/AutorunINF.572.1 Trojan
[NOTE] The file was moved to '4dbe8b14.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP786\A0055402.inf
[DETECTION] Is the TR/AutorunINF.572.1 Trojan
[NOTE] The file was moved to '4dbf835c.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP786\A0055462.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.ks INF virus
[NOTE] The file was moved to '4dbcbb84.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP787\A0055493.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.le INF virus
[NOTE] The file was moved to '4dbdb3cc.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP787\A0055525.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.ks INF virus
[NOTE] The file was moved to '4d42aa34.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP787\A0055553.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.le INF virus
[NOTE] The file was moved to '4d43a27c.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP787\A0055580.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.le INF virus
[NOTE] The file was moved to '4d40daa4.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP788\A0055592.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.le INF virus
[NOTE] The file was moved to '4d41d2ec.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP788\A0055632.inf
[DETECTION] Is the TR/AutorunINF.417 Trojan
[NOTE] The file was moved to '4d46cad4.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP788\A0055779.inf
[DETECTION] Is the TR/AutorunINF.417 Trojan
[NOTE] The file was moved to '4d47c11c.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP789\A0055833.inf
[DETECTION] Is the TR/AutorunINF.417 Trojan
[NOTE] The file was moved to '4d44f944.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP789\A0055925.inf
[DETECTION] Is the TR/AutorunINF.468.1 Trojan
[NOTE] The file was moved to '4d45f18c.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP789\A0055987.inf
[DETECTION] Is the TR/AutorunINF.468.1 Trojan
[NOTE] The file was moved to '4d4ae9f4.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP790\A0056014.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.qpy worm
[NOTE] The file was moved to '4d4be03c.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP790\A0056046.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.qpy worm
[NOTE] The file was moved to '4d481864.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP790\A0056076.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.le INF virus
[NOTE] The file was moved to '4d4910ac.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP791\A0056087.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.qpy worm
[NOTE] The file was moved to '4d4e0894.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP792\A0056248.inf
[DETECTION] Is the TR/AutorunINF.442 Trojan
[NOTE] The file was moved to '4d4f00dc.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP792\A0056293.inf
[DETECTION] Is the TR/AutorunINF.567 Trojan
[NOTE] The file was moved to '4d4c3f04.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP792\A0056335.inf
[DETECTION] Is the TR/AutorunINF.442 Trojan
[NOTE] The file was moved to '4d4d374c.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP792\A0056379.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.qwl.1 worm
[NOTE] The file was moved to '4d522fb4.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP792\A0056429.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.qwl.1 worm
[NOTE] The file was moved to '4d5327fc.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP792\A0056455.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.VFT.2 worm
[NOTE] The file was moved to '4d505e24.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP792\A0056516.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.VFT.2 worm
[NOTE] The file was moved to '4d51566c.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP793\A0056539.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.qwl.1 worm
[NOTE] The file was moved to '4d564e54.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP793\A0056569.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.qwl.1 worm
[NOTE] The file was moved to '4d57469c.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP793\A0056594.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.VFT.2 worm
[NOTE] The file was moved to '4d547ec4.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP793\A0056640.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.VFT.2 worm
[NOTE] The file was moved to '4d55750c.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP794\A0056651.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.rwk worm
[NOTE] The file was moved to '4d5a6d74.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP794\A0056715.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.rwk worm
[NOTE] The file was moved to '4d5b65bc.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP795\A0056736.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.rwk worm
[NOTE] The file was moved to '4d599de4.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP795\A0056765.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.rwk worm
[NOTE] The file was moved to '4d5e942c.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP795\A0056797.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.rwk worm
[NOTE] The file was moved to '4d5f8c14.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP796\A0056817.inf
[DETECTION] Is the TR/AutorunINF.494 Trojan
[NOTE] The file was moved to '4d5c845c.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP796\A0056858.inf
[DETECTION] Is the TR/AutorunINF.494 Trojan
[NOTE] The file was moved to '485e0c0c.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP797\A0056865.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '485f0474.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP797\A0057864.inf
[DETECTION] Is the TR/AutorunINF.494 Trojan
[NOTE] The file was moved to '485c3cbc.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP798\A0057878.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '485d34e4.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP798\A0057928.inf
[DETECTION] Is the TR/AutorunINF.494 Trojan
[NOTE] The file was moved to '4862332c.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP799\A0058004.inf
[DETECTION] Is the TR/AutorunINF.494 Trojan
[NOTE] The file was moved to '48632b14.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP800\A0058067.inf
[DETECTION] Is the TR/AutorunINF.494 Trojan
[NOTE] The file was moved to '4bc29cd4.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP800\A0058101.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '48615b85.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP800\A0058137.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '486653cd.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP801\A0058155.inf
[DETECTION] Is the TR/AutorunINF.494 Trojan
[NOTE] The file was moved to '48674a35.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP801\A0058190.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '4864427d.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP801\A0058230.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '4d68e93d.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP801\A0058271.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '4d69e165.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP801\A0058302.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '486b6ad5.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP801\A0058350.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '4868611d.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP802\A0058363.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '486e9945.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP802\A0058395.inf
[DETECTION] Is the TR/AutorunINF.438 Trojan
[NOTE] The file was moved to '486f918d.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP802\A0058435.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '486c89f5.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP803\A0058457.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '4d7330b5.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP804\A0058855.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '4872b865.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP804\A0058883.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '4870d5bd.qua'!
D:\System Volume Information\_restore{5DAA2F35-8F28-460A-9E4B-C5017220F276}\RP804\A0058896.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '4871cde5.qua'!
D:\System Volume Information\_restore{899DB6A9-F886-48E9-84A7-5D3108CF06F3}\RP54\A0004333.inf
[DETECTION] Contains recognition pattern of the INF/AutoRun.lg INF virus
[NOTE] The file was moved to '4876c42d.qua'!

End of the scan: Saturday, March 06, 2010 18:19
Used time: 1:02:13 Hour(s)

The scan has been done completely.

4986 Scanned directories
294630 Files were scanned
78 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
78 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
294550 Files not concerned
1832 Archives were scanned
2 Warnings
80 Notes
34985 Objects were scanned with rootkit scan
0 Hidden objects were found

DragonMaster Jay · 26 Re: bds small on Sat Mar 06, 2010 8:58 am

DragonMaster Jay

Site Owner

I think the computer is clean. Smile

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

newmin · 27 Re: bds small on Sun Mar 07, 2010 10:36 am

newmin

Member
Member

Thank you very much. Here is the log. Please let me know actions I need to take, if any.

Malwarebytes' Anti-Malware 1.44
Database version: 3831
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3/7/2010 11:28:07 PM
mbam-log-2010-03-07 (23-28-07).txt

Scan type: Quick Scan
Objects scanned: 114821
Time elapsed: 9 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DragonMaster Jay · 28 Re: bds small on Sun Mar 07, 2010 3:22 pm

DragonMaster Jay

Site Owner

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

newmin · 29 Re: bds small on Mon Mar 08, 2010 12:15 am

newmin

Member
Member

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 10
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0.5
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

DragonMaster Jay · 30 Re: bds small on Mon Mar 08, 2010 2:27 pm

DragonMaster Jay

Site Owner

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: http://www.geekpolice.net/operating-systems-f20/windows-xp-service-pack-3-information-t16956.htm

=======

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

====

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

SpywareBlaster
SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
Spybot - Search & Destroy.
Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

Firefox may be downloaded from here: http://www.getfirefox.com
Opera is available here: http://www.opera.com/download/

See this page for more info about malware and prevention.

Please leave feedback for The Ultimate Geek TaskForce! by going here

16 Re: bds small on Wed Mar 03, 2010 10:55 am

17 Re: bds small on Wed Mar 03, 2010 11:50 am

18 Re: bds small on Wed Mar 03, 2010 11:54 am

19 Re: bds small on Wed Mar 03, 2010 11:35 pm

20 Re: bds small on Thu Mar 04, 2010 12:52 am

21 Re: bds small on Thu Mar 04, 2010 1:05 am

22 Re: bds small on Fri Mar 05, 2010 7:42 pm

23 Re: bds small on Fri Mar 05, 2010 8:07 pm

24 Re: bds small on Sat Mar 06, 2010 1:36 am

25 Re: bds small on Sat Mar 06, 2010 5:29 am

26 Re: bds small on Sat Mar 06, 2010 8:58 am

27 Re: bds small on Sun Mar 07, 2010 10:36 am

28 Re: bds small on Sun Mar 07, 2010 3:22 pm

29 Re: bds small on Mon Mar 08, 2010 12:15 am

30 Re: bds small on Mon Mar 08, 2010 2:27 pm

Log in