WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


HDD Diagnostic will not be removed with Malwarebytes

2 posters

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyHDD Diagnostic will not be removed with Malwarebytes7th December 2010, 7:14 am

more_horiz
OTL logfile created on: 12/6/2010 11:06:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\ssanders\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 14.36 Gb Free Space | 38.61% Space Free | Partition Type: NTFS
Drive F: | 272.18 Gb Total Space | 253.05 Gb Free Space | 92.97% Space Free | Partition Type: NTFS
Drive G: | 272.18 Gb Total Space | 253.05 Gb Free Space | 92.97% Space Free | Partition Type: NTFS
Drive H: | 272.18 Gb Total Space | 253.05 Gb Free Space | 92.97% Space Free | Partition Type: NTFS
Drive P: | 272.18 Gb Total Space | 253.05 Gb Free Space | 92.97% Space Free | Partition Type: NTFS
Drive Q: | 272.18 Gb Total Space | 253.05 Gb Free Space | 92.97% Space Free | Partition Type: NTFS
Drive U: | 272.18 Gb Total Space | 253.05 Gb Free Space | 92.97% Space Free | Partition Type: NTFS

Computer Name: WKS11 | User Name: ssanders | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/06 23:05:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ssanders\Desktop\OTL.com
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/06 23:05:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ssanders\Desktop\OTL.com


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spyware Doctor\swdsvc.exe -- (sdCoreService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spyware Doctor\svcntaux.exe -- (sdAuxService)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/16 20:44:31 | 000,016,792 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\DOWNLO~1\MyWebEx\319\atnthost.exe -- (atnthost)
SRV - [2009/09/16 15:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/03/17 11:02:24 | 000,438,272 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/01/28 20:04:24 | 000,840,008 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe -- (BackupExecAgentAccelerator)
SRV - [2008/01/09 11:43:56 | 000,472,440 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe -- (DLOChangeJournalSvc)
SRV - [2007/11/28 16:51:41 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/07 19:48:36 | 000,116,664 | ---- | M] (symantec) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/10/07 19:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/10/07 19:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/27 16:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/07/26 18:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/05/29 15:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 15:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/09/13 09:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 8.0\QBDBMgrN.exe -- (QuickBooksDB18)
SRV - [2004/04/01 15:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe -- (BAsfIpM)
SRV - [2004/02/13 07:47:02 | 000,155,648 | ---- | M] (Dell Inc) [Auto | Stopped] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\TMPassthru.sys -- (TMPassthruMP)
DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\ikfileflt.sys -- (IKFileFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10822.sys -- (EraserUtilDrv10822)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys -- (EraserUtilDrv10821)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10820.sys -- (EraserUtilDrv10820)
DRV - [2010/12/02 14:57:37 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101202.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/02 14:57:37 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101202.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/24 14:10:57 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/27 14:00:21 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/08/06 11:59:46 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/09/25 13:52:30 | 000,054,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vsp.sys -- (VSP)
DRV - [2007/08/27 16:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/07/26 18:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/05/23 15:58:50 | 000,083,024 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys -- (IKSysSec)
DRV - [2007/05/23 15:58:46 | 000,057,424 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys -- (IkSysFlt)
DRV - [2007/05/23 15:58:42 | 000,053,840 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys -- (IKFileSec)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/08/03 19:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/05/29 14:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/02/13 07:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 11:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 11:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 11:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 11:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 11:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 10:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 10:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 10:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 10:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 10:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 10:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 10:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 10:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 10:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADP Scheduler] C:\Program Files\ADP\CollectAll\ADPSchedule.exe (Control Module Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1143156683\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickBooksDB18] C:\Program Files\Intuit\QuickBooks Enterprise Solutions 8.0\QBDBMgrN.exe (iAnywhere Solutions, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [330500] C:\Documents and Settings\ssanders\Local Settings\Temp\330500.exe (HDD Corporation)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe (Sammsoft)
O4 - HKCU..\Run: [IGwqNKmplw.exe] C:\Documents and Settings\ssanders\Local Settings\Temp\IGwqNKmplw.exe (MEDIA Corporation)
O4 - HKCU..\Run: [Osoledoxirakipej] C:\WINDOWS\MSIATCH.DLL File not found
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Remote Access.LNK = C:\WINDOWS\DOWNLO~1\MyWebEx\319\raagtx.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Backup Exec Desktop Agent.lnk = C:\Program Files\Symantec\Backup Exec\DLO\DLOClientu.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O15 - HKCU\..Trusted Domains: adp.com ([ezlmappdc1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: adp.com ([ezlmreportdc1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: saif.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: umpquabank.com ([bankonline] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cab (DealOrNoDeal Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {10DE6CF7-3E36-445B-985D-07603082B36B} https://forms.orefonline.com/OLF/Runtime/FormLoader_RMLS.CAB (FormLoader.Loader)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257361301243 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.102.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dessert.local
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 8.0\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ssanders\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ssanders\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 14:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{21da39e2-d04d-11dc-9c9c-0011437c8f02}\Shell - "" = AutoRun
O33 - MountPoints2\{21da39e2-d04d-11dc-9c9c-0011437c8f02}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{21da39e2-d04d-11dc-9c9c-0011437c8f02}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (PFDNNT C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\svcntaux.exe File not found
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\swdsvc.exe File not found
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\svcntaux.exe File not found
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\swdsvc.exe File not found
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 23:05:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ssanders\Desktop\OTL.com
[2010/12/06 23:03:34 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\ssanders\Desktop\jre-6u22-windows-i586-iftw-rv.exe
[2010/12/06 15:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ssanders\My Documents
[2010/12/06 15:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/06 15:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/12/06 15:37:07 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/06 15:37:07 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/06 15:37:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/06 15:37:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/06 10:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ssanders\Application Data\Malwarebytes
[2010/12/06 10:59:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/06 10:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/06 10:59:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/06 10:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/05 15:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/12/05 15:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/12/05 15:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/12/05 14:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/12/05 14:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/12/05 13:51:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/11/18 18:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ssanders\Application Data\TeamViewer
[2010/11/18 18:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[38 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes7th December 2010, 7:16 am

more_horiz
========== Files - Modified Within 30 Days ==========

[2010/12/06 23:05:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ssanders\Desktop\OTL.com
[2010/12/06 23:03:36 | 000,875,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\ssanders\Desktop\jre-6u22-windows-i586-iftw-rv.exe
[2010/12/06 22:53:51 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/12/06 22:49:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/12/06 22:48:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/12/06 22:46:54 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\ssanders\Desktop\HDD Diagnostic.lnk
[2010/12/06 22:10:10 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/06 16:28:23 | 000,016,164 | ---- | M] () -- \\Pdx-dc01\Users\ssanders\My Documents\30111.tif
[2010/12/06 15:49:08 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\ssanders\Application Data\Microsoft\Internet Explorer\Quick Launch\TeamViewer 5.lnk
[2010/12/06 15:48:42 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\ssanders\Desktop\TeamViewer 5.lnk
[2010/12/06 15:36:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/06 15:36:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/06 15:36:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/06 15:36:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/06 15:36:26 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/06 14:49:56 | 000,019,000 | ---- | M] () -- \\Pdx-dc01\Users\ssanders\My Documents\30105.tif
[2010/12/04 16:07:25 | 000,019,006 | ---- | M] () -- C:\Documents and Settings\ssanders\Desktop\ABBY120410.tif
[2010/12/04 16:04:37 | 000,024,768 | ---- | M] () -- C:\Documents and Settings\ssanders\Desktop\PENDING ORDERS.tif
[2010/12/02 11:09:05 | 000,013,264 | ---- | M] () -- \\Pdx-dc01\Users\ssanders\My Documents\030101.tif
[2010/12/02 08:14:27 | 000,037,489 | ---- | M] () -- C:\Documents and Settings\ssanders\Desktop\PO 67517.pdf
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/26 15:55:13 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\ssanders\Desktop\QuickBooks Enterprise Solutions 8.0.lnk
[2010/11/26 14:39:53 | 000,017,041 | ---- | M] () -- C:\Documents and Settings\ssanders\Desktop\IN1126IN.$JH
[2010/11/22 09:15:27 | 000,143,483 | ---- | M] () -- C:\Documents and Settings\ssanders\Desktop\AP112010.$JH
[2010/11/18 18:40:12 | 003,373,520 | ---- | M] () -- \\Pdx-dc01\Users\ssanders\My Documents\TeamViewer_Host_Setup.exe
[2010/11/18 18:38:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/11/17 17:00:54 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\ssanders\Desktop\SP Pricing.xls
[2010/11/17 09:23:48 | 000,405,310 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/11/17 09:23:48 | 000,063,860 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/11/11 18:27:05 | 006,966,272 | ---- | M] () -- \\Pdx-dc01\Users\ssanders\My Documents\fsa new products2.pub
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[38 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/06 22:46:54 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\ssanders\Desktop\HDD Diagnostic.lnk
[2010/12/06 22:10:10 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/12/06 16:28:23 | 000,016,164 | ---- | C] () -- \\Pdx-dc01\Users\ssanders\My Documents\30111.tif
[2010/12/06 15:49:08 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\ssanders\Application Data\Microsoft\Internet Explorer\Quick Launch\TeamViewer 5.lnk
[2010/12/06 15:48:42 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\ssanders\Desktop\TeamViewer 5.lnk
[2010/12/06 15:48:21 | 003,373,520 | ---- | C] () -- \\Pdx-dc01\Users\ssanders\My Documents\TeamViewer_Host_Setup.exe
[2010/12/06 14:49:56 | 000,019,000 | ---- | C] () -- \\Pdx-dc01\Users\ssanders\My Documents\30105.tif
[2010/12/04 16:07:25 | 000,019,006 | ---- | C] () -- C:\Documents and Settings\ssanders\Desktop\ABBY120410.tif
[2010/12/04 16:04:37 | 000,024,768 | ---- | C] () -- C:\Documents and Settings\ssanders\Desktop\PENDING ORDERS.tif
[2010/12/02 11:09:05 | 000,013,264 | ---- | C] () -- \\Pdx-dc01\Users\ssanders\My Documents\030101.tif
[2010/12/02 08:14:27 | 000,037,489 | ---- | C] () -- C:\Documents and Settings\ssanders\Desktop\PO 67517.pdf
[2010/11/26 15:55:13 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\ssanders\Desktop\QuickBooks Enterprise Solutions 8.0.lnk
[2010/11/26 14:04:30 | 000,017,041 | ---- | C] () -- C:\Documents and Settings\ssanders\Desktop\IN1126IN.$JH
[2010/11/20 17:49:27 | 000,143,483 | ---- | C] () -- C:\Documents and Settings\ssanders\Desktop\AP112010.$JH
[2010/11/18 18:38:23 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/11/17 16:03:44 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\ssanders\Desktop\SP Pricing.xls
[2010/11/11 17:46:12 | 006,966,272 | ---- | C] () -- \\Pdx-dc01\Users\ssanders\My Documents\fsa new products2.pub
[2010/05/17 10:35:00 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\ssanders\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/10 16:57:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\ssanders\Local Settings\Application Data\housecall.guid.cache
[2010/03/09 21:23:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2010/01/30 10:25:29 | 000,000,490 | ---- | C] () -- C:\WINDOWS\paycal.INI
[2009/11/16 20:44:35 | 000,050,652 | ---- | C] () -- C:\WINDOWS\System32\drivers\atntwink.sys
[2009/04/08 10:39:57 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2007/11/28 10:03:03 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\People
[2007/11/28 10:03:03 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2007/11/06 10:31:17 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2007/08/27 10:34:47 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/06/13 02:03:40 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/09/18 13:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 13:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/02/09 17:39:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/07/19 15:58:07 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2005/06/23 10:33:51 | 000,097,290 | ---- | C] () -- C:\WINDOWS\System32\Crp32dll.dll
[2005/06/23 10:33:51 | 000,096,733 | ---- | C] () -- C:\WINDOWS\System32\Crp9516e.dll
[2005/06/23 10:33:51 | 000,053,258 | ---- | C] () -- C:\WINDOWS\System32\Cryp95e.dll
[2005/05/17 15:44:18 | 000,000,067 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/05/02 03:13:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/02 03:11:38 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/02 03:10:56 | 000,000,549 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/02 02:44:52 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 14:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/11 14:14:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 02:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/10/13 16:52:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 14:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/10/21 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD97.DLL
[2007/10/21 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPP97.DLL
[2009/12/15 18:13:08 | 000,052,080 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\GoToPrintProcessor.dll
[2004/03/22 14:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/11/04 11:34:34 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2005/05/02 03:03:35 | 000,000,310 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\convert.log

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/08/06 11:39:20 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\ssanders\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/08/11 14:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\ssanders\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/12/06 23:03:36 | 000,875,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\ssanders\Desktop\jre-6u22-windows-i586-iftw-rv.exe
[2010/03/10 17:40:49 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ssanders\Desktop\this one sue.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2009/12/29 15:38:51 | 007,044,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\ssanders\gosetup.exe
[2009/06/29 14:44:56 | 000,103,720 | ---- | M] () -- C:\Documents and Settings\ssanders\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >
[2004/08/04 02:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\FXSEXT.ECF

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/06 11:39:20 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\ssanders\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/01/15 14:51:51 | 000,011,276 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 14:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/11 14:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/11 14:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2004/08/04 02:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ANSI.SYS
[2004/08/04 02:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\SYSTEM32\COUNTRY.SYS
[2004/08/04 02:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\SYSTEM32\HIMEM.SYS
[2004/08/04 02:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\SYSTEM32\KEY01.SYS
[2004/08/04 02:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\SYSTEM32\KEYBOARD.SYS
[2004/08/04 02:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS.SYS
[2004/08/04 02:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS404.SYS
[2004/08/04 02:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS411.SYS
[2004/08/04 02:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS412.SYS
[2004/08/04 02:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS804.SYS
[2004/08/04 02:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO.SYS
[2004/08/04 02:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO404.SYS
[2004/08/04 02:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO411.SYS
[2004/08/04 02:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO412.SYS
[2004/08/04 02:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO804.SYS
[2008/04/13 10:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\watchdog.sys
[2008/09/15 04:12:56 | 001,846,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\win32k.sys
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 16:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv01nt5.dll
[2008/04/13 16:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv02nt5.dll
[2008/04/13 16:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv05nt5.dll
[2008/04/13 16:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv07nt5.dll
[2008/04/13 16:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv08nt5.dll
[2008/04/13 16:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv09nt5.dll
[2008/04/13 16:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv11nt5.dll
[2008/04/13 16:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv01nt5.dll
[2008/04/13 16:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv02nt5.dll
[2008/04/13 16:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv04nt5.dll
[2008/04/13 16:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv06nt5.dll
[2008/04/13 16:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv10nt5.dll
[2008/04/13 16:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ch7xxnt5.dll
[2008/04/13 16:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\siint5.dll
[2008/04/13 16:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/10/21 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD97.DLL
[2007/10/21 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPP97.DLL
[2009/12/15 18:13:08 | 000,052,080 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\GoToPrintProcessor.dll
[2004/03/22 14:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2007/11/28 17:18:10 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2004/08/11 14:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/10 16:42:36 | 000,000,211 | -HS- | M] () -- C:\BOOT.INI
[2009/06/03 09:44:34 | 000,008,755 | ---- | M] () -- C:\CKINFO.TXT
[2004/08/11 14:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/05/02 02:45:46 | 000,003,887 | RH-- | M] () -- C:\DELL.SDR
[2010/03/09 22:10:50 | 000,077,030 | ---- | M] () -- C:\fb20100309.log
[2010/03/10 16:46:40 | 000,003,732 | ---- | M] () -- C:\fb20100310.log
[2005/07/19 15:32:39 | 000,000,032 | ---- | M] () -- C:\hsn.txt
[2004/08/11 14:27:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 14:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/04/25 00:37:42 | 000,000,381 | ---- | M] () -- C:\KASetup.log
[2008/03/18 14:50:46 | 000,000,480 | ---- | M] () -- C:\LOG15A.log
[2008/03/16 13:50:23 | 000,000,480 | ---- | M] () -- C:\LOG1AB.log
[2008/01/31 14:43:30 | 000,000,506 | ---- | M] () -- C:\LOG1E.log
[2008/02/21 19:02:14 | 000,000,480 | ---- | M] () -- C:\LOG1EB.log
[2009/06/28 13:36:34 | 000,000,481 | ---- | M] () -- C:\LOG20BB.log
[2008/05/17 15:19:58 | 000,000,480 | ---- | M] () -- C:\LOG2284.log
[2008/06/20 15:02:33 | 000,000,480 | ---- | M] () -- C:\LOG25D.log
[2008/10/14 15:05:01 | 000,000,481 | ---- | M] () -- C:\LOG2870.log
[2009/06/29 11:41:39 | 000,000,481 | ---- | M] () -- C:\LOG2B3B.log
[2008/10/22 10:24:36 | 000,000,481 | ---- | M] () -- C:\LOG2CE3.log
[2009/01/23 15:11:17 | 000,000,481 | ---- | M] () -- C:\LOG2D.log
[2009/01/23 15:13:21 | 000,000,481 | ---- | M] () -- C:\LOG2E.log
[2008/06/12 16:18:30 | 000,000,480 | ---- | M] () -- C:\LOG315D.log
[2008/03/19 10:53:26 | 000,000,480 | ---- | M] () -- C:\LOG35.log
[2008/10/23 10:30:48 | 000,000,481 | ---- | M] () -- C:\LOG3538.log
[2008/06/13 08:43:41 | 000,000,480 | ---- | M] () -- C:\LOG3DBB.log
[2008/06/13 08:58:34 | 000,000,480 | ---- | M] () -- C:\LOG3DBC.log
[2008/06/13 09:08:23 | 000,000,480 | ---- | M] () -- C:\LOG3DBD.log
[2008/06/13 09:33:47 | 000,000,480 | ---- | M] () -- C:\LOG3DD4.log
[2009/09/28 15:52:21 | 000,000,481 | ---- | M] () -- C:\LOG6574.log
[2009/05/22 17:56:44 | 000,000,481 | ---- | M] () -- C:\LOG68F0.log
[2009/05/22 18:10:25 | 000,000,481 | ---- | M] () -- C:\LOG68F1.log
[2009/05/22 18:15:29 | 000,000,481 | ---- | M] () -- C:\LOG68F2.log
[2008/10/18 11:35:49 | 000,000,481 | ---- | M] () -- C:\LOG86B.log
[2008/10/18 11:42:44 | 000,000,481 | ---- | M] () -- C:\LOG872.log
[2008/10/18 11:56:30 | 000,000,481 | ---- | M] () -- C:\LOG873.log
[2009/05/30 17:48:56 | 000,000,481 | ---- | M] () -- C:\LOGC961.log
[2009/05/30 17:52:51 | 000,000,481 | ---- | M] () -- C:\LOGC962.log
[2009/05/30 17:57:56 | 000,000,481 | ---- | M] () -- C:\LOGC963.log
[2008/02/22 16:01:46 | 000,000,480 | ---- | M] () -- C:\LOGD.log
[2008/03/17 18:36:19 | 000,000,480 | ---- | M] () -- C:\LOGD7.log
[2008/05/10 15:11:07 | 000,000,480 | ---- | M] () -- C:\LOGDFC.log
[2008/05/10 15:13:27 | 000,000,480 | ---- | M] () -- C:\LOGDFD.log
[2008/05/10 15:26:30 | 000,000,480 | ---- | M] () -- C:\LOGDFE.log
[2008/06/18 09:36:01 | 000,000,480 | ---- | M] () -- C:\LOGEC.log
[2008/05/12 11:00:05 | 000,000,480 | ---- | M] () -- C:\LOGF1A.log
[2008/06/18 11:36:23 | 000,000,480 | ---- | M] () -- C:\LOGF7.log
[2008/06/18 11:51:18 | 000,000,480 | ---- | M] () -- C:\LOGF8.log
[2004/08/11 14:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 02:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/11/04 11:28:02 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/12/06 22:48:04 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2009/01/19 17:53:21 | 000,113,062 | ---- | M] () -- C:\VETlog.dmp
[2009/01/19 17:53:21 | 000,002,523 | ---- | M] () -- C:\VETlog.txt
[2009/03/30 13:02:56 | 000,000,290 | ---- | M] () -- C:\Win32.Worm.Downladup.Gen.log
[38 C:\*.tmp files -> C:\*.tmp -> ]

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes7th December 2010, 10:39 pm

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll File not found
    O4 - HKCU..\Run: [330500] C:\Documents and Settings\ssanders\Local Settings\Temp\330500.exe (HDD Corporation)
    O4 - HKCU..\Run: [330500] C:\Documents and Settings\ssanders\Local Settings\Temp\330500.exe (HDD Corporation)
    O4 - HKCU..\Run: [IGwqNKmplw.exe] C:\Documents and Settings\ssanders\Local Settings\Temp\IGwqNKmplw.exe (MEDIA Corporation)
    O4 - HKCU..\Run: [Osoledoxirakipej] C:\WINDOWS\MSIATCH.DLL File not found
    [2010/12/06 22:46:54 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\ssanders\Desktop\HDD Diagnostic.lnk



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
HDD Diagnostic will not be removed with Malwarebytes DXwU4
HDD Diagnostic will not be removed with Malwarebytes VvYDg

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes13th December 2010, 6:02 pm

more_horiz
or: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret <[2010/12/06 22:46:54 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\ssanders\Desktop\HDD Diagnostic.lnk> in the current context!

OTL by OldTimer - Version 3.2.17.3 log created on 12132010_100059

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes13th December 2010, 6:03 pm

more_horiz
======= OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\330500 deleted successfully.
C:\Documents and Settings\ssanders\Local Settings\Temp\330500.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\330500 not found.
File C:\Documents and Settings\ssanders\Local Settings\Temp\330500.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IGwqNKmplw.exe deleted successfully.
C:\Documents and Settings\ssanders\Local Settings\Temp\IGwqNKmplw.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Osoledoxirakipej deleted successfully.
File C:\Documents and Settings\ssanders\Desktop\HDD Diagnostic.lnk not found.

OTL by OldTimer - Version 3.2.17.3 log created on 12132010_100248

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes13th December 2010, 11:48 pm

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
HDD Diagnostic will not be removed with Malwarebytes DXwU4
HDD Diagnostic will not be removed with Malwarebytes VvYDg

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes14th December 2010, 8:48 pm

more_horiz
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5313

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

12/14/2010 12:48:16 PM
mbam-log-2010-12-14 (12-48-16).txt

Scan type: Quick scan
Objects scanned: 221550
Time elapsed: 7 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes14th December 2010, 11:30 pm

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    HDD Diagnostic will not be removed with Malwarebytes CF_download_FF

    HDD Diagnostic will not be removed with Malwarebytes CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    HDD Diagnostic will not be removed with Malwarebytes Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    HDD Diagnostic will not be removed with Malwarebytes Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
HDD Diagnostic will not be removed with Malwarebytes DXwU4
HDD Diagnostic will not be removed with Malwarebytes VvYDg

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes15th December 2010, 5:23 am

more_horiz
ComboFix 10-12-14.01 - ssanders 12/14/2010 19:15:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1447 [GMT -8:00]
Running from: c:\documents and settings\ssanders\Desktop\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APTO6KO


((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))
.

2010-12-14 20:39 . 2010-11-30 01:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-14 20:39 . 2010-12-14 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-14 20:39 . 2010-11-30 01:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 00:32 . 2010-12-14 00:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-13 19:41 . 2010-12-13 19:41 -------- d-----w- c:\documents and settings\ssanders\Application Data\SUPERAntiSpyware.com
2010-12-13 19:41 . 2010-12-13 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-13 19:41 . 2010-12-13 19:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-07 17:33 . 2010-12-13 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-07 07:17 . 2010-12-07 07:17 -------- d-----w- C:\_OTL
2010-12-06 23:37 . 2010-12-07 06:16 -------- d-----w- c:\program files\Carbonite
2010-12-06 23:37 . 2010-12-06 23:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-06 18:59 . 2010-12-06 18:59 -------- d-----w- c:\documents and settings\ssanders\Application Data\Malwarebytes
2010-12-06 18:59 . 2010-12-06 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-05 23:44 . 2010-12-05 23:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-11-19 02:38 . 2010-11-22 20:57 -------- d-----w- c:\documents and settings\ssanders\Application Data\TeamViewer
2010-11-19 02:38 . 2010-11-19 02:38 -------- d-----w- c:\program files\TeamViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-14 23:33 . 2008-11-16 02:48 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2010-12-06 23:36 . 2007-07-26 14:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-19 20:51 . 2010-03-11 03:09 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 68856]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2009-12-28 2137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickBooksDB18"="c:\program files\Intuit\QuickBooks Enterprise Solutions 8.0\QBDBMgrN.exe" [2006-09-13 128536]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-04 98304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-21 86960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-21 213936]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"HostManager"="c:\program files\Common Files\AOL\1143156683\ee\AOLSoftware.exe" [2006-05-10 50760]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"ADP Scheduler"="c:\program files\ADP\CollectAll\ADPSchedule.exe" [2007-08-03 118784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes15th December 2010, 5:29 am

more_horiz
Will not let me copy and paste the rest of the log.

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes15th December 2010, 5:32 am

more_horiz
Says Internet Explorer cannot display the page. Also box pops up sometimes that says: Wmiprvse.exe Application Error, instruction at 0x7c9110f9 reference memory at 0x00080120, The memory could not be written. Also, the same "Just-in-time debugging" window popped up after completing combofix and rebooted.

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes16th December 2010, 12:02 am

more_horiz
Hello.
Can you post the last bit of the log on it's own?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
HDD Diagnostic will not be removed with Malwarebytes DXwU4
HDD Diagnostic will not be removed with Malwarebytes VvYDg

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes18th December 2010, 6:08 pm

more_horiz
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: adp.com\ezlmappdc1
Trusted Zone: adp.com\ezlmreportdc1
Trusted Zone: saif.com\www
Trusted Zone: umpquabank.com\bankonline
DPF: {10DE6CF7-3E36-445B-985D-07603082B36B} - hxxps://forms.orefonline.com/OLF/Runtime/FormLoader_RMLS.CAB
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe
HKLM-Run-SDTray - c:\program files\Spyware Doctor\SDTrayApp.exe
AddRemove-{488F0300-53BA-11DA-6784-04A72A8E18BE} - c:\documents and settings\ssanders\Desktop\PAYROLL\Uninst_The Net Payroll Calculator - 2009.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-14 19:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST340014AS rev.8.12 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AA4A555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8aa507b0]; MOV EAX, [0x8aa5082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AA1EAB8]
3 CLASSPNP[0xBA168FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AA36660]
\Driver\atapi[0x8AA59318] -> IRP_MJ_CREATE -> 0x8AA4A555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST340014AS______________________________8.12____#5&2a36c317&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AA4A39B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3812)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\basfipm.exe
c:\windows\DOWNLO~1\MyWebEx\319\RAAGTAPP.EXE
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\Symantec\Backup Exec\RAWS\beremote.exe
c:\windows\system32\wscntfy.exe
c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe
c:\windows\DOWNLO~1\MyWebEx\319\raagtx.exe
c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
c:\program files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
.
**************************************************************************
.
Completion time: 2010-12-14 19:41:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-15 03:41

Pre-Run: 17,417,076,736 bytes free
Post-Run: 17,704,235,008 bytes free

- - End Of File - - 88A5445951BDEC0FF39EB95B2B972A5E

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes18th December 2010, 11:47 pm

more_horiz
Hello.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
HDD Diagnostic will not be removed with Malwarebytes DXwU4
HDD Diagnostic will not be removed with Malwarebytes VvYDg

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes19th December 2010, 12:59 am

more_horiz
2010/12/18 16:57:56.0310 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/18 16:57:56.0310 ================================================================================
2010/12/18 16:57:56.0310 SystemInfo:
2010/12/18 16:57:56.0310
2010/12/18 16:57:56.0310 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/18 16:57:56.0310 Product type: Workstation
2010/12/18 16:57:56.0310 ComputerName: WKS11
2010/12/18 16:57:56.0310 UserName: ssanders
2010/12/18 16:57:56.0310 Windows directory: C:\WINDOWS
2010/12/18 16:57:56.0310 System windows directory: C:\WINDOWS
2010/12/18 16:57:56.0310 Processor architecture: Intel x86
2010/12/18 16:57:56.0310 Number of processors: 2
2010/12/18 16:57:56.0310 Page size: 0x1000
2010/12/18 16:57:56.0310 Boot type: Safe boot with network
2010/12/18 16:57:56.0310 ================================================================================
2010/12/18 16:57:56.0560 Initialize success
2010/12/18 16:58:13.0372 ================================================================================
2010/12/18 16:58:13.0372 Scan started
2010/12/18 16:58:13.0372 Mode: Manual;
2010/12/18 16:58:13.0372 ================================================================================
2010/12/18 16:58:18.0825 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/18 16:58:18.0919 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/18 16:58:19.0060 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/18 16:58:19.0153 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/18 16:58:19.0294 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/12/18 16:58:19.0356 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/18 16:58:19.0575 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/18 16:58:19.0669 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/18 16:58:19.0794 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/18 16:58:19.0888 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/18 16:58:20.0028 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/18 16:58:20.0153 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/18 16:58:20.0294 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/18 16:58:20.0403 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/18 16:58:20.0622 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/18 16:58:20.0747 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/18 16:58:20.0810 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/18 16:58:20.0872 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/18 16:58:20.0997 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/18 16:58:21.0153 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/18 16:58:21.0231 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/18 16:58:21.0513 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/18 16:58:21.0685 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/18 16:58:21.0763 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/12/18 16:58:21.0950 BASFND (3d87b0484be1093c6614062701f375c5) C:\WINDOWS\system32\Drivers\BASFND.sys
2010/12/18 16:58:22.0060 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/18 16:58:22.0231 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/18 16:58:22.0263 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/18 16:58:22.0388 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/18 16:58:22.0575 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/18 16:58:22.0685 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/18 16:58:22.0763 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/18 16:58:22.0919 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/18 16:58:22.0997 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/18 16:58:23.0106 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/18 16:58:23.0169 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/18 16:58:23.0294 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/18 16:58:23.0513 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/18 16:58:23.0716 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/18 16:58:23.0747 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/18 16:58:23.0856 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/18 16:58:24.0013 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/12/18 16:58:24.0153 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/12/18 16:58:24.0185 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2010/12/18 16:58:24.0325 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/18 16:58:24.0544 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/18 16:58:24.0731 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/18 16:58:24.0903 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/18 16:58:25.0247 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/18 16:58:25.0544 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/18 16:58:25.0669 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/18 16:58:25.0763 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/18 16:58:25.0903 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/18 16:58:25.0966 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/18 16:58:26.0091 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/18 16:58:26.0153 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/18 16:58:26.0278 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/18 16:58:26.0356 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/18 16:58:26.0575 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/18 16:58:26.0669 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/18 16:58:26.0841 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/18 16:58:26.0935 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/18 16:58:27.0013 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/18 16:58:27.0138 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/18 16:58:27.0497 IKFileSec (94b141f1c253e17e3802e5b0b406d9c2) C:\WINDOWS\system32\drivers\ikfilesec.sys
2010/12/18 16:58:27.0591 IkSysFlt (b9be23cc260bfc3f78448eed16a5f5ee) C:\WINDOWS\system32\drivers\iksysflt.sys
2010/12/18 16:58:27.0716 IKSysSec (74988f2b0b7b919a7c59ed31d2bcf2a6) C:\WINDOWS\system32\drivers\iksyssec.sys
2010/12/18 16:58:27.0794 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/18 16:58:27.0919 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/18 16:58:27.0966 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/18 16:58:28.0060 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/18 16:58:28.0200 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/18 16:58:28.0278 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/18 16:58:28.0341 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/18 16:58:28.0513 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/18 16:58:28.0575 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/18 16:58:28.0685 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/18 16:58:28.0810 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/18 16:58:28.0950 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/18 16:58:28.0997 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/18 16:58:29.0106 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/18 16:58:29.0185 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/18 16:58:29.0638 MBAMSwissArmy (e74dc2f3f9675a6025a4aa020edd4341) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010/12/18 16:58:29.0794 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/18 16:58:29.0919 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/18 16:58:29.0997 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/18 16:58:30.0138 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/18 16:58:30.0263 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/18 16:58:30.0325 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/18 16:58:30.0544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/18 16:58:30.0622 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/18 16:58:30.0810 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/18 16:58:30.0903 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/18 16:58:30.0997 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/18 16:58:31.0091 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/18 16:58:31.0185 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/18 16:58:31.0247 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/18 16:58:31.0513 NAVENG (01543b4f5b6fdac6761910ce44aff3f8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101216.002\naveng.sys
2010/12/18 16:58:31.0653 NAVEX15 (38814ee261cfc76ded4b5647fc082826) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101216.002\navex15.sys
2010/12/18 16:58:31.0903 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/18 16:58:31.0966 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/18 16:58:32.0013 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/18 16:58:32.0075 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/18 16:58:32.0169 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/18 16:58:32.0231 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/18 16:58:32.0356 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/18 16:58:32.0513 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/18 16:58:32.0622 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/18 16:58:32.0778 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/18 16:58:32.0903 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/18 16:58:33.0122 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/18 16:58:33.0185 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/18 16:58:33.0247 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/12/18 16:58:33.0341 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/18 16:58:33.0403 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/18 16:58:33.0544 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/18 16:58:33.0622 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/18 16:58:33.0778 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/18 16:58:33.0856 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/18 16:58:34.0200 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/18 16:58:34.0356 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/18 16:58:34.0935 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/18 16:58:35.0028 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/18 16:58:35.0091 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/18 16:58:35.0216 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/18 16:58:35.0435 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/18 16:58:35.0497 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/18 16:58:35.0591 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/18 16:58:35.0685 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/18 16:58:35.0794 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/18 16:58:35.0872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/18 16:58:35.0981 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/18 16:58:36.0091 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/18 16:58:36.0169 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/18 16:58:36.0294 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/18 16:58:36.0341 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/18 16:58:36.0481 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/18 16:58:36.0591 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/18 16:58:36.0716 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/18 16:58:36.0903 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/18 16:58:36.0950 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/18 16:58:37.0060 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
2010/12/18 16:58:37.0122 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2010/12/18 16:58:37.0294 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/18 16:58:37.0419 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/18 16:58:37.0513 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/18 16:58:37.0575 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/18 16:58:37.0794 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/18 16:58:37.0919 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
2010/12/18 16:58:38.0122 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/18 16:58:38.0294 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/12/18 16:58:38.0466 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/18 16:58:38.0606 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/18 16:58:38.0700 Srv (4f8a43adef66f135564085a9dca96a26) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/18 16:58:38.0825 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/18 16:58:38.0950 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/18 16:58:39.0060 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/18 16:58:39.0153 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/18 16:58:39.0294 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/12/18 16:58:39.0388 SYMTDI (c177d5a655af572c456ec977582b9bc0) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/12/18 16:58:39.0450 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/18 16:58:39.0544 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/18 16:58:39.0638 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/18 16:58:39.0794 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/18 16:58:39.0903 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/18 16:58:40.0028 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/18 16:58:40.0122 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/18 16:58:40.0325 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/18 16:58:40.0481 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/18 16:58:40.0560 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/18 16:58:40.0653 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/18 16:58:40.0825 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/18 16:58:40.0903 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/18 16:58:41.0044 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/18 16:58:41.0106 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/18 16:58:41.0231 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/18 16:58:41.0325 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/18 16:58:41.0435 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/18 16:58:41.0575 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/18 16:58:41.0622 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/18 16:58:41.0763 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/18 16:58:41.0935 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/18 16:58:42.0044 VSP (6af69eb9d7fa351c02887a64810dea59) C:\WINDOWS\system32\DRIVERS\vsp.sys
2010/12/18 16:58:42.0200 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/18 16:58:42.0356 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/18 16:58:42.0638 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/18 16:58:42.0731 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/18 16:58:42.0825 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/18 16:58:42.0841 ================================================================================
2010/12/18 16:58:42.0841 Scan finished
2010/12/18 16:58:42.0841 ================================================================================
2010/12/18 16:58:42.0872 Detected object count: 1
2010/12/18 16:58:49.0747 \HardDisk0 - will be cured after reboot
2010/12/18 16:58:49.0747 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes19th December 2010, 3:44 pm

more_horiz
Hello.

Nearly done now.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
HDD Diagnostic will not be removed with Malwarebytes DXwU4
HDD Diagnostic will not be removed with Malwarebytes VvYDg

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes19th December 2010, 8:00 pm

more_horiz
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Adobe® Photoshop® Album Starter Edition 3.2
ADP CollectAll Manager
ADP File Upload
Advanced Registry Optimizer
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Panorama Maker 4
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Google Toolbar for Internet Explorer
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 22
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee Security Scan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Publisher 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nikon Message Center
Nikon Transfer
OMCI
Otter32
Peachtree Classic Accounting
PowerDVD 5.1
QuickBooks Conversion Tool
QuickBooks Enterprise Solutions: Mfg and Whsle Edition 8.0
QuickBooks Remote Access
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Spyware Doctor 5.0
SUPERAntiSpyware
SupportSoft Assisted Service
Symantec AntiVirus
Symantec Backup Exec Desktop Agent
Symantec Backup Exec Remote Agent for Windows Systems
Symantec Backup Exec Remote Agent for Windows Systems
TeamViewer 5
Update for Windows XP (KB951072-v2)
Viewpoint Media Player
Viewpoint Toolbar
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes19th December 2010, 8:17 pm

more_horiz
Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.4.1
    Coupon Printer for Windows
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 2
    Viewpoint Media Player
    Viewpoint Toolbar

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
HDD Diagnostic will not be removed with Malwarebytes DXwU4
HDD Diagnostic will not be removed with Malwarebytes VvYDg

descriptionHDD Diagnostic will not be removed with Malwarebytes EmptyRe: HDD Diagnostic will not be removed with Malwarebytes

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum