this all started with my internet explorer not opening. ii started a thread in the windows xp help section but after a little bit of correspondence, i was directed to come here for help. basically, aside from the internet explorer not opening, often the computer will freeze or sometimes just a program will freeze. also occasionally the computer will just shut itself down, or off rather. some of these problems can be temporarily alleviated by restarting the computer but it's only a very short while before it's all screwy again. attached are the logs i was instructed to provide from the "READ THIS FIRST!" thread. thankyou in advance for your time and any help will be much appreciated. thanks

oh yes, about the debugging thing, there are these incessabnt "just in time debugging" pop ups that keep coming up and will not stop. thanks again.

Please, paste all logs into your reply.

here are the logs


MBAM============================================== ================================================== ================================
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4749

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/5/2010 9:58:59 PM
mbam-log-2010-10-05 (21-58-59).txt

Scan type: Quick scan
Objects scanned: 149913
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAdnnsviwtxy (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAhwhorapxxb (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAiqxtqievir (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAnmdwovdrvi (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMArtccpxmxgq (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAtnbqhtisen (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAvbyxcpctqp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAxcdbyqxeix (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAxnmcxgnwoi (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAxymexccjix (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\cooper.mine (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAdnnsviwtxy\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAhwhorapxxb\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAiqxtqievir\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAnmdwovdrvi\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMArtccpxmxgq\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAtnbqhtisen\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAvbyxcpctqp\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAxcdbyqxeix\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAxnmcxgnwoi\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAxymexccjix\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h7t.wt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgtd.ruy (Malware.Trace) -> Quarantined and deleted successfully.



=====OTL========================================== ================================================== ================================================== ==============================================

OTL logfile created on: 10/6/2010 5:32:09 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Donovan\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 5000 7500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 78.40 Gb Free Space | 26.30% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 747.16 Gb Free Space | 80.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 247.72 Mb Total Space | 238.41 Mb Free Space | 96.24% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DONOVAN-16EEC24
Current User Name: Donovan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/06 17:31:16 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donovan\My Documents\Downloads\OTL.exe
PRC - [2010/09/17 22:37:12 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/18 21:11:44 | 001,369,088 | ---- | M] () -- C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe
PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/18 15:00:00 | 000,495,432 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/23 13:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/02/10 03:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/12/09 19:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/09 19:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/11/28 23:42:19 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/15 15:55:46 | 001,628,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/05/15 15:55:26 | 001,057,328 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2006/11/21 21:08:57 | 000,813,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe


========== Modules (SafeList) ==========

MOD - [2010/10/06 17:31:16 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donovan\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/02/10 03:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/12/09 19:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 19:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/09 2100 | 004,449,280 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/05/15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/04/20 09:32:00 | 006,728,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/03/06 00:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/03/06 00:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/07/18 14:40:40 | 000,099,840 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?st=1"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e6 0-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 20:34:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\support@ predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010/06/30 15:09:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 22:37:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 22:37:18 | 000,000,000 | ---D | M]

[2008/11/07 13:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donovan\Application Data\Mozilla\Extensions
[2010/10/06 17:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donovan\Application Data\Mozilla\Firefox\Profiles\roclhajt.default\ext ensions
[2009/08/19 21:14:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Donovan\Application Data\Mozilla\Firefox\Profiles\roclhajt.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/01 23:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Donovan\Application Data\Mozilla\Firefox\Profiles\roclhajt.default\ext ensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/10/06 17:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/25 10:06:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: _NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: msn.com ([zone] https in Trusted sites)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/bingame/zpagames...o.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames...1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames...z.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames...e.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames...l.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor....cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Donovan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Donovan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/05 03:29:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/06 17:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donovan\Desktop\computer logs
[2010/10/05 21:36:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/05 21:36:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/05 21:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donovan\Application Data\Avira
[2010/10/05 21:01:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/05 21:01:23 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/05 21:01:23 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/05 21:01:23 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/05 21:01:23 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/05 21:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/05 21:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/01 06:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donovan\Desktop\The Last Air****** 2010 XvID CAM-MAGNET
[2010/09/26 09:23:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Donovan\Desktop\Kate Project
[2010/09/22 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

========== Files - Modified Within 30 Days ==========

[2010/10/06 17:51:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/06 17:47:49 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\Donovan\ntuser.dat
[2010/10/06 16:04:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/06 15:41:13 | 000,578,644 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/06 15:41:13 | 000,482,300 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 15:41:13 | 000,086,026 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/06 15:40:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/06 15:40:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/06 15:36:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/06 15:36:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/05 21:36:17 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Donovan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/05 21:01:34 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/05 18:37:12 | 000,218,112 | ---- | M] () -- C:\Documents and Settings\Donovan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/05 17:46:15 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/04 21:30:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/04 17:30:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/01 22:29:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Donovan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/01 11:40:24 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files Created - No Company Name ==========

[2010/10/05 21:36:17 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Donovan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/05 21:01:34 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/06/30 20:54:30 | 000,000,100 | ---- | C] () -- C:\WINDOWS\Rainy Clock.ini
[2010/06/30 20:51:52 | 000,000,106 | ---- | C] () -- C:\WINDOWS\fractal sun clock.ini
[2010/06/30 20:51:27 | 000,000,098 | ---- | C] () -- C:\WINDOWS\Sun Clock.ini
[2010/06/30 20:51:03 | 000,000,108 | ---- | C] () -- C:\WINDOWS\Cosmos Sokrat Clock.ini
[2010/06/30 20:50:25 | 000,000,106 | ---- | C] () -- C:\WINDOWS\Fluorescent Clock.ini
[2010/06/30 20:50:01 | 000,000,103 | ---- | C] () -- C:\WINDOWS\3D Astro Clock.ini
[2010/06/30 20:49:37 | 000,000,100 | ---- | C] () -- C:\WINDOWS\Antic Clock.ini
[2010/06/30 20:47:37 | 000,000,102 | ---- | C] () -- C:\WINDOWS\Crystal Clock.ini
[2010/06/30 20:46:00 | 000,000,107 | ---- | C] () -- C:\WINDOWS\gravity_free_clock.ini
[2010/06/30 20:42:03 | 000,000,105 | ---- | C] () -- C:\WINDOWS\Sky Flight Clock.ini
[2010/06/30 20:40:16 | 000,000,102 | ---- | C] () -- C:\WINDOWS\foliage_clock.ini
[2010/06/30 15:31:48 | 000,000,113 | ---- | C] () -- C:\WINDOWS\one_world_clock.ini
[2010/06/30 15:30:44 | 000,000,101 | ---- | C] () -- C:\WINDOWS\Liquid Clock.ini
[2010/06/30 15:26:03 | 000,000,107 | ---- | C] () -- C:\WINDOWS\Magic Forest Clock.ini
[2010/06/30 15:09:10 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Dali Clock.ini
[2009/12/12 00:24:05 | 000,000,047 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2009/12/12 00:23:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/01 17:46:45 | 000,000,054 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2009/01/01 17:44:17 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\PTTreeIcons.dll
[2008/12/29 20:22:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/11/11 00:20:08 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2008/05/26 05:36:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/26 05:36:45 | 000,218,112 | ---- | C] () -- C:\Documents and Settings\Donovan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/20 09:32:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/20 09:32:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/20 09:32:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/20 09:32:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/20 09:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/12 11:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 11:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2000/12/07 11:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\Mr310twv.ini
< End of report >


MBR=============================================== ================================================== ================================================== ===========================================
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 123):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F11000 fltmgr.sys
0xB9EFF000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9EE8000 KSecDD.sys
0xB9ED5000 WudfPf.sys
0xB9E48000 Ntfs.sys
0xB9E1B000 NDIS.sys
0xB9E01000 Mup.sys
0xBA128000 \SystemRoot\system32\DRIVERS\processr.sys
0xBA138000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA53C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA380000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB9DA5000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA390000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9D81000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA398000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA148000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA158000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA168000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9D5E000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3A8000 \SystemRoot\system32\drivers\InCDPass.sys
0xBA178000 \SystemRoot\system32\drivers\InCDRm.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB9D36000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA188000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB9C54000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB95E9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB95D5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA560000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA786000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA198000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA568000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB95BE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB95AD000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA408000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5B6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB954F000 \SystemRoot\system32\DRIVERS\update.sys
0xBA584000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA1F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5CE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA208000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB6A2D000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB6A09000 \SystemRoot\system32\drivers\portcls.sys
0xBA228000 \SystemRoot\system32\drivers\drmk.sys
0xBA470000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA5D6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA70E000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5DA000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA4A0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA4B0000 \SystemRoot\System32\drivers\vga.sys
0xBA5DE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB9DC9000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xB6938000 \SystemRoot\system32\drivers\InCDFs.sys
0xBA3D0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9DBD000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6925000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB68CC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB68A4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB687E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA258000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB685C000 \SystemRoot\System32\drivers\afd.sys
0xBA268000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA438000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB6831000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB67C1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA278000 \SystemRoot\System32\Drivers\Fips.SYS
0xB679F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA460000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA5EE000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xBA448000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB6F9F000 \SystemRoot\system32\drivers\usbaudio.sys
0xB6984000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB6F4F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB697C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB6974000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA418000 \SystemRoot\system32\DRIVERS\point32.sys
0xB6F3F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB66B3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA578000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA378000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA715000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB5F5E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB6F8F000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xB5EEA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB5C89000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA63C000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB5962000 \SystemRoot\system32\DRIVERS\srv.sys
0xB585D000 \SystemRoot\system32\drivers\wdmaud.sys
0xB5A01000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3C92000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
584 C:\WINDOWS\system32\smss.exe
644 csrss.exe


GMER============================================== ================================================== ================================================== ============================================
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-06 23:05:17
Windows 5.1.2600 Service Pack 3
Running: fesjdnd9.exe; Driver: C:\DOCUME~1\Donovan\LOCALS~1\Temp\fwnirfod.sys


---- System - GMER 1.0.15 ----

SSDT BA74F706 ZwCreateKey
SSDT BA74F6FC ZwCreateThread
SSDT BA74F70B ZwDeleteKey
SSDT BA74F715 ZwDeleteValueKey
SSDT BA74F71A ZwLoadKey
SSDT BA74F6E8 ZwOpenProcess
SSDT BA74F6ED ZwOpenThread
SSDT BA74F724 ZwReplaceKey
SSDT BA74F71F ZwRestoreKey
SSDT BA74F710 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes CALL 870ABB4F
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB95E9380, 0x2F2537, 0xE8000020]
.rsrc C:\WINDOWS\system32\DRIVERS\mouclass.sys entry point in ".rsrc" section [0xBA40C814]

---- User code sections - GMER 1.0.15 ----

.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[464] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0093000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[464] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0094000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[464] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0092000C
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D6000A
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D7000A
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D5000C
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00E9000A
.text C:\WINDOWS\System32\svchost.exe[1100] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00ED000A
.text C:\WINDOWS\Explorer.EXE[2876] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DB000A
.text C:\WINDOWS\Explorer.EXE[2876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DC000A
.text C:\WINDOWS\Explorer.EXE[2876] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00DA000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device InCDFs.sys (InCD File System Driver/Nero AG)
Device -> \Driver\atapi \Device\Harddisk0\DR0 8A145EC5



EXTRAS============================================ ================================================== ================================================== ==============================================
OTL Extras logfile created on: 10/6/2010 5:32:09 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Donovan\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 5000 7500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 78.40 Gb Free Space | 26.30% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 747.16 Gb Free Space | 80.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 247.72 Mb Total Space | 238.41 Mb Free Space | 96.24% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DONOVAN-16EEC24
Current User Name: Donovan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MI1933~1\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MI1933~1\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"52724:TCP" = 52724:TCP:*:Enabled:utorrent
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*isabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe" = C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe:*:Enabled:Internet Spades -- (Microsoft Corporation)
"C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe" = C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe:*:Enabled:Internet Hearts -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44E75850-B838-43D2-8F37-84D3FB71FF6E}" = VGA Dual-Mode Camera
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}" = Nero 7 Essentials
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E32661E0-A745-48A5-A9B9-073FDC6B119C}" = Text to Speech XP
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"3D Astro Clock Screensaver_is1" = 3D Astro Clock
"7art Antic Clock Screensaver_is1" = 7art Antic Clock © 2010 by 7art-screensavers.com
"7art Cosmos Sokrat Clock Screensaver_is1" = 7art Cosmos Sokrat Clock © 2010 by 7art-screensavers.com
"7art Crystal Clock Screensaver_is1" = 7art Crystal Clock © 2010 by 7art-screensavers.com
"7art Dali Clock Screensaver_is1" = 7art Dali Clock © 2010 by 7art-screensavers.com
"7art Fluorescent Clock Screensaver_is1" = 7art Fluorescent Clock © 2010 by 7art-screensavers.com
"7art foliage_clock Screensaver_is1" = 7art foliage_clock © 2010 by 7art-screensavers.com
"7art fractal sun clock Screensaver_is1" = 7art fractal sun clock © 2010 by 7art-screensavers.com
"7art gravity_free_clock Screensaver_is1" = 7art gravity_free_clock © 2010 by 7art-screensavers.com
"7art Liquid Clock Screensaver_is1" = 7art Liquid Clock © 2010 by 7art-screensavers.com
"7art Magic Forest Clock Screensaver_is1" = 7art Magic Forest Clock © 2010 by 7art-screensavers.com
"7art Rainy Clock Screensaver_is1" = 7art Rainy Clock © 2010 by 7art-screensavers.com
"7art Sky Flight Clock Screensaver_is1" = 7art Sky Flight Clock © 2010 by 7art-screensavers.com
"7art Sun Clock Screensaver_is1" = 7art Sun Clock © 2010 by 7art-screensavers.com
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIMars" = Kids Cam Show and Share Creativity Center
"Ask Toolbar_is1" = Vuze Toolbar
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InterActual Player" = InterActual Player
"Kidspiration 3 IE" = Kidspiration 3 IE
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"mr97310v_930effb4fb2946cade43a25b55651187aae405f3 " = Windows Driver Package - Camera Maker (MR97310_VGA_DUAL_CAMERA) Image 07/18/2006 2.0.1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OJOsoft MP4 Converter_is1" = OJOsoft MP4 Converter
"one_world_clock Screensaver_is1" = one_world_clock
"Sorry" = Sorry
"Soulseek2" = SoulSeek 157 NS 13d
"VLC media player" = VLC media player 0.9.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2010 1:58:25 PM | Computer Name = DONOVAN-16EEC24 | Source = ESENT | ID = 489
Description = wuauclt (3044) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\ed b.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 10/6/2010 1:58:25 PM | Computer Name = DONOVAN-16EEC24 | Source = ESENT | ID = 455
Description = wuaueng.dll (3044) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb .log.

Error - 10/6/2010 2:00:51 PM | Computer Name = DONOVAN-16EEC24 | Source = ESENT | ID = 489
Description = wuauclt (3936) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\ed b.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 10/6/2010 2:00:51 PM | Computer Name = DONOVAN-16EEC24 | Source = ESENT | ID = 455
Description = wuaueng.dll (3936) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb .log.

Error - 10/6/2010 2:01:01 PM | Computer Name = DONOVAN-16EEC24 | Source = ESENT | ID = 489
Description = wuauclt (3936) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\ed b.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 10/6/2010 2:01:01 PM | Computer Name = DONOVAN-16EEC24 | Source = ESENT | ID = 455
Description = wuaueng.dll (3936) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb .log.

Error - 10/6/2010 2:03:34 PM | Computer Name = DONOVAN-16EEC24 | Source = ESENT | ID = 489
Description = wuauclt (2036) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\ed b.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 10/6/2010 2:03:34 PM | Computer Name = DONOVAN-16EEC24 | Source = ESENT | ID = 455
Description = wuaueng.dll (2036) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb .log.

Error - 10/6/2010 2:03:44 PM | Computer Name = DONOVAN-16EEC24 | Source = ESENT | ID = 489
Description = wuauclt (2036) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\ed b.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 10/6/2010 2:03:44 PM | Computer Name = DONOVAN-16EEC24 | Source = ESENT | ID = 455
Description = wuaueng.dll (2036) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb .log.

[ System Events ]
Error - 10/5/2010 9:18:12 PM | Computer Name = DONOVAN-16EEC24 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 10/5/2010 9:18:12 PM | Computer Name = DONOVAN-16EEC24 | Source = Service Control Manager | ID = 7034
Description = The InCD Helper service terminated unexpectedly. It has done this
1 time(s).

Error - 10/5/2010 9:25:21 PM | Computer Name = DONOVAN-16EEC24 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/5/2010 9:25:21 PM | Computer Name = DONOVAN-16EEC24 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/5/2010 10:02:17 PM | Computer Name = DONOVAN-16EEC24 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/5/2010 10:02:17 PM | Computer Name = DONOVAN-16EEC24 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/6/2010 12:24:14 AM | Computer Name = DONOVAN-16EEC24 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the service.

Error - 10/6/2010 3:36:40 PM | Computer Name = DONOVAN-16EEC24 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/6/2010 3:36:40 PM | Computer Name = DONOVAN-16EEC24 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/6/2010 3:39:01 PM | Computer Name = DONOVAN-16EEC24 | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.


< End of report >

MBRCheck and GMER logs are incomplete.
Please, re-run, post new logs.

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4786

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/9/2010 5:36:28 PM
mbam-log-2010-10-09 (17-36-28).txt

Scan type: Quick scan
Objects scanned: 152636
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


================================================== =========================================
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F11000 fltmgr.sys
0xB9EFF000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9EE8000 KSecDD.sys
0xB9ED5000 WudfPf.sys
0xB9E48000 Ntfs.sys
0xB9E1B000 NDIS.sys
0xB9E01000 Mup.sys
0xBA128000 \SystemRoot\system32\DRIVERS\processr.sys
0xBA138000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA53C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA380000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB9DA5000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA390000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9D81000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA398000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA148000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA158000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA168000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9D5E000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3A8000 \SystemRoot\system32\drivers\InCDPass.sys
0xBA178000 \SystemRoot\system32\drivers\InCDRm.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB9D36000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA188000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB9C54000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB95E9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB95D5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA560000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA7B2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA198000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA568000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB95BE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB95AD000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA408000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5B6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB94AF000 \SystemRoot\system32\DRIVERS\update.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA208000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5D0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA218000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB6A2D000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB6A09000 \SystemRoot\system32\drivers\portcls.sys
0xBA238000 \SystemRoot\system32\drivers\drmk.sys
0xBA468000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA5D8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA759000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5DC000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA498000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA4A8000 \SystemRoot\System32\drivers\vga.sys
0xBA5E0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA540000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xB6938000 \SystemRoot\system32\drivers\InCDFs.sys
0xBA3C8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3E0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA554000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6925000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB68CC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB68A4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB687E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA268000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB685C000 \SystemRoot\System32\drivers\afd.sys
0xBA278000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA430000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB6831000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA478000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB67C1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA288000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA2A8000 \SystemRoot\system32\drivers\usbaudio.sys
0xB679F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA5F0000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB69E1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB698C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB6974000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA460000 \SystemRoot\system32\DRIVERS\point32.sys
0xB954D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6F27000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA440000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA761000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB5FD1000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB663F000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xB5F6D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB5D24000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA63C000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB59D5000 \SystemRoot\system32\DRIVERS\srv.sys
0xB539F000 \SystemRoot\system32\drivers\wdmaud.sys
0xB547D000 \SystemRoot\system32\drivers\sysaudio.sys
0xB4FFE000 \SystemRoot\System32\Drivers\HTTP.sys
0xB3B27000 \??\C:\DOCUME~1\Donovan\LOCALS~1\Temp\fwnirfod.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 55):
0 System Idle Process
4 System
584 C:\WINDOWS\system32\smss.exe
644 csrss.exe
668 C:\WINDOWS\system32\winlogon.exe
716 C:\WINDOWS\system32\services.exe
728 C:\WINDOWS\system32\lsass.exe
908 C:\WINDOWS\system32\svchost.exe
992 svchost.exe
1116 C:\WINDOWS\system32\svchost.exe
1160 C:\WINDOWS\system32\svchost.exe
1276 svchost.exe
1396 svchost.exe
1500 C:\WINDOWS\system32\spoolsv.exe
1560 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1676 svchost.exe
152 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
168 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
208 C:\Program Files\AskBarDis\bar\bin\AskService.exe
252 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
288 C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
368 C:\Program Files\Bonjour\mDNSResponder.exe
1200 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
1288 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
1372 C:\Program Files\Java\jre6\bin\jqs.exe
1420 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1732 sqlservr.exe
1800 C:\WINDOWS\system32\nvsvc32.exe
1884 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
240 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
796 sqlbrowser.exe
1832 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1916 C:\WINDOWS\system32\svchost.exe
2612 C:\WINDOWS\explorer.exe
2912 alg.exe
3680 C:\WINDOWS\system32\svchost.exe
3708 C:\WINDOWS\system32\rundll32.exe
3764 C:\WINDOWS\RTHDCPL.exe
3792 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3856 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
3876 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
3904 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3932 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3940 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
4016 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4056 C:\Program Files\iTunes\iTunesHelper.exe
1932 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1284 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
632 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
448 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
648 C:\WINDOWS\system32\ctfmon.exe
2396 C:\Program Files\WinZip\WZQKPICK.EXE
2732 C:\Program Files\iPod\bin\iPodService.exe
2552 C:\Documents and Settings\Donovan\My Documents\Downloads\GMER.exe
3236 C:\Documents and Settings\Donovan\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3320620AS, Rev: 3.AAE
PhysicalDrive1 Model Number: ST31000528AS, Rev: CC38

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
931 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


================================================== =======================================

...and GMER...

i knew you wanted this too but it was really giving me a hard time and i'm still not sure that i have what you need. i had to do it in safe mode and...well just tell me if it's ok. here you go.


GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-10 09:05:00
Windows 5.1.2600 Service Pack 3
Running: GMER.exe; Driver: C:\DOCUME~1\ADMINI~1.DON\LOCALS~1\Temp\fwnirfod.sy s


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\DRIVERS\mouclass.sys entry point in ".rsrc" section [0xF779B814]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DB000A
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DC000A
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00DA000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 89EC1EC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\mouclass.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

OK, we have a rootkit here....

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

2010/10/10 15:37:26.0328 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/10 15:37:26.0328 ================================================== ==============================
2010/10/10 15:37:26.0328 SystemInfo:
2010/10/10 15:37:26.0328
2010/10/10 15:37:26.0328 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/10 15:37:26.0328 Product type: Workstation
2010/10/10 15:37:26.0328 ComputerName: DONOVAN-16EEC24
2010/10/10 15:37:26.0328 UserName: Donovan
2010/10/10 15:37:26.0328 Windows directory: C:\WINDOWS
2010/10/10 15:37:26.0328 System windows directory: C:\WINDOWS
2010/10/10 15:37:26.0328 Processor architecture: Intel x86
2010/10/10 15:37:26.0328 Number of processors: 2
2010/10/10 15:37:26.0328 Page size: 0x1000
2010/10/10 15:37:26.0328 Boot type: Normal boot
2010/10/10 15:37:26.0328 ================================================== ==============================
2010/10/10 15:37:26.0578 Initialize success
2010/10/10 15:37:36.0671 ================================================== ==============================
2010/10/10 15:37:36.0671 Scan started
2010/10/10 15:37:36.0671 Mode: Manual;
2010/10/10 15:37:36.0671 ================================================== ==============================
2010/10/10 15:37:36.0937 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/10 15:37:36.0984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/10 15:37:37.0015 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/10 15:37:37.0062 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/10 15:37:37.0375 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/10 15:37:37.0406 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/10 15:37:37.0453 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/10 15:37:37.0531 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/10 15:37:37.0609 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/10/10 15:37:37.0656 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/10/10 15:37:37.0703 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/10 15:37:37.0765 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/10 15:37:37.0812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/10 15:37:37.0843 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/10 15:37:37.0890 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/10 15:37:37.0937 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/10 15:37:38.0218 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/10 15:37:38.0265 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/10 15:37:38.0375 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/10 15:37:38.0406 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/10 15:37:38.0421 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/10 15:37:38.0468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/10 15:37:38.0562 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/10 15:37:38.0578 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/10 15:37:38.0609 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/10 15:37:38.0625 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/10 15:37:38.0671 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/10 15:37:38.0734 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/10/10 15:37:38.0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/10 15:37:38.0812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/10 15:37:38.0890 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/10 15:37:38.0906 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/10 15:37:38.0937 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/10 15:37:38.0968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/10 15:37:39.0046 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/10 15:37:39.0125 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/10 15:37:39.0156 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/10 15:37:39.0218 InCDfs (7bfc3eda22190c0fe8c2ca19e5379da5) C:\WINDOWS\system32\drivers\InCDFs.sys
2010/10/10 15:37:39.0250 InCDPass (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\WINDOWS\system32\drivers\InCDPass.sys
2010/10/10 15:37:39.0281 InCDrec (f8e7c551def07fdc12ca5cc7ae5d975b) C:\WINDOWS\system32\drivers\InCDrec.sys
2010/10/10 15:37:39.0312 incdrm (31a5a3809249a326eb0ef58d563a9654) C:\WINDOWS\system32\drivers\InCDRm.sys
2010/10/10 15:37:39.0500 IntcAzAudAddService (1ebde650d97a8eccdc1cc4a0804647cd) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/10 15:37:39.0609 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/10 15:37:39.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/10 15:37:39.0671 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/10 15:37:39.0703 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/10 15:37:39.0718 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/10 15:37:39.0750 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/10 15:37:39.0781 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/10 15:37:39.0796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/10 15:37:39.0812 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/10 15:37:39.0843 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/10 15:37:39.0906 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/10 15:37:39.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/10 15:37:40.0031 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/10 15:37:40.0078 Mouclass (ef8fd0e7228c59848af037b445db8b42) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/10 15:37:40.0078 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: ef8fd0e7228c59848af037b445db8b42, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
2010/10/10 15:37:40.0078 Mouclass - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/10/10 15:37:40.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/10 15:37:40.0140 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/10 15:37:40.0203 MR97310_VGA_DUAL_CAMERA (9d831a35657155bd3b79cbb1ebe5462e) C:\WINDOWS\system32\DRIVERS\mr97310v.sys
2010/10/10 15:37:40.0234 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/10 15:37:40.0296 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/10 15:37:40.0343 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/10 15:37:40.0406 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/10 15:37:40.0453 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/10 15:37:40.0500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/10 15:37:40.0531 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/10 15:37:40.0593 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/10 15:37:40.0640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/10 15:37:40.0718 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/10 15:37:40.0734 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/10 15:37:40.0750 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/10 15:37:40.0765 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/10 15:37:40.0781 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/10 15:37:40.0843 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/10 15:37:40.0890 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/10 15:37:40.0921 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/10 15:37:41.0000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/10 15:37:41.0203 nv (f43b110e1e97eb5606ab51aea2a26247) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/10 15:37:41.0453 NVENETFD (d875346596bd48d74ac9b9be791b8d69) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/10/10 15:37:41.0484 nvnetbus (f02c1c5e84c37667ecd3eea5958449bc) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/10/10 15:37:41.0531 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/10 15:37:41.0546 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/10 15:37:41.0609 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/10 15:37:41.0640 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/10 15:37:41.0718 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/10 15:37:41.0765 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/10 15:37:41.0843 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/10 15:37:41.0890 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/10 15:37:42.0093 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/10/10 15:37:42.0109 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/10 15:37:42.0140 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/10 15:37:42.0171 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/10 15:37:42.0218 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/10 15:37:42.0281 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/10 15:37:42.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/10 15:37:42.0484 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/10 15:37:42.0500 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/10 15:37:42.0515 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/10 15:37:42.0562 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/10 15:37:42.0625 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/10 15:37:42.0656 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/10 15:37:42.0703 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/10 15:37:42.0812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/10 15:37:42.0843 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/10 15:37:42.0859 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/10 15:37:42.0890 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/10 15:37:42.0968 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/10/10 15:37:43.0031 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/10 15:37:43.0062 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/10 15:37:43.0156 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/10 15:37:43.0265 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/10 15:37:43.0312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/10 15:37:43.0328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/10 15:37:43.0453 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/10 15:37:43.0562 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/10 15:37:43.0593 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/10 15:37:43.0609 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/10 15:37:43.0656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/10 15:37:43.0734 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/10 15:37:43.0812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/10 15:37:43.0906 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/10 15:37:43.0984 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/10 15:37:44.0015 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/10 15:37:44.0062 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/10 15:37:44.0078 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/10 15:37:44.0093 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/10 15:37:44.0125 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/10 15:37:44.0187 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/10 15:37:44.0250 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/10 15:37:44.0296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/10 15:37:44.0343 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/10 15:37:44.0390 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/10 15:37:44.0468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/10 15:37:44.0531 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/10/10 15:37:44.0578 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/10/10 15:37:44.0625 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/10 15:37:44.0671 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/10 15:37:44.0828 ================================================== ==============================
2010/10/10 15:37:44.0828 Scan finished
2010/10/10 15:37:44.0828 ================================================== ==============================
2010/10/10 15:37:44.0828 Detected object count: 1
2010/10/10 15:37:52.0640 Mouclass (ef8fd0e7228c59848af037b445db8b42) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/10 15:37:52.0640 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: ef8fd0e7228c59848af037b445db8b42, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
2010/10/10 15:37:53.0484 Backup copy found, using it..
2010/10/10 15:37:53.0500 C:\WINDOWS\system32\DRIVERS\mouclass.sys - will be cured after reboot
2010/10/10 15:37:53.0500 Rootkit.Win32.TDSS.tdl3(Mouclass) - User select action: Cure