June 2nd, 2010

Redirected searches

Google search shows multiple hits and clicking on a particular hit will more often than not be redirected to some random site, sometimes but not always. The redirects will happen for a period of time, several hours, then for some reason will not happen for several hours then all of a sudden reappear. The url link can be copied to the address bar and this almost always goes to the correct link. I am running xp-pro SP3 with the latest updates on a Dell T7400 and IE6. Kaspersky Internet security with latest database and with the filters set to max. I started experencing this problem about 60 days ago and have been trying to get rid of it. 3 weeks ago unloaded KAS according to directions from KAS service tech. Downloaded MalwareBytes and ran without KAS loaded, MB found two trojans Trojan.agent and Trojan.Fake Alert. which were sucessfully quanantined and deleted. Also downloaded and ran superantispyware which ran to completion and found nothing. KAS was reinstalled and full system scan run with no problems. This was done several weeks ago and the system appeared to be fine. Also cleaned disk and deleted all previous restore files. Over the last week the redirects have reappeared. I have rerun MB and superantispyware as well as full scans with KAS with no anomalies found. The T7400 is on a network with 2 other machines connected to the internet with a cable modem. All of the other machines are running KAS with latest updates. MB and Superantispyware were also run on these machines and on one KAS was unloaded as described above. Neither of these machines are seeing a redirect problem.

I restarted the T7400 and generated the hijackThis log below; Thanks for your assistance in resolving this. Not sure if word wrap is on or off or where to set this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:24 AM, on 6/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe
C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Sentinel Web\Sentinel.exe
C:\Sentinel Web\OPTISAFE_Service.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
C:\Sentinel Web\UPSInt.exe
C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SecureClean4RegManager] "C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe"
O4 - HKLM\..\Run: [SecureClean4Tray] "C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UPSMON] C:\Sentinel Web\Sentinel.exe
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SATARaid5Manager.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll,C:\DOCUME~1\ALLUSE~1\AVP9\kloehk.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OPTISAFEService - Unknown owner - C:\Sentinel Web\OPTISAFE_Service.Exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

End of file - 10507 bytes



June 8th, 2010

Hi boka1,

Welcome to the Dell Community Malware Removal Forum.

Sorry for the delay in getting to your log.

If you still require assistance, please reply to this topic with a fresh HJT log and what symptoms you are having so I can get an update on your system and can begin the cleanup procedure.



June 9th, 2010

Thanks for responding K27, looking forward to resolving this.  Google search shows multiple hits and clicking on a particular hit will more often than not will be redirected to some random site, sometimes but not always. The redirects will happen for a period of time, several hours, then for some reason will not happen for several hours then all of a sudden reappear. Also it takes 18-20 seconds from clicking the IE6 icon to actually getting to google, way longer than it used to which was 2-3 seconds. The url link can be copied to the address bar and this almost always goes to the correct link. I am running xp-pro SP3 with the latest updates on a Dell T7400 and IE6. Kaspersky Internet security with latest database and with the filters set to max. I started experencing this problem about 60 days ago and have been trying to get rid of it. 3 weeks ago unloaded KAS according to directions from KAS service tech. Downloaded MalwareBytes and ran without KAS loaded, MB found two trojans Trojan.agent and Trojan.Fake Alert. which were sucessfully quanantined and deleted. Also downloaded and ran superantispyware which ran to completion and found nothing. KAS was reinstalled and full system scan run with no problems. This was done several weeks ago and the system appeared to be fine. Also cleaned disk and deleted all previous restore files. Over the last week the redirects have reappeared. I have rerun MB and superantispyware as well as full scans with KAS with no anomalies found. The T7400 is on a network with 2 other machines connected to the internet with a cable modem. All of the other machines are running KAS with latest updates. MB and Superantispyware were also run on these machines and on one KAS was unloaded as described above. Neither of these machines are seeing a redirect problem.

I restarted the T7400 and generated this new  hijackThis log below; Thanks for your assistance in resolving this. Not sure if word wrap is on or off or where to set this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:54 AM, on 6/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\Sentinel Web\Sentinel.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Sentinel Web\OPTISAFE_Service.Exe
C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Sentinel Web\UPSInt.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [UPSMON] C:\Sentinel Web\Sentinel.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: SATARaid5Manager.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll,C:\DOCUME~1\ALLUSE~1\AVP9\kloehk.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OPTISAFEService - Unknown owner - C:\Sentinel Web\OPTISAFE_Service.Exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

End of file - 8413 bytes



June 9th, 2010

K27 no problem with most of your request. I assume it may take a couple of days to do this and this is a machine I use for business and have several applications (that do not depend on an internet connection) that I must continue to use every day while running down and eliminating this problem. If it is absolutely necessary I can attempt to move this software and reconfigure the attached hardware (3 monitors and multiple esata drives) to use another machine.

June 9th, 2010

Hi boka1,


Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.

Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.

The first thing to do is to disconnect this from the network. the last thing we want is to be going around in circles chasing our tails and having to clean all the machines because the infection has spread.

All of the tools I ask you to run can be moved from one machine to another on any removable media such as a USB drive or blank CD/DVD, you you need instructions on any of this, please ask.

I know you have already run MBAM, but please follow these instructions.

  • Double click your Malwarebytes desktop icon
  • Click the UPDATE tab at the top
  • Scan for and install any updates it finds
  • Then choose the SCANNER tab and run a FULL SCAN
  • Once finished if MBAM found anything please click Show Results
  • Make sure EVERYTHING has a check in the box next to it and then click Remove Selected
  • Post the MBAM log results back to this thread


Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:

Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)


  • Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to launch it
  • When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
  • When the "quick" scan is finished (a few seconds), click the Rootkit/Malware tab,and then select the Scan button.
  • Leave your system completely idle while this longer scan is in progress.
  • When the scan is done, save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Exit the Program
  • Save the Scan log as ARK.txt and post it in your next reply.
  • Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.

If the ARK tool crashes your machine or causes a Blue Screen error, please post the log results from the first inital quick scan,this can be saved in the same way as the full scan in the above instructions.


Please post the MBAM log and the ARK log back to this thread.


June 9th, 2010


I understand your predicament, but I strongly advise that you DO NOT move anything from the infected machine to any other machine apart from the logs I request that will be in notepad format. There is a high chance that you will infect your other machine;'s and be back to square one.

The quicker you get me the logs, the quicker this can be cleaned. If you really can't live without the software for a few days then so be it, but please try to use the system as little as possible at least until we know what we are dealing with.


June 9th, 2010


June 9th, 2010

I re-ran the hijackthis and the log is below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:18 PM, on 6/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Sentinel Web\OPTISAFE_Service.Exe
C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\Sentinel Web\UPSInt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\Sentinel Web\Sentinel.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [UPSMON] C:\Sentinel Web\Sentinel.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: SATARaid5Manager.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll,C:\DOCUME~1\ALLUSE~1\AVP9\kloehk.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OPTISAFEService - Unknown owner - C:\Sentinel Web\OPTISAFE_Service.Exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

End of file - 8445 bytes


Malwarebytes' Anti-Malware 1.46

Database version: 4184

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/9/2010 7:30:51 PM
mbam-log-2010-06-09 (19-30-51).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|J:\|)
Objects scanned: 315033
Time elapsed: 1 hour(s), 30 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

COULD NOT FIND SHOW RESULTS TAB, Assume that it is only available if something is found

Below is the GMER fast log followed by the long log

Rootkit quick scan 2010-06-09 19:57:51
Windows 5.1.2600 Service Pack 3
Running: m0e7ozt2.exe; Driver: C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\fxtdipog.sys

---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwEnumerateKey [0xB4629ECA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwEnumerateValueKey [0xB4629F74]

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                 SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                               SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                               kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- EOF - GMER 1.0.15 ----


GMER Full log, it appeared to finish ie no scanning activity at the bottom. I closed out of GMER and it is taking  a very long time for the machine to

shut down. Default was C only and I did not modify that, there are 3 other large disk. Kaspersky was turned off an the internet/network cable was disconnected.

Rootkit scan 2010-06-09 20:34:24
Windows 5.1.2600 Service Pack 3
Running: m0e7ozt2.exe; Driver: C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\fxtdipog.sys

---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwAdjustPrivilegesToken [0xB462A58C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwClose [0xB462AE0C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwConnectPort [0xB462B922]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateEvent [0xB462BE94]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateFile [0xB462B0EE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateKey [0xB4629436]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateMutant [0xB462BD6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateNamedPipeFile [0xB462A192]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreatePort [0xB462BC28]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateSection [0xB462A34E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateSemaphore [0xB462BFC6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateSymbolicLinkObject [0xB462DC08]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateThread [0xB462AAAA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateWaitablePort [0xB462BCCA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwDebugActiveProcess [0xB462D5FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwDeleteKey [0xB46299FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwDeleteValueKey [0xB4629D88]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwDeviceIoControlFile [0xB462B576]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwDuplicateObject [0xB462E5CA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwEnumerateKey [0xB4629ECA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwEnumerateValueKey [0xB4629F74]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwFsControlFile [0xB462B382]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwLoadDriver [0xB462D68C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwLoadKey [0xB4629412]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwLoadKey2 [0xB4629424]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwMapViewOfSection [0xB462DCBC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwNotifyChangeKey [0xB462A0C0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenEvent [0xB462BF36]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenFile [0xB462AE8E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenKey [0xB46295DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenMutant [0xB462BE04]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenProcess [0xB462A792]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenSection [0xB462DC32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenSemaphore [0xB462C068]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenThread [0xB462A6B6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwQueryKey [0xB462A01E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwQueryMultipleValueKey [0xB4629C46]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwQuerySection [0xB462DFD4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwQueryValueKey [0xB4629896]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwQueueApcThread [0xB462D922]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwRenameKey [0xB4629B0E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwReplaceKey [0xB46292B0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwReplyPort [0xB462C3F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwReplyWaitReceivePort [0xB462C2B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwRequestWaitReplyPort [0xB462D39A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwRestoreKey [0xB4630E2C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwResumeThread [0xB462E4AC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSaveKey [0xB4629248]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSecureConnectPort [0xB462B65C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSetContextThread [0xB462ACC8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSetInformationToken [0xB462CC4A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSetSecurityObject [0xB462D786]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSetSystemInformation [0xB462E114]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSetValueKey [0xB462971E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSuspendProcess [0xB462E1F8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSuspendThread [0xB462E320]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSystemDebugControl [0xB462D526]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwTerminateProcess [0xB462A90A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwTerminateThread [0xB462A860]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwUnmapViewOfSection [0xB462DE8A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwWriteVirtualMemory [0xB462A9EA]

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!FsRtlCheckLockForReadAccess                                                                                                                     804EAF84 5 Bytes  JMP B461F4DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           ntkrnlpa.exe!IoIsOperationSynchronous                                                                                                                        804EF912 5 Bytes  JMP B461F8B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           ntkrnlpa.exe!ZwCallbackReturn + 2C74                                                                                                                         80504510 2 Bytes  [36, 94]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2C98                                                                                                                         80504534 16 Bytes  [4E, A3, 62, B4, C6, BF, 62, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2CCC                                                                                                                         80504568 2 Bytes  [FA, 99] {CLI ; CDQ }
.text           ntkrnlpa.exe!ZwCallbackReturn + 2CD4                                                                                                                         80504570 2 Bytes  [88, 9D]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2CD7                                                                                                                         80504573 5 Bytes  [B4, 76, B5, 62, B4]
.text           ...                                                                                                                                                         
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                                     section is writeable [0xB8B26360, 0x3475F7, 0xE8000020]
init            C:\WINDOWS\system32\drivers\Senfilt.sys                                                                                                                      entry point in "init" section [0xB46B3A00]

---- User code sections - GMER 1.0.15 ----

?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] C:\WINDOWS\system32\ntdll.dll                                                   time/date stamp mismatch;
?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] C:\WINDOWS\system32\kernel32.dll                                                time/date stamp mismatch;
.text           C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] USER32.dll!AlignRects + FFFA5598                                                7E412A78 4 Bytes  [70, 11, 33, 6D]
?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] C:\WINDOWS\system32\ntdll.dll                                                  time/date stamp mismatch;
?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] C:\WINDOWS\system32\kernel32.dll                                               time/date stamp mismatch;
.text           C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] USER32.dll!AlignRects + FFFA5598                                               7E412A78 4 Bytes  [70, 11, 33, 6D]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                                      [B40DECC0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                                      [B40DECC0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap]                  00370240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap]                      003702B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap]                      00370320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap]                00370390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA]              00A60860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                    00A608D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                    00A60940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                  00A609B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                     00A60A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     00A60A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread]                    00370630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc]                    003706A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree]                     00370710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                        00370780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                    003707F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                  00A60B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]                00A60B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW]            00A60BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread]                  00370860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00A60C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                  00A60CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                   00A60D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                  00A60DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                00A60E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc]                  003709B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                   00370A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                      00370A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                  00370B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap]                00370B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00A60E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                   00A60EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                   00A60F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW]             7D1F0550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                 7D1F05C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary]                    7D1F0630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap]                       00370BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap]                   00370C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  7D1F06A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread]                    00370CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                  7D1F0710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA]              7D1F0780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                    7D1F07F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     7D1F0860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                  7D1F08D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                    7D1F0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary]                     7D1F09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW]              7D1F0A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap]                    00370EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap]                        00370F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]      7D1F0A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                   7D1F0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                     7D1F0B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]                      7D1F0BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                   7D1F0C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                     7D1F0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap]                     7D1E0390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap]                         7D1E0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode]                    00A70240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     00A702B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                  00A70320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                    00A70390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary]                     00A70400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA]                  00A70470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW]                  00A704E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA]              00A70550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy]                     7D1E0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree]                     7D1E09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc]                    7D1E0A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread]                    7D1E0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW]              00A705C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc]                   7D1E0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree]                    7D1E0D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy]                    7D1E0EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00A70710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                   00A70780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW]                 00A707F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW]             00A70860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode]                   00A708D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                   00A70940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                 00A709B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread]                   7D1E0F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                 00A70A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]                    00A70A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]                 00A70B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap]                       00380010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00A70B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                   00A70BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW]             00A70C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                 00A70CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                 00A70D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                   00A70DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA]                 00A70E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW]                 00A70E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                    00A70EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                   00380080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy]                    003800F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                   00A70F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                 00A80010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA]             00A80080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                   00A800F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                     00A80160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary]                      00A801D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                     00A80240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW]               00A802B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread]                     00380390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                   00A80320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]                   00A80390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW]                   00A80400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc]                     00380400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]      00A80470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap]                         00380470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA]                     00A90240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary]                      00A902B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress]                   00A90320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter]      00A90390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode]                   00A90780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW]                   00A907F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA]                 00A90860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread]                   7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW]                 00A908D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW]             00A90940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress]                 00A909B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary]                    00A90A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA]                   00A90A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00A90B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap]                       7D1E0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]                  7D1F0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]                  7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary]                   7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]                7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA]            7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread]                  7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap]                  7D1E0010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap]                      7D1E0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy]                     7D1E0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                  7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA]              7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                    7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread]                    7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary]                     7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary]                    7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA]                   7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA]             7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread]                   7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]                 7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary]                   7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy]                   7D1E0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress]                7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA]                  7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap]                      7D1E0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap]                  7D1E0010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary]                    7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                 7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]                   7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA]                 7D1F0320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]                 7D1F0390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread]                   7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW]             7D1F01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA]             7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree]                     7D1E0320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc]                    7D1E02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread]                   7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode]                   7D1F0470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA]             7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA]                 7D1F0320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW]                   7D1F0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                 7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA]                   7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary]                    7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap]                 00030240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap]                     000302B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap]                     00030320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap]               00030390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA]             00C80860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                   00C808D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                   00C80940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                 00C809B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                    00C80A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00C80A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread]                   00030630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc]                   000306A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree]                    00030710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                       00030780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                   000307F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                 00C80B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]               00C80B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW]           00C80BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread]                 00030860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  00C80C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                 00C80CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  00C80D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 00C80DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]               00C80E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc]                 000309B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                  00030A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                     00030A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                 00030B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap]               00030B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00C80E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  00C80EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                  00C80F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW]            7D1F0550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                7D1F05C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary]                   7D1F0630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap]                      00030BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap]                  00030C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                 7D1F06A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread]                   00030CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                 7D1F0710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA]             7D1F0780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                   7D1F07F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7D1F0860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                 7D1F08D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                   7D1F0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary]                    7D1F09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW]             7D1F0A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap]                   00030EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap]                       00030F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     7D1F0A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                  7D1F0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    7D1F0B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]                     7D1F0BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                  7D1F0C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                    7D1F0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap]                    7D1E0390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap]                        7D1E0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode]                   00C90240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00C902B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                 00C90320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                   00C90390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary]                    00C90400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA]                 00C90470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW]                 00C904E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA]             00C90550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy]                    7D1E0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree]                    7D1E09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc]                   7D1E0A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread]                   7D1E0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW]             00C905C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc]                  7D1E0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree]                   7D1E0D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy]                   7D1E0EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00C90710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                  00C90780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW]                00C907F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW]            00C90860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode]                  00C908D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                  00C90940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                00C909B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread]                  7D1E0F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                00C90A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]                   00C90A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]                00C90B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap]                      00380010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00C90B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  00C90BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW]            00C90C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                00C90CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                00C90D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                  00C90DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA]                00C90E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW]                00C90E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                   00C90EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                  00380080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy]                   003800F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                  00C90F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                00CA0010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA]            00CA0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                  00CA00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                    00CA0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary]                     00CA01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                    00CA0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW]              00CA02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread]                    00380390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                  00CA0320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]                  00CA0390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW]                  00CA0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc]                    00380400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     00CA0470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap]                        00380470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA]                    00CB05C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary]                     00CB0630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress]                  00CB06A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter]     00CB0710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode]                  00CB0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW]                  00CB0B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA]                00CB0BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread]                  7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW]                00CB0C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW]            00CB0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress]                00CB0D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary]                   00CB0DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA]                  00CB0E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00CB0E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap]                      7D1E0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]                 7D1F0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]                 7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary]                  7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]               7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA]           7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread]                 7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap]                 7D1E0010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap]                     7D1E0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy]                    7D1E0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                 7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA]             7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                   7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread]                   7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary]                    7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary]                   7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA]                  7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA]            7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread]                  7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]                7D1F0240

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                       SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                     kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                    kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume4                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume4                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume5                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume5                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume6                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume6                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume7                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume7                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume8                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume8                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                    kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                                  kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                     SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                     fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                                                                       DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----



June 9th, 2010




Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)


Please download ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:

Combo-fix MUST be save to your desktop before running the tool

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When prompted to install the recovery console please make sure to do so as the is a VERY IMPORTANT backup of Combo-fix XP only

You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run Combo-Fix,
Post back and we will install it manually.

DO NOT mouse click when Combo-Fix is running as this will cause Combo-Fix to Stall and it will not work as it should

Please include the C:\ComboFix.txt in your next reply for further review.


June 10th, 2010

downloading and preparing to run combofix, were there any obvious threats in the previous post?

June 10th, 2010

Combofix was downloaded and copied to the desktop. All applications indicated were disabled. Net connection left intact. Combofix was run and the recovery console was successfully auto loaded. Combofix ran to completion with no intervention.



ComboFix 10-06-09.04 - Robert Chancellor 06/10/2010   9:45.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2558.1955 [GMT -5:00]
Running from: c:\documents and settings\Robert Chancellor\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

c:\documents and settings\Robert Chancellor\g2mdlhlpx.exe
c:\documents and settings\Robert Chancellor\GoToAssistDownloadHelper.exe

(((((((((((((((((((((((((   Files Created from 2010-05-10 to 2010-06-10  )))))))))))))))))))))))))))))))

2010-06-08 18:30 . 2010-06-08 18:30 63488 ----a-w- c:\documents and settings\Robert Chancellor\Application Data\\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-08 18:30 . 2010-06-08 18:30 52224 ----a-w- c:\documents and settings\Robert Chancellor\Application Data\\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-08 18:30 . 2010-06-08 18:30 117760 ----a-w- c:\documents and settings\Robert Chancellor\Application Data\\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-08 18:30 . 2010-06-08 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\
2010-06-08 18:29 . 2010-06-09 15:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-08 18:29 . 2010-06-08 18:29 -------- d-----w- c:\documents and settings\Robert Chancellor\Application Data\
2010-06-02 20:26 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 20:26 . 2010-06-02 20:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 20:26 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-23 14:17 . 2010-05-23 14:17 -------- d-----w- c:\program files\Trend Micro
2010-05-21 22:15 . 2010-05-21 22:15 503808 ----a-w- c:\documents and settings\Robert Chancellor\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-38e47637-n\msvcp71.dll
2010-05-21 22:15 . 2010-05-21 22:15 499712 ----a-w- c:\documents and settings\Robert Chancellor\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-38e47637-n\jmc.dll
2010-05-21 22:15 . 2010-05-21 22:15 348160 ----a-w- c:\documents and settings\Robert Chancellor\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-38e47637-n\msvcr71.dll

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
2010-06-10 14:28 . 2008-04-05 13:42 -------- d-----w- c:\documents and settings\Robert Chancellor\Application Data\HPAppData
2010-06-10 06:08 . 2009-04-01 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Retrospect
2010-06-10 02:09 . 2010-05-07 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-06-10 01:39 . 2008-03-15 15:58 15976 ----a-w- c:\windows\system32\Temp.tmp
2010-06-09 22:26 . 2008-04-06 20:21 1882904 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-06-08 14:15 . 2008-03-15 02:07 8 ----a-w- c:\windows\system32\nvModes.dat
2010-06-02 20:26 . 2010-05-11 00:47 -------- d-----w- c:\documents and settings\Robert Chancellor\Application Data\Malwarebytes
2010-06-02 20:26 . 2010-05-11 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-30 21:27 . 2008-03-11 03:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-13 12:07 . 2008-03-11 03:44 -------- d-----w- c:\program files\Google
2010-05-07 19:07 . 2010-05-07 19:07 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\\sys\i386\5.1\klif.sys
2010-05-07 18:44 . 2008-03-15 03:21 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-07 18:33 . 2010-05-07 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-05-07 18:21 . 2010-05-07 17:13 1736 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-04-24 21:56 . 2010-04-24 22:01 390656 ----a-w- C:\STOPzilla_Setup.exe
2010-04-24 15:32 . 2008-06-04 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Rose Point Navigation Systems
2010-04-22 22:43 . 2008-03-15 03:44 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2010-04-22 21:39 . 2010-04-22 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-04-20 23:33 . 2010-04-20 23:33 581632 ---ha-w- C:\SZKGFS.dat
2010-04-20 23:01 . 2008-03-17 13:45 -------- d-----w- c:\program files\Schlumberger
2010-04-19 12:30 . 2008-10-15 13:04 -------- d-----w- c:\program files\Security Task Manager
2010-04-18 21:25 . 2010-04-18 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-04-18 21:24 . 2010-04-18 21:24 -------- d-----w- c:\program files\Common Files\iS3
2010-04-17 21:41 . 2010-04-17 21:41 75776 --sha-r- c:\windows\system32\msimsgh.dll
2010-04-14 04:49 . 2008-03-15 03:47 0 ----a-w- c:\windows\brdfxspd.dat
2010-03-16 08:25 . 2009-11-12 13:28 79488 ----a-w- c:\documents and settings\Robert Chancellor\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2004-02-14 02:26 . 2008-03-17 17:46 1221120 ----a-w- c:\program files\TXTPAD32.EXE
2010-01-24 18:45 . 2008-03-15 03:21 47233568 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-24 18:45 . 2008-03-15 03:21 2179104 --sha-w- c:\windows\system32\drivers\fidbox2.dat

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-08-30 178712]
"Popup"="c:\program files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2007-07-20 77922]
"UPSMON"="c:\sentinel web\Sentinel.exe" [2007-07-17 430080]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-14 8523776]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SATARaid5Manager.lnk - c:\windows\Installer\{E4D034E1-7643-4E63-928F-22174534B470}\_607517601492A67A51EB97.exe [2008-3-18 1206]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-27 20:05 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-04-10 01:14 136472 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-10-31 01:11 909208 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-02 18:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 20:04 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2005-06-10 09:21 217088 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
2008-04-14 00:12 208896 ----a-w- c:\windows\inf\unregmp2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-01-14 00:31 8523776 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 19:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureClean4RegManager]
2004-06-04 16:48 1262592 ----a-w- c:\program files\WhiteCanyon\SecureClean 4\SCRegManager4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureClean4Tray]
2004-06-04 16:56 1568768 ----a-w- c:\program files\WhiteCanyon\SecureClean 4\SCTray4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-05-25 14:16 49152 ------w- c:\program files\Brother\Brmfl04e\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-08-13 21:53 1036288 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 10:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-04-10 01:11 2595792 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TrkWks"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"EnableFirewall"= 0 (0x0)

"c:\\Program Files\\Dell SAS RAID Storage Manager\\MegaPopup\\popup.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Retrospect\\Retrospect 7.6\\Retrospect.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R0 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\drivers\Si3124r5.sys [3/18/2008 8:48 PM 207152]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 2:30 PM 79168]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [3/14/2008 10:49 PM 2944]
R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [3/14/2008 10:47 PM 61952]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [3/14/2008 10:49 PM 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [3/14/2008 10:49 PM 10368]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 OPTISAFEService;OPTISAFEService;c:\sentinel web\OPTISAFE_Service.exe [3/31/2009 1:39 PM 369664]
S2 SATARaid5 Config Service;SATARaid5 Configuration Service;c:\program files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe [10/5/2005 6:19 PM 131072]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 9:50 PM 135664]
Contents of the 'Scheduled Tasks' folder

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 02:50]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 02:50]
------- Supplementary Scan -------
uStart Page = hxxp://
mSearch Bar = hxxp://
uInternet Connection Wizard,ShellNext = hxxp://
uInternet Settings,ProxyOverride =;localhost;T7400
uSearchAssistant = hxxp://
uSearchURL,(Default) = hxxp://
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe



catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2010-06-10 09:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

--------------------- LOCKED REGISTRY KEYS ---------------------

@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1352)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(1412)
Completion time: 2010-06-10  09:50:10
ComboFix-quarantined-files.txt  2010-06-10 14:50

Pre-Run: 259,518,369,792 bytes free
Post-Run: 259,576,418,304 bytes free

[boot loader]
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

- - End Of File - - 7A1EBC2B36818957970F3652A1AD432D

June 11th, 2010

Hi Boka1

Sorry for the delay, The first thing I strongly recommend that you do is uninstall StopZilla, this will clash with Kaspersky.

There are a few things I would like to check before I make any kind of diagnosis.


Please go to VirSCAN where you will see a browse button at the top of the screen.

  • Click the Browse button
  • Locate the following file(s)(Note:You can only upload one file at a time)

c:\sentinel web\Sentinel.exe

  • Click Upload button
  • Once the scan has finished, click the Save to Clipboard button at the bottom of the page
  • Open Notepad and right click and then click paste
  • Post Report(s) back to this thread


Note: you may need to show hidden files to locate the files requested:

Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Look for "Hidden files and folders"
Select "Show hidden files and folders"
Click on Apply.
Next go to the side of the Search box and select All files and folders. Go down to More advanced options.
Be sure the first three boxes are selected:


  • Search System folders
  • Search Hidden Files and folders
  • Search SubFolders


Remember to hide hidden files/folders by reversing the action when you have finished


Please provide a link to each of the files you upload. This can be done by copy/pasting the web address AFTER the scan has compleated. This will take me directly to the results and make them easier for me to read.



Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)

Please Download RootRepeal:

  • Extract the archive to a folder you create such as C:\RootRepeal
  • Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
  • Click the "File" tab (located at the bottom of the RootRepeal screen)
  • Click the "Scan" button
  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
  • Click OK and the file scan will begin
  • When the scan is done, there will be files listed, but most if not all of them will be legitimate
  • Click the "Save Report" Button
  • Save the log file to your Documents folder
  • Post the content of the RootRepeal file scan log in your next reply.


NOTE: This log may be large so please use multipul post's if need be

Please provide the links to the files I have asked to be uploaded (Six (6) in total) along with the RootRepeal log and also please post the log located at C:\Qoobox\Add-Remove Programs.txt



June 11th, 2010

The requested logs from virus scan are below.

I had previously installed and removed stopzilla using the uninstall in control panel.
I also did a directory search for stopzilla and only found a copy of the downloaded executable,
but it is not installed. If there are registry entries or additional files that should be deleted let me know. IE6 comes up very slowly with Kaspersly active. With Kaspersly turned off the link is almost instant.

Of note .....msimsgh.dll generates an error message when attempting to upload. .....Message is ERROR: Can't find upload file!
The file icon is greyed out in the windows directory listing.

RootRepeal was downloaded and the attached disk were selected including C:. Executing RootRepeal and Almost immediately I get the blue screen of death!  Windows boots back up but looks like something got hosed as it appears the raid array (C: is raid mirrored with 2 disks) is re sycronizing. When WinXP came up I got pop up boxes with Event Norification Applica.... Controller ID:0 PD removed:0:0 and a second pop up box Event Norification Applica.... Controller ID:0 PD removed:0:1, . 

I did some searches this AM and did not encounter any redirects although as mentioned above IE6 is very slow to get to the google screen.

LOG oF VirScan

Report Below Scanned Report :
Scanned time   : 2010/06/11 14:54:12 (CDT)
Scanner results: Scanners did not find malware!
File Name      : Temp.tmp
File Size      : 15976 byte
File Type      : ASCII English text, with very long lines, with CRLF line ter
MD5            : 03d3b49713ac3881c44eb4f6cf945ecc
SHA1           : 14534036db1cd1fc69e07bf4804a430f3bdf6d89
Online report  :

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared        20100612000344    2010-06-12  0.08   -
AhnLab V3      2010.06.11.01   2010.06.11        2010-06-11  0.08   -
AntiVir         2010-06-11  0.25   -
Antiy          2.0.18          20100611.4748539  2010-06-11  0.02   -
Arcavir        2009            201006111412      2010-06-11  0.02   -
Authentium     5.1.1           201006102208      2010-06-10  1.29   -
AVAST!         4.7.4           100611-1          2010-06-11  0.01   -
AVG            8.5.793         271.1.1/2931      2010-06-11  0.23   -
BitDefender    7.90123.6174222 7.32157           2010-06-12  3.94   -
ClamAV         0.96.1          11179             2010-06-11  0.01   -
Comodo         3.13.579        5059              2010-06-11  0.08   -
CP Secure         2010.06.12        2010-06-12  0.01   -
Dr.Web      2010.06.12        2010-06-12  7.86   -
F-Prot        20100610          2010-06-10  1.38   -
F-Secure       7.02.73807      2010.06.11.04     2010-06-11  1.47   -
Fortinet       4.1.133         12.41             2010-06-11  0.08   -
GData          21.331/21.112   20100611          2010-06-11  0.08   -
ViRobot        20100611        2010.06.11        2010-06-11  0.08   -
Ikarus         T3.1.01.84      2010.06.11.76048  2010-06-11  6.69   -
JiangMin       13.0.900        2010.06.11        2010-06-11  0.08   -
Kaspersky      5.5.10          2010.06.11        2010-06-11  0.04   -
KingSoft       2009.2.5.15     2010.6.11.19      2010-06-11  0.08   -
McAfee         5400.1158       6010              2010-06-11  16.16  -
Microsoft      1.5802          2010.06.11        2010-06-11  0.08   -
Norman         6.04.12         6.04.00           2010-06-11  4.01   -
Panda          9.05.01         2010.06.10        2010-06-10  0.08   -
Trend Micro    9.120-1004      7.233.00          2010-06-11  0.03   -
Quick Heal     10.00           2010.06.11        2010-06-11  0.08   -
Rising         20.0         2010-06-11  0.08   -
Sophos         3.07.1          4.54              2010-06-12  3.38   -
Sunbelt        3.9.2424.2      6436              2010-06-11  0.09   -
Symantec        20100611.003      2010-06-11  0.00   -
nProtect       20100609.02     8607500           2010-06-09  0.08   -
The Hacker         v00297            2010-06-11  0.08   -
VBA32       20100611.0805     2010-06-11  2.93   -
VirusBuster       10.126.78/2044652 2010-06-11  2.42   -


c:\windows\system32\AutoPartNt.exe Scanned Report :
Scanned time   : 2010/06/11 14:58:26 (CDT)
Scanner results: Scanners did not find malware!
File Name      : AutoPartNt.exe
File Size      : 1882904 byte
File Type      : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5            : fc08b2d6ed9cc9b05989613318062d04
SHA1           : 2bf2ae68d4589d20711faeee2b1fd29255aeceb2
Online report  :

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared        20100612000344    2010-06-12  0.08   -
AhnLab V3      2010.06.11.01   2010.06.11        2010-06-11  0.08   -
AntiVir         2010-06-11  0.26   -
Antiy          2.0.18          20100611.4748539  2010-06-11  0.02   -
Arcavir        2009            201006111412      2010-06-11  0.12   -
Authentium     5.1.1           201006102208      2010-06-10  4.82   -
AVAST!         4.7.4           100611-1          2010-06-11  0.11   -
AVG            8.5.793         271.1.1/2931      2010-06-11  0.26   -
BitDefender    7.90123.6174222 7.32157           2010-06-12  3.96   -
ClamAV         0.96.1          11179             2010-06-11  0.30   -
Comodo         3.13.579        5059              2010-06-11  0.08   -
CP Secure         2010.06.12        2010-06-12  0.49   -
Dr.Web      2010.06.12        2010-06-12  8.14   -
F-Prot        20100610          2010-06-10  4.55   -
F-Secure       7.02.73807      2010.06.11.04     2010-06-11  10.56  -
Fortinet       4.1.133         12.41             2010-06-11  0.08   -
GData          21.331/21.112   20100611          2010-06-11  0.08   -
ViRobot        20100611        2010.06.11        2010-06-11  0.08   -
Ikarus         T3.1.01.84      2010.06.11.76048  2010-06-11  7.17   -
JiangMin       13.0.900        2010.06.11        2010-06-11  0.08   -
Kaspersky      5.5.10          2010.06.11        2010-06-11  0.09   -
KingSoft       2009.2.5.15     2010.6.11.19      2010-06-11  0.08   -
McAfee         5400.1158       6010              2010-06-11  16.11  -
Microsoft      1.5802          2010.06.11        2010-06-11  0.08   -
Norman         6.04.12         6.04.00           2010-06-11  6.01   -
Panda          9.05.01         2010.06.10        2010-06-10  0.08   -
Trend Micro    9.120-1004      7.233.00          2010-06-11  0.36   -
Quick Heal     10.00           2010.06.11        2010-06-11  0.08   -
Rising         20.0         2010-06-11  0.08   -
Sophos         3.07.1          4.54              2010-06-12  3.40   -
Sunbelt        3.9.2424.2      6436              2010-06-11  0.08   -
Symantec        20100611.003      2010-06-11  0.00   -
nProtect       20100609.02     8607500           2010-06-09  0.08   -
The Hacker         v00297            2010-06-11  0.08   -
VBA32       20100611.0805     2010-06-11  2.96   -
VirusBuster       10.126.78/2044652 2010-06-11  3.05   -

c:\windows\system32\nvModes.dat Scanned Report :
Scanned time   : 2010/06/11 15:01:29 (CDT)
Scanner results: Scanners did not find malware!
File Name      : nvModes.dat
File Size      : 8 byte
File Type      : data
MD5            : 783c58fd708782745bbadbac46a1eba6
SHA1           : 8396f61d4aac79fa7326c970e00c753cf3bdeaf3
Online report  :

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared        20100612000344    2010-06-12  0.08   -
AhnLab V3      2010.06.11.01   2010.06.11        2010-06-11  0.08   -
AntiVir         2010-06-11  0.25   -
Antiy          2.0.18          20100611.4748539  2010-06-11  0.02   -
Arcavir        2009            201006111412      2010-06-11  0.02   -
Authentium     5.1.1           201006102208      2010-06-10  1.27   -
AVAST!         4.7.4           100611-1          2010-06-11  0.00   -
AVG            8.5.793         271.1.1/2931      2010-06-11  0.23   -
BitDefender    7.90123.6174222 7.32157           2010-06-12  3.91   -
ClamAV         0.96.1          11179             2010-06-11  0.00   -
Comodo         3.13.579        5059              2010-06-11  0.08   -
CP Secure         2010.06.12        2010-06-12  0.00   -
Dr.Web      2010.06.12        2010-06-12  8.09   -
F-Prot        20100610          2010-06-10  1.27   -
F-Secure       7.02.73807      2010.06.11.04     2010-06-11  10.44  -
Fortinet       4.1.133         12.41             2010-06-11  0.08   -
GData          21.331/21.112   20100611          2010-06-11  0.08   -
ViRobot        20100611        2010.06.11        2010-06-11  0.08   -
Ikarus         T3.1.01.84      2010.06.11.76048  2010-06-11  6.64   -
JiangMin       13.0.900        2010.06.11        2010-06-11  0.08   -
Kaspersky      5.5.10          2010.06.11        2010-06-11  0.03   -
KingSoft       2009.2.5.15     2010.6.11.19      2010-06-11  0.08   -
McAfee         5400.1158       6010              2010-06-11  16.34  -
Microsoft      1.5802          2010.06.11        2010-06-11  0.08   -
Norman         6.04.12         6.04.00           2010-06-11  6.01   -
Panda          9.05.01         2010.06.10        2010-06-10  0.08   -
Trend Micro    9.120-1004      7.233.00          2010-06-11  0.02   -
Quick Heal     10.00           2010.06.11        2010-06-11  0.08   -
Rising         20.0         2010-06-11  0.08   -
Sophos         3.07.1          4.54              2010-06-12  3.41   -
Sunbelt        3.9.2424.2      6436              2010-06-11  0.08   -
Symantec        20100611.003      2010-06-11  0.00   -
nProtect       20100609.02     8607500           2010-06-09  0.08   -
The Hacker         v00297            2010-06-11  0.08   -
VBA32       20100611.0805     2010-06-11  2.66   -
VirusBuster       10.126.78/2044652 2010-06-11  2.37   -


C:\SZKGFS.dat Scanned Report :
Scanned time   : 2010/06/11 15:05:34 (CDT)
Scanner results: Scanners did not find malware!
File Name      : SZKGFS.dat
File Size      : 581632 byte
File Type      : data
MD5            : 9d78b702d600d5b8720f07ee9932e137
SHA1           : 1730360aa3fa1cbb608920e4bbd3ccead9e3c183
Online report  :

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared        20100612000344    2010-06-12  0.08   -
AhnLab V3      2010.06.11.01   2010.06.11        2010-06-11  0.08   -
AntiVir         2010-06-11  0.26   -
Antiy          2.0.18          20100611.4748539  2010-06-11  0.02   -
Arcavir        2009            201006111412      2010-06-11  0.02   -
Authentium     5.1.1           201006102208      2010-06-10  1.27   -
AVAST!         4.7.4           100611-1          2010-06-11  0.02   -
AVG            8.5.793         271.1.1/2931      2010-06-11  0.23   -
BitDefender    7.90123.6174222 7.32157           2010-06-12  3.93   -
ClamAV         0.96.1          11179             2010-06-11  0.05   -
Comodo         3.13.579        5059              2010-06-11  0.08   -
CP Secure         2010.06.12        2010-06-12  0.02   -
Dr.Web      2010.06.12        2010-06-12  7.88   -
F-Prot        20100610          2010-06-10  1.26   -
F-Secure       7.02.73807      2010.06.11.04     2010-06-11  4.70   -
Fortinet       4.1.133         12.41             2010-06-11  0.08   -
GData          21.331/21.112   20100611          2010-06-11  0.08   -
ViRobot        20100611        2010.06.11        2010-06-11  0.08   -
Ikarus         T3.1.01.84      2010.06.11.76048  2010-06-11  6.71   -
JiangMin       13.0.900        2010.06.11        2010-06-11  0.08   -
Kaspersky      5.5.10          2010.06.11        2010-06-11  0.03   -
KingSoft       2009.2.5.15     2010.6.11.19      2010-06-11  0.08   -
McAfee         5400.1158       6010              2010-06-11  15.98  -
Microsoft      1.5802          2010.06.11        2010-06-11  0.08   -
Norman         6.04.12         6.04.00           2010-06-11  6.01   -
Panda          9.05.01         2010.06.10        2010-06-10  0.08   -
Trend Micro    9.120-1004      7.233.00          2010-06-11  0.02   -
Quick Heal     10.00           2010.06.11        2010-06-11  0.08   -
Rising         20.0         2010-06-11  0.08   -
Sophos         3.07.1          4.54              2010-06-12  3.42   -
Sunbelt        3.9.2424.2      6436              2010-06-11  0.08   -
Symantec        20100611.003      2010-06-11  0.00   -
nProtect       20100609.02     8607500           2010-06-09  0.08   -
The Hacker         v00297            2010-06-11  0.08   -
VBA32       20100611.0805     2010-06-11  2.81   -
VirusBuster       10.126.78/2044652 2010-06-11  2.38   -



When attempting to upload an error message in comes up
ERROR: Can't find upload file!
The file icon is greyed out


c:\sentinel web\Sentinel.exe Scanned Report :
Scanned time   : 2010/06/11 15:12:10 (CDT)
Scanner results: Scanners did not find malware!
File Name      : Sentinel.exe
File Size      : 430080 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : dfacae769aba8b010f9b596439b7cbc1
SHA1           : 3f019c5488546d1450718288487a1a427b676db3
Online report  :

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared        20100612000344    2010-06-12  0.08   -
AhnLab V3      2010.06.11.01   2010.06.11        2010-06-11  0.08   -
AntiVir         2010-06-11  0.27   -
Antiy          2.0.18          20100611.4748539  2010-06-11  0.02   -
Arcavir        2009            201006111412      2010-06-11  0.11   -
Authentium     5.1.1           201006102208      2010-06-10  3.73   -
AVAST!         4.7.4           100611-1          2010-06-11  0.04   -
AVG            8.5.793         271.1.1/2931      2010-06-11  0.34   -
BitDefender    7.90123.6174222 7.32157           2010-06-12  4.06   -
ClamAV         0.96.1          11179             2010-06-11  0.09   -
Comodo         3.13.579        5059              2010-06-11  0.08   -
CP Secure         2010.06.12        2010-06-12  0.10   -
Dr.Web      2010.06.12        2010-06-12  8.23   -
F-Prot        20100610          2010-06-10  3.56   -
F-Secure       7.02.73807      2010.06.11.04     2010-06-11  5.15   -
Fortinet       4.1.133         12.41             2010-06-11  0.08   -
GData          21.331/21.112   20100611          2010-06-11  0.08   -
ViRobot        20100611        2010.06.11        2010-06-11  0.08   -
Ikarus         T3.1.01.84      2010.06.11.76048  2010-06-11  7.07   -
JiangMin       13.0.900        2010.06.11        2010-06-11  0.08   -
Kaspersky      5.5.10          2010.06.11        2010-06-11  0.10   -
KingSoft       2009.2.5.15     2010.6.11.19      2010-06-11  0.08   -
McAfee         5400.1158       6010              2010-06-11  16.12  -
Microsoft      1.5802          2010.06.11        2010-06-11  0.08   -
Norman         6.04.12         6.04.00           2010-06-11  6.01   -
Panda          9.05.01         2010.06.10        2010-06-10  0.08   -
Trend Micro    9.120-1004      7.233.00          2010-06-11  0.04   -
Quick Heal     10.00           2010.06.11        2010-06-11  0.08   -
Rising         20.0         2010-06-11  0.08   -
Sophos         3.07.1          4.54              2010-06-12  3.43   -
Sunbelt        3.9.2424.2      6436              2010-06-11  0.08   -
Symantec        20100611.003      2010-06-11  0.00   -
nProtect       20100609.02     8607500           2010-06-09  0.08   -
The Hacker         v00297            2010-06-11  0.08   -
VBA32       20100611.0805     2010-06-11  2.87   -
VirusBuster       10.126.78/2044652 2010-06-11  5.49   -



June 11th, 2010 15:00


Blue Screen errors are not uncommon with Anti-Rootkit tools. We will remove the left overs of StopZilla in the step after this:


Please download OTL to your Desktop.

  • Double click on the icon to run it.(Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys /90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



  • Please put a check mark in the boxes next to LOP Check and Purity Check
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized



Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

These will be long logs, so please use multipul post if need be.


23 Posts

June 11th, 2010 16:00




OTL logfile created on: 6/11/2010 4:30:48 PM - Run 1
OTL by OldTimer - Version     Folder = C:\Documents and Settings\Robert Chancellor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.96 Gb Total Space | 241.76 Gb Free Space | 81.14% Space Free | Partition Type: NTFS
Drive D: | 298.04 Gb Total Space | 104.99 Gb Free Space | 35.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 978.70 Mb Total Space | 273.66 Mb Free Space | 27.96% Space Free | Partition Type: FAT
Drive G: | 698.64 Gb Total Space | 398.03 Gb Free Space | 56.97% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: T7400
Current User Name: Robert Chancellor
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/06/11 16:27:09 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Chancellor\Desktop\OTL.exe
PRC - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2008/12/08 06:40:00 | 000,115,992 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007/08/30 17:16:36 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/08/30 17:16:34 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/07/20 16:53:38 | 000,077,922 | R--- | M] ( ) -- C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\popup.exe
PRC - [2007/07/18 23:24:00 | 000,434,176 | R--- | M] () -- C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
PRC - [2007/07/17 14:24:24 | 000,430,080 | ---- | M] () -- C:\Sentinel Web\Sentinel.exe
PRC - [2007/06/20 14:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2007/03/23 16:01:56 | 000,369,664 | ---- | M] () -- C:\Sentinel Web\OPTISAFE_Service.exe
PRC - [2006/11/29 19:05:14 | 000,053,248 | ---- | M] () -- C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
PRC - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2005/10/05 18:19:00 | 000,131,072 | ---- | M] () -- C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
PRC - [2005/01/15 11:12:56 | 000,045,163 | ---- | M] () -- C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
PRC - [2004/08/27 13:26:44 | 000,372,736 | ---- | M] (WhiteCanyon Inc.) -- C:\Program Files\WhiteCanyon\SecureClean 4\SCWatch4.exe
PRC - [2003/07/20 14:03:38 | 000,225,335 | ---- | M] (PHD Computer Consultants Ltd) -- C:\Sentinel Web\UPSInt.exe
PRC - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
PRC - [2001/08/17 21:36:38 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe
========== Modules (SafeList) ==========
MOD - [2010/06/11 16:27:09 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Chancellor\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009/05/27 15:05:03 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/12/08 06:40:00 | 000,128,280 | ---- | M] (EMC Corporation) [Auto | Stopped] -- C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2008/12/08 06:40:00 | 000,115,992 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe -- (RetroLauncher)
SRV - [2008/06/28 18:04:13 | 000,052,736 | ---- | M] (Macrovision) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2008/04/09 21:42:00 | 000,492,896 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/04/09 20:14:18 | 000,431,384 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/08/30 17:16:36 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/07/18 23:24:00 | 000,434,176 | R--- | M] () [Auto | Running] -- C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe -- (MegaMonitorSrv)
SRV - [2007/06/20 14:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2007/03/23 16:01:56 | 000,369,664 | ---- | M] () [Auto | Running] -- C:\Sentinel Web\OPTISAFE_Service.Exe -- (OPTISAFEService)
SRV - [2006/11/29 19:05:14 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe -- (MSMFramework)
SRV - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2005/10/05 18:19:00 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe -- (SATARaid5 Config Service)
SRV - [2004/08/27 13:26:44 | 000,372,736 | ---- | M] (WhiteCanyon Inc.) [Auto | Running] -- C:\Program Files\WhiteCanyon\SecureClean 4\SCWatch4.exe -- (SCWatch 4.0)
SRV - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)
========== Driver Services (SafeList) ==========
DRV - [2010/05/07 14:08:05 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/13 16:53:51 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2009/08/13 16:53:51 | 000,307,712 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/03/12 23:27:21 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/03/12 23:27:21 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/03/12 23:27:17 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/03/12 23:27:13 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/06/28 18:04:05 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 13:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/13 19:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/13 19:31:24 | 007,441,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/09/18 22:02:32 | 000,298,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/09/18 20:56:02 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/09/06 22:12:20 | 000,100,096 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (SYMMPI)
DRV - [2007/06/20 14:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/09/20 14:38:26 | 000,207,152 | R--- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3124r5.sys -- (Si3124r5)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/07/13 15:42:42 | 000,017,328 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/03/14 07:22:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2004/06/28 12:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/03/14 00:04:20 | 000,061,952 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =;localhost;T7400
FF - HKLM\software\mozilla\Firefox\Extensions\\ C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/04/05 08:41:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/05/07 13:44:47 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010/06/10 09:48:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts:       localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Popup] C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe ( )
O4 - HKLM..\Run: [UPSMON] C:\Sentinel Web\Sentinel.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid5Manager.lnk = C:\WINDOWS\Installer\{E4D034E1-7643-4E63-928F-22174534B470}\_607517601492A67A51EB97.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll) - C:\Documents and Settings\All Users\AVP9\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\AVP9\kloehk.dll) - C:\Documents and Settings\All Users\AVP9\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/17 09:07:05 | 000,000,040 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\ [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 18:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
MsConfig - Services: "TrkWks"
MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig - StartUpReg: AcronisTimounterMonitor - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\dell\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
MsConfig - StartUpReg: MP10_EnsureFileVer - hkey= - key= - C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
MsConfig - StartUpReg: SecureClean4RegManager - hkey= - key= - C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe (WhiteCanyon Inc.)
MsConfig - StartUpReg: SecureClean4Tray - hkey= - key= - C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe (WhiteCanyon Inc.)
MsConfig - StartUpReg: SetDefPrt - hkey= - key= - C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe (Brother Industories, Ltd.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\ (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Restore point Set: OTL Restore Point (17746534284132352)
========== Files/Folders - Created Within 30 Days ==========
[2010/06/11 16:27:01 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert Chancellor\Desktop\OTL.exe
[2010/06/11 14:48:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/10 09:44:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/10 09:42:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/10 09:42:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/10 09:42:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/10 09:42:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/10 09:41:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/10 09:41:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/08 13:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\
[2010/06/08 13:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Chancellor\Application Data\
[2010/06/08 13:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/02 15:26:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/02 15:26:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/02 15:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/23 09:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/06/11 16:27:09 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Chancellor\Desktop\OTL.exe
[2010/06/11 16:22:22 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Robert Chancellor\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2010/06/11 16:05:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/11 15:27:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/11 15:26:59 | 000,002,162 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2010/06/11 15:26:49 | 000,002,553 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid5Manager.lnk
[2010/06/11 15:26:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/11 15:26:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/11 15:26:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/11 15:26:37 | 2681,876,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/11 11:26:17 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Robert Chancellor\Desktop\Microsoft Office Excel 2003 (2).lnk
[2010/06/11 09:00:53 | 000,000,114 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.tgz
[2010/06/11 09:00:53 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.dll
[2010/06/11 09:00:53 | 000,000,086 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/06/10 09:48:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/10 09:48:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/10 09:44:15 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/06/10 09:42:02 | 003,705,521 | R--- | M] () -- C:\Documents and Settings\Robert Chancellor\Desktop\ComboFix.exe
[2010/06/09 20:49:56 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Robert Chancellor\ntuser.ini
[2010/06/09 20:39:23 | 009,684,254 | -H-- | M] () -- C:\Documents and Settings\Robert Chancellor\Local Settings\Application Data\IconCache.db
[2010/06/09 17:52:00 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\Robert Chancellor\NTUSER.DAT
[2010/06/09 17:28:37 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let
[2010/06/09 17:26:08 | 001,882,904 | ---- | M] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2010/06/08 19:10:50 | 000,002,884 | -H-- | M] () -- C:\Documents and Settings\Robert Chancellor\My Documents\maxdesk.ini
[2010/06/08 19:10:46 | 000,003,072 | -HS- | M] () -- C:\Documents and Settings\Robert Chancellor\My Documents\PPMetaData.bin
[2010/06/08 18:44:46 | 000,002,243 | ---- | M] () -- C:\Documents and Settings\Robert Chancellor\Desktop\PaperPort (2).lnk
[2010/06/08 17:59:56 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Rdibmsgy.INI
[2010/06/08 15:22:55 | 000,003,150 | ---- | M] () -- C:\Documents and Settings\Robert Chancellor\My Documents\Book1.prn
[2010/06/08 09:15:19 | 000,024,134 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/06/08 09:15:18 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/06/05 19:24:35 | 000,000,498 | ---- | M] () -- C:\Documents and Settings\Robert Chancellor\Desktop\Shortcut (2) to IMCIA Newport.lnk
[2010/06/02 18:19:04 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SATARaid5Manager.lnk
[2010/06/02 16:28:37 | 000,000,855 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/02 16:28:37 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2010/06/02 15:26:21 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/24 12:52:48 | 000,000,041 | ---- | M] () -- C:\WINDOWS\loc2.INI
[2010/05/24 12:52:46 | 000,000,041 | ---- | M] () -- C:\WINDOWS\FindServ.INI
[2010/05/23 13:59:28 | 000,000,485 | ---- | M] () -- C:\WINDOWS\PDSView.INI
[2010/05/23 09:17:18 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Robert Chancellor\Desktop\HijackThis.lnk
[2010/05/21 09:29:15 | 002,133,415 | -H-- | M] () -- C:\Documents and Settings\Robert Chancellor\My Documents\PPThumbs.ptn
[2010/05/21 09:28:54 | 000,120,510 | ---- | M] () -- C:\Documents and Settings\Robert Chancellor\My Documents\IRS Cracks Down on Small Charities.pdf
[2010/05/21 09:28:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Biport
[2010/05/20 09:50:07 | 000,000,352 | ---- | M] () -- C:\WINDOWS\ccolwiz.ini
[2010/05/19 14:59:50 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\Robert Chancellor\Desktop\Notepad.lnk
[2010/05/19 12:38:05 | 001,321,398 | ---- | M] () -- C:\Documents and Settings\Robert Chancellor\My Documents\efs_grss_lrgl edits.jpg
[2010/05/19 12:35:28 | 000,193,216 | ---- | M] () -- C:\Documents and Settings\Robert Chancellor\My Documents\efs_iso.jpg
[2010/05/19 10:57:42 | 002,508,476 | ---- | M] () -- C:\Documents and Settings\Robert Chancellor\My Documents\efs_toc_isopach_lrgl.jpg
[2010/05/14 18:49:10 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\Robert Chancellor\Desktop\Shortcut to iexplore.exe.lnk
[2010/05/14 18:10:41 | 000,529,328 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/14 18:10:41 | 000,447,020 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/14 18:10:41 | 000,073,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/13 07:07:28 | 000,001,954 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/10 09:44:15 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/06/10 09:44:11 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/10 09:42:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/10 09:42:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/10 09:42:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/10 09:42:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/10 09:42:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/10 09:38:52 | 003,705,521 | R--- | C] () -- C:\Documents and Settings\Robert Chancellor\Desktop\ComboFix.exe
[2010/06/08 15:22:51 | 000,003,150 | ---- | C] () -- C:\Documents and Settings\Robert Chancellor\My Documents\Book1.prn
[2010/06/05 19:24:34 | 000,000,498 | ---- | C] () -- C:\Documents and Settings\Robert Chancellor\Desktop\Shortcut (2) to IMCIA Newport.lnk
[2010/06/02 16:28:38 | 000,002,553 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid5Manager.lnk
[2010/06/02 15:26:21 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 09:17:18 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Robert Chancellor\Desktop\HijackThis.lnk
[2010/05/21 09:28:54 | 000,120,510 | ---- | C] () -- C:\Documents and Settings\Robert Chancellor\My Documents\IRS Cracks Down on Small Charities.pdf
[2010/05/19 14:59:50 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\Robert Chancellor\Desktop\Notepad.lnk
[2010/05/19 13:06:18 | 002,508,476 | ---- | C] () -- C:\Documents and Settings\Robert Chancellor\My Documents\efs_toc_isopach_lrgl.jpg
[2010/05/19 12:34:38 | 001,321,398 | ---- | C] () -- C:\Documents and Settings\Robert Chancellor\My Documents\efs_grss_lrgl edits.jpg
[2010/05/19 12:34:38 | 000,193,216 | ---- | C] () -- C:\Documents and Settings\Robert Chancellor\My Documents\efs_iso.jpg
[2010/05/14 18:49:10 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Robert Chancellor\Desktop\Shortcut to iexplore.exe.lnk
[2010/05/13 07:07:28 | 000,001,954 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/17 16:41:35 | 000,075,776 | RHS- | C] () -- C:\WINDOWS\System32\msimsgh.dll
[2009/09/25 09:32:09 | 000,000,009 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2009/05/29 10:19:04 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/05/26 14:50:49 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/05/19 08:05:14 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2008/06/28 18:04:13 | 000,201,216 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2008/06/28 18:04:06 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS
[2008/06/28 18:01:12 | 000,205,312 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/05/21 20:44:08 | 000,002,364 | ---- | C] () -- C:\WINDOWS\Contour.INI
[2008/05/20 10:49:32 | 000,000,230 | ---- | C] () -- C:\WINDOWS\Rdibmsgy.INI
[2008/04/27 12:23:41 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\GpsViewXP.dll
[2008/04/27 12:23:41 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\GpsToolsXP.dll
[2008/04/27 12:15:37 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2008/04/27 12:15:35 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FindServ.INI
[2008/03/29 17:58:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/03/26 12:07:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2008/03/17 08:58:21 | 000,000,485 | ---- | C] () -- C:\WINDOWS\PDSView.INI
[2008/03/15 15:07:48 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Topo3.ini
[2008/03/15 15:03:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\search.INI
[2008/03/15 15:01:20 | 000,007,091 | ---- | C] () -- C:\WINDOWS\keyview.ini
[2008/03/15 14:52:43 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2008/03/14 23:06:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PTQL5F.DLL
[2008/03/14 23:06:15 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PTQL65F.DLL
[2008/03/14 22:49:05 | 000,002,162 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2008/03/14 22:47:35 | 000,000,503 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/03/14 22:47:35 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/03/14 22:47:35 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/03/14 22:47:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/03/14 22:44:50 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/03/14 22:02:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/10 22:46:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/10 22:43:49 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/03/10 22:43:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/10 22:17:52 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/07/05 18:13:10 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\AlertStrings.dll
[2007/06/25 13:46:22 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/06/25 13:46:20 | 000,880,640 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/07 05:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:00:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\rmc0zng.dll
[2004/08/11 18:00:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/11 18:00:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/11 18:00:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/11 18:00:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/11 18:00:18 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\eyykoc3.dll
[2004/08/11 18:00:18 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/11 18:00:18 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\zw5fw6n.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\yf8n7po.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\xc629cl.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\xbp3i2y.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\x2nfzwg.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\wg6a0a3.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\wdao8bd.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\w115llo.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\vl2or8p.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\v883tcu.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\t1r8egj.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\stbp6un.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\sgwi1xr.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\qkzc34l.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\pkea9j6.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\ocoxzfo.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\oabyd1h.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\nkrq9sz.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\nd0qlt7.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\mh3n5dz.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\m7nbh8b.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\lact1py.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\lac0zhr.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\kjbvu1x.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\jy8e8uc.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\iwbv2ab.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\hlumeal.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\hj3rqo0.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\gyszllg.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\frj3f8r.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\fobxitn.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\fg5smnl.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\e7huy6x.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\d7kb1gd.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\bfacfwf.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\auz705e.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\akrfq43.dll
[2004/08/11 18:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\ae3lh3z.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/08/07 14:27:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\classxps.dll
[2001/08/07 14:27:28 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\ClassX.dll
========== LOP Check ==========
[2010/01/24 13:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/06/04 18:07:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CENKEYS
[2010/04/22 16:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/06/11 15:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2010/04/24 10:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rose Point Navigation Systems
[2008/03/14 22:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/10/15 08:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/18 16:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/05/21 19:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Chancellor\Application Data\CARIS
[2010/03/18 00:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Chancellor\Application Data\GlobalMapper
[2008/11/21 10:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Chancellor\Application Data\IObit
[2008/06/28 18:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Chancellor\Application Data\Mathsoft
[2009/02/25 11:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Chancellor\Application Data\OfficeUpdate12
[2008/03/15 17:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Chancellor\Application Data\ScanSoft
========== Purity Check ==========
========== Custom Scans ==========
[2008/06/28 18:03:08 | 000,000,497 | ---- | M] () -- C:\artpdbg.log
[2008/03/17 09:07:05 | 000,000,040 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/02 16:28:37 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2010/06/10 09:44:15 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/10 09:50:11 | 000,015,057 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/03/10 22:19:30 | 000,007,312 | RH-- | M] () -- C:\dell.sdr
[2008/03/21 08:25:02 | 000,000,023 | ---- | M] () -- C:\FriSD.txt
[2010/06/11 15:26:37 | 2681,876,480 | -HS- | M] () -- C:\hiberfil.sys
[2008/03/14 21:06:24 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/05/07 19:54:52 | 000,000,210 | ---- | M] () -- C:\lic_log.txt
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/31 10:38:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/11 15:26:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/04/20 18:33:30 | 000,581,632 | -H-- | M] () -- C:\SZKGFS.dat
[2008/04/27 12:41:58 | 000,000,917 | ---- | M] () -- C:\wells for garmin.wv2
[2010/06/11 15:22:28 | 000,651,081 | ---- | M] () -- C:\winzip.log
< MD5 for: AGP440.SYS  >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2009/01/31 10:33:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2009/01/31 10:33:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS  >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2009/01/31 10:33:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\
[2009/01/31 10:33:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: IASTOR.SYS  >
[2007/08/30 17:16:00 | 000,372,760 | ---- | M] (Intel Corporation) MD5=2E0E0B1E0D09EBF267994238AB3FADF9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/09/18 22:02:32 | 000,298,008 | ---- | M] (Intel Corporation) MD5=41F7ECD8F549C3D70823B68AA50A2AD6 -- C:\drivers\storage\R167253\IaStor.sys
[2007/09/18 22:02:32 | 000,298,008 | ---- | M] (Intel Corporation) MD5=41F7ECD8F549C3D70823B68AA50A2AD6 -- C:\i386\iaStor.sys
[2007/08/30 17:15:40 | 000,298,008 | ---- | M] (Intel Corporation) MD5=41F7ECD8F549C3D70823B68AA50A2AD6 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/18 22:02:32 | 000,298,008 | ---- | M] (Intel Corporation) MD5=41F7ECD8F549C3D70823B68AA50A2AD6 -- C:\WINDOWS\system32\drivers\iaStor.sys
< MD5 for: NETLOGON.DLL  >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL  >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SYMMPI.SYS  >
[2007/09/06 22:12:20 | 000,100,096 | ---- | M] (LSI Logic) MD5=A42F863305943869BA00A613C8EE8C7E -- C:\drivers\storage\R165652\symmpi.sys
[2007/09/06 22:12:20 | 000,100,096 | ---- | M] (LSI Logic) MD5=A42F863305943869BA00A613C8EE8C7E -- C:\i386\symmpi.sys
[2007/09/06 22:12:20 | 000,100,096 | ---- | M] (LSI Logic) MD5=A42F863305943869BA00A613C8EE8C7E -- C:\WINDOWS\system32\drivers\symmpi.sys
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2010/04/17 16:41:35 | 000,075,776 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\msimsgh.dll
[2008/04/13 19:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\*.exe /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/07 14:08:05 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2008/04/05 13:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2010/03/17 10:15:36 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/08/13 16:55:06 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2008/08/06 14:17:53 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2008/03/17 09:07:04 | 000,000,000 | ---D | M] -- C:\Program Files\Baker Atlas
[2009/05/26 14:50:49 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2008/03/10 22:39:17 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2008/03/14 22:59:56 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2009/05/27 15:05:03 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2008/06/04 18:07:51 | 000,000,000 | ---D | M] -- C:\Program Files\Coastal Explorer Trial
[2010/06/10 09:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/11 18:12:04 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/03/10 22:43:58 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/10/13 17:52:53 | 000,000,000 | ---D | M] -- C:\Program Files\Debugmode
[2008/03/10 22:40:04 | 000,000,000 | ---D | M] -- C:\Program Files\Dell SAS RAID Storage Manager
[2009/05/22 11:41:09 | 000,000,000 | ---D | M] -- C:\Program Files\eLog free
[2008/03/18 21:06:28 | 000,000,000 | ---D | M] -- C:\Program Files\FolderMatch
[2008/04/27 12:23:40 | 000,000,000 | ---D | M] -- C:\Program Files\Frontbase
[2009/11/13 11:05:38 | 000,000,000 | ---D | M] -- C:\Program Files\GlobalMapper11
[2009/09/25 09:32:07 | 000,000,000 | ---D | M] -- C:\Program Files\GlobalMapper8
[2010/05/13 07:07:07 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/04/05 08:41:35 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2008/03/15 14:31:41 | 000,000,000 | ---D | M] -- C:\Program Files\IHS Energy
[2010/05/30 16:27:27 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/03/10 22:39:24 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/05/14 18:49:13 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/11/21 10:44:08 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2009/03/31 12:35:24 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/05/07 13:44:13 | 000,000,000 | ---D | M] -- C:\Program Files\Kaspersky Lab
[2008/10/22 14:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\KingdomSuite
[2008/03/17 13:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\Larson Software Technology
[2010/06/02 15:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/05/21 20:43:43 | 000,000,000 | ---D | M] -- C:\Program Files\Maptech
[2010/01/25 19:48:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mathcad
[2008/06/28 17:55:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mathsoft
[2009/05/13 15:00:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mercury International Technology
[2009/01/31 10:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/03/14 22:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2004/08/11 18:15:24 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/03/14 23:18:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2008/08/26 09:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/03/14 22:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/02/25 11:32:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/03/14 22:01:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/17 10:02:04 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2008/03/14 23:40:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/08/26 09:42:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/05/09 07:32:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/11 18:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/03/14 23:20:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/03/10 22:37:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/01/31 10:39:37 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/05/26 14:11:18 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/08/12 04:02:58 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/03/10 11:33:36 | 000,000,000 | ---D | M] -- C:\Program Files\psi Software
[2008/03/14 23:37:08 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/05/26 18:37:19 | 000,000,000 | ---D | M] -- C:\Program Files\Reimage
[2009/04/01 09:11:40 | 000,000,000 | ---D | M] -- C:\Program Files\Retrospect
[2008/03/10 22:43:48 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/03/14 23:33:53 | 000,000,000 | ---D | M] -- C:\Program Files\SafeNet Sentinel
[2008/03/14 22:44:38 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2010/04/20 18:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\Schlumberger
[2008/03/26 16:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\SDC Software
[2010/04/19 07:30:22 | 000,000,000 | ---D | M] -- C:\Program Files\Security Task Manager
[2008/03/18 20:08:31 | 000,000,000 | ---D | M] -- C:\Program Files\Silicon Image
[2009/01/14 12:50:59 | 000,000,000 | ---D | M] -- C:\Program Files\Smallvideosoft
[2010/06/09 10:24:40 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2008/03/15 14:18:49 | 000,000,000 | ---D | M] -- C:\Program Files\SureThing
[2008/03/15 13:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2008/04/27 12:15:36 | 000,000,000 | ---D | M] -- C:\Program Files\Topo USA 3.0
[2010/05/23 09:17:18 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2004/08/11 18:20:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/05/25 14:05:10 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Earth 3D
[2008/03/15 13:39:22 | 000,000,000 | ---D | M] -- C:\Program Files\WhiteCanyon
[2009/05/22 18:12:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/05/14 18:10:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/11 18:13:20 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/03/15 13:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2004/08/11 18:15:24 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-16 19:31:52
< End of report >


Extras Text

OTL Extras logfile created on: 6/11/2010 4:30:48 PM - Run 1
OTL by OldTimer - Version     Folder = C:\Documents and Settings\Robert Chancellor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.96 Gb Total Space | 241.76 Gb Free Space | 81.14% Space Free | Partition Type: NTFS
Drive D: | 298.04 Gb Total Space | 104.99 Gb Free Space | 35.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 978.70 Mb Total Space | 273.66 Mb Free Space | 27.96% Space Free | Partition Type: FAT
Drive G: | 698.64 Gb Total Space | 398.03 Gb Free Space | 56.97% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: T7400
Current User Name: Robert Chancellor
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ \shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
"C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\popup.exe" = C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\popup.exe:*:Disabled:popup -- ( )
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\gcags\_nti40\bin\search.exe" = C:\gcags\_nti40\bin\search.exe:*:Enabled:Verity Publisher -- (Verity, Inc.)
"C:\Program Files\Retrospect\Retrospect 7.6\Retrospect.exe" = C:\Program Files\Retrospect\Retrospect 7.6\Retrospect.exe:*:Enabled:Retrospect -- (EMC Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
"{003447F5-0058-4B77-9C1E-50488F77C4A7}" = Brother P-touch Editor 4.2
"{0259D2F8-69FA-4307-9586-5A4646042424}" = DataView
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{09A02B7A-45A5-4E24-9AF3-14B8A86E18CA}" = Dell SAS RAID Storage Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{104C932D-29E2-47D1-8419-03CCA3253E4C}" = Signal Processing Extension Pack
"{123E3792-565C-4DC8-A68A-BBB12C41B390}" = MapSource - MetroGuide USA v5
"{151D94D4-9109-4222-BE96-8F6FA3984C14}" = Topo USA 3.0
"{16A4F122-33DF-477F-A0F3-7611698F4E62}" = PDSView 3.1
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{1D0681EB-91F6-4A7A-9BFF-3B5124B711F9}" = The KINGDOM Software 8.1 (32-Bit)
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14.0 M020 Help
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{37C01E1C-5982-44A8-933F-C8AC223EF33D}" = Larson VizEx Reader
"{3A202CE5-2F2C-484F-B43E-523943D68E68}" = Where Am I Dataset
"{452BB127-D540-4D5B-AA74-BE4C79857EDE}" = Image Processing Extension Pack
"{466103FE-A4CF-455A-B490-CCA1E5C43056}" = Mathcad Civil Engineering Library
"{4EBDDD97-BC33-4F4C-8DF3-4FA4D83DF84E}" = Retrospect 7.6
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{6BAA87E9-8820-416E-B2DF-A294D1883367}" = MediaWiper
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{71FD03B5-E653-4CB8-9B56-A466ABC9FCA9}" = Brother MFL-Pro Suite
"{78183C31-521C-438E-98C3-B646B0037A7F}" = Mathcad 12
"{7CCC6E23-0E35-480B-8F0C-8D06F882D5D3}" = Brother QL-Series User's Guide
"{83b13a64-d98a-48a2-8cbc-ec0ec5433b18}" = SecureClean4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8796E14E-2031-463F-8A9A-31062B2652B4}" = Mathcad 14.0 M020
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{912FE490-D159-437A-ACB5-6E8BEC9E0752}" = Mathcad Mechanical Engineering Library
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{98E9B724-0E62-4812-B6CC-C6A228BBC562}" = Brother P-touch Address Book 1.0
"{9CD76C7E-6A3A-4C87-B323-2978F9B98EFA}" = TIPS
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83487A3-8C1F-4AA9-8474-8BAAC65918BE}" = Wavelets Extension Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{B264DEE4-E827-4A9F-8216-530CCE487BCA}" = ThinAnywhere
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0E97C6E-4B22-4779-903D-BDF4ECDABAED}" = CARIS Easy View
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CC83C25E-981D-4F73-A238-E36A7A8EB725}" = Global Mapper 11
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC6949DC-4525-4F77-A105-A74E65E09988}" = GEOe-View
"{E4D034E1-7643-4E63-928F-22174534B470}" = 3124-W-I32-R SATARAID5
"{E56D5DC8-4C73-44B1-B650-AAD75C7A2701}" = Broadcom ASF Management Applications
"{E867500E-EBD3-49CC-A02E-21C3B00B91ED}" = The KINGDOM Software 8.1 (32-Bit)
"{EA494E7E-2624-4A83-9C7D-44E62871B99E}" = BlueView
"{EB100153-9609-4D0E-8706-B866B530DF42}" = Data Analysis Extension Pack
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14.0 M020 Resource Center
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EECDDEA0-DB76-4488-8E52-0EF1DF63700A}" = Microsoft IntelliPoint 5.4
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F64753B6-DDA0-4136-9001-5821FADFEE34}" = Global Mapper 8
"{F7054166-A06F-4EEF-9C80-93D2A6ECA5F8}" = Mathcad Electrical Engineering Library
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Atlas MetaFile Viewer" = Atlas MetaFile Viewer
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Belarc Advisor" = Belarc Advisor 7.2
"CdaC13Ba" = SafeCast Shared Components
"Chart Navigator" = Chart Navigator
"Coastal Explorer Trial" = Coastal Explorer Trial
"Frontbase GPS_is1" = Frontbase GPS 1.3
"GoToAssist" = GoToAssist
"HijackThis" = HijackThis 2.0.2
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{003447F5-0058-4B77-9C1E-50488F77C4A7}" = Brother P-touch Editor 4.2
"InstallShield_{09A02B7A-45A5-4E24-9AF3-14B8A86E18CA}" = Dell SAS RAID Storage Manager v2.16-00
"InstallShield_{123E3792-565C-4DC8-A68A-BBB12C41B390}" = MapSource - MetroGuide USA v5
"InstallShield_{98E9B724-0E62-4812-B6CC-C6A228BBC562}" = Brother P-touch Address Book 1.0
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MVApplication1" = SureThing CD Labeler Deluxe 4
"NVIDIA Drivers" = NVIDIA Drivers
"OPTI-SAFE Sentinel Web for Windows" = OPTI-SAFE Sentinel Web for Windows
"PI/Dwights PLUS on CD" = PI/Dwights PLUS on CD
"SearchAssist" = SearchAssist
"Security Task Manager" = Security Task Manager 1.7g
"SnagIt7" = SnagIt 7
"ST6UNST #1" = FolderMatch v3.3.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMorph_is1" = WinMorph™ 3.01
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
"309a46b1dc89b774" = Dell Driver Download Manager
"GoToMeeting" = GoToMeeting
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/9/2010 9:05:05 PM | Computer Name = T7400 | Source = Google Update | ID = 20
Description =
Error - 6/10/2010 1:52:41 AM | Computer Name = T7400 | Source = MsiInstaller | ID = 11706
Description = Product: 3124-W-I32-R SATARAID5 -- Error 1706. An installation package
 for the product 3124-W-I32-R SATARAID5 cannot be found. Try the installation again
 using a valid copy of the installation package '3124-W-I32-R_15110.msi'.
Error - 6/10/2010 1:53:07 AM | Computer Name = T7400 | Source = MsiInstaller | ID = 11706
Description = Product: 3124-W-I32-R SATARAID5 -- Error 1706. An installation package
 for the product 3124-W-I32-R SATARAID5 cannot be found. Try the installation again
 using a valid copy of the installation package '3124-W-I32-R_15110.msi'.
Error - 6/10/2010 10:41:55 PM | Computer Name = T7400 | Source = MsiInstaller | ID = 11706
Description = Product: 3124-W-I32-R SATARAID5 -- Error 1706. An installation package
 for the product 3124-W-I32-R SATARAID5 cannot be found. Try the installation again
 using a valid copy of the installation package '3124-W-I32-R_15110.msi'.
Error - 6/10/2010 10:42:04 PM | Computer Name = T7400 | Source = MsiInstaller | ID = 11706
Description = Product: 3124-W-I32-R SATARAID5 -- Error 1706. An installation package
 for the product 3124-W-I32-R SATARAID5 cannot be found. Try the installation again
 using a valid copy of the installation package '3124-W-I32-R_15110.msi'.
Error - 6/10/2010 10:42:14 PM | Computer Name = T7400 | Source = MsiInstaller | ID = 11706
Description = Product: DataView -- Error 1706.No valid source could be found for
 product DataView.  The Windows Installer cannot continue.
Error - 6/11/2010 4:27:48 PM | Computer Name = T7400 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =
Error - 6/11/2010 5:06:07 PM | Computer Name = T7400 | Source = MsiInstaller | ID = 11706
Description = Product: 3124-W-I32-R SATARAID5 -- Error 1706. An installation package
 for the product 3124-W-I32-R SATARAID5 cannot be found. Try the installation again
 using a valid copy of the installation package '3124-W-I32-R_15110.msi'.
Error - 6/11/2010 5:06:45 PM | Computer Name = T7400 | Source = MsiInstaller | ID = 11706
Description = Product: 3124-W-I32-R SATARAID5 -- Error 1706. An installation package
 for the product 3124-W-I32-R SATARAID5 cannot be found. Try the installation again
 using a valid copy of the installation package '3124-W-I32-R_15110.msi'.
Error - 6/11/2010 5:07:08 PM | Computer Name = T7400 | Source = MsiInstaller | ID = 11706
Description = Product: DataView -- Error 1706.No valid source could be found for
 product DataView.  The Windows Installer cannot continue.
[ System Events ]
Error - 6/9/2010 10:01:39 PM | Computer Name = T7400 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error:   %%2
Error - 6/9/2010 10:02:01 PM | Computer Name = T7400 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   atapi  SASKUTIL
Error - 6/9/2010 10:09:12 PM | Computer Name = T7400 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error:   %%2
Error - 6/9/2010 10:09:26 PM | Computer Name = T7400 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   atapi  SASKUTIL
Error - 6/10/2010 10:45:03 AM | Computer Name = T7400 | Source = Service Control Manager | ID = 7034
Description = The OPTISAFEService service terminated unexpectedly.  It has done
this 1 time(s).
Error - 6/10/2010 10:45:03 AM | Computer Name = T7400 | Source = Service Control Manager | ID = 7034
Description = The SSMFramework service terminated unexpectedly.  It has done this
 1 time(s).
Error - 6/10/2010 10:45:03 AM | Computer Name = T7400 | Source = Service Control Manager | ID = 7034
Description = The MRMonitor service terminated unexpectedly.  It has done this 1
Error - 6/10/2010 10:45:03 AM | Computer Name = T7400 | Source = Service Control Manager | ID = 7034
Description = The SATARaid5 Configuration Service service terminated unexpectedly.
  It has done this 1 time(s).
Error - 6/11/2010 4:26:58 PM | Computer Name = T7400 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error:   %%2
Error - 6/11/2010 4:27:40 PM | Computer Name = T7400 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   atapi  SASKUTIL
< End of report >


June 13th, 2010 09:00

Hi boka1,

OTL has unearthed alot of suspicious looking files that we need to check.


Please go to VirSCAN where you will see a browse button at the top of the screen.

  • Click the Browse button
  • Locate the following file(s)(Note:You can only upload one file at a time)




  • Click Upload button
  • Once the scan has finished, click the Save to Clipboard button at the bottom of the page
  • Open Notepad and right click and then click paste
  • Post Report(s) back to this thread


Note: you may need to show hidden files to locate the files requested:

Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Look for "Hidden files and folders"
Select "Show hidden files and folders"
Click on Apply.
Next go to the side of the Search box and select All files and folders. Go down to More advanced options.
Be sure the first three boxes are selected:


  • Search System folders
  • Search Hidden Files and folders
  • Search SubFolders


Remember to hide hidden files/folders by reversing the action when you have finished

Please post all the reports back to me and please tell me how ofter you make image backups with
acronis and do you know how to use the program to restore and saved image.


No Events found!
