Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help


  • This topic is locked This topic is locked
111 replies to this topic

#1 evangelist1

evangelist1

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 18 February 2009 - 10:36 PM

hi,
I just cant figure out what is wrong. Something is blocking all my internet ports......


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:08, on 12.02.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Punto Switcher\punto.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Mail.Ru\Agent\magent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM
O4 - HKLM\..\Run: [Lingvo Launcher] "E:\темп\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Punto Switcher] C:\Program Files\Punto Switcher\punto.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Canon LBP2900 Окно состояния.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Корпорация Майкрософт - C:\Windows\system32\DFSR.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - c:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - c:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - c:\Windows\system32\lktsrv.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - c:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - c:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - c:\Windows\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - c:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\Windows\system32\OpcEnum.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11001 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Bleepin Microsoftie Engineer


  • Malware Response Instructor
  • 11,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:09 PM

Posted 18 February 2009 - 10:38 PM

Hello, evangelist1
:thumbup2: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen.
Can you please explain what you mean by "blocking" your ports?

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt
  • GMER's Log

BillyIII
Look buddy, I'm an Engineer, and that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall within the purview of your conundrums of philosophy....
GitHub - Twitter
My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)

#3 evangelist1

evangelist1
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 19 February 2009 - 11:43 AM

hi
thank you very much.
I tried to run OTviewIT several times, but it created only OTViewIt.text file.
Gmer created gmer.log

OTViewIt logfile created on: 18.02.2009 3:33:39 - Run 4
OTViewIt by OldTimer - Version 1.0.21.0 Folder = E:\софт\virus scan
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 43,84% Memory free
4,00 Gb Paging File | 2,94 Gb Available in Paging File | 73,51% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 7,85 Gb Free Space | 10,54% Space Free | Partition Type: NTFS
Drive D: | 1,46 Gb Total Space | 1,26 Gb Free Space | 85,92% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 7,78 Gb Free Space | 10,65% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive P: | 7,47 Gb Total Space | 5,83 Gb Free Space | 77,98% Space Free | Partition Type: FAT32

Computer Name: РМЕЙСТЕР-ПК
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008.01.19 14:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008.01.19 14:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008.06.20 08:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[2007.06.21 16:25:50 | 00,606,208 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008.01.19 14:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2007.06.21 16:25:50 | 00,606,208 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2006.10.05 18:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2006.11.14 23:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
[2007.03.21 15:35:18 | 00,695,136 | ---- | M] (National Instruments, Inc.) -- c:\Windows\System32\lkcitdl.exe
[2007.07.16 21:14:46 | 00,040,488 | ---- | M] (National Instruments Corporation) -- c:\Windows\System32\lkads.exe
[2007.07.16 21:14:56 | 00,050,736 | ---- | M] (National Instruments Corporation) -- c:\Windows\System32\lktsrv.exe
[2008.09.29 08:07:00 | 00,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
[2008.03.14 04:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
[2008.09.29 08:07:00 | 00,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
[2008.01.19 14:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008.01.19 14:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008.09.29 08:07:00 | 00,067,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2008.03.14 04:00:00 | 00,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
[2002.12.17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
[2007.03.08 21:29:26 | 00,012,696 | ---- | M] (National Instruments Corporation) -- c:\Program Files\National Instruments\MAX\nimxs.exe
[2007.07.16 21:15:06 | 00,213,040 | ---- | M] (National Instruments Corporation) -- c:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
[2007.07.19 20:38:16 | 00,048,704 | ---- | M] (National Instruments Corp.) -- c:\Windows\System32\nisvcloc.exe
[2007.07.23 13:29:14 | 00,609,384 | ---- | M] (National Instruments Corporation) -- c:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
[2007.05.28 23:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
[2006.05.25 22:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
[2007.03.29 13:39:00 | 00,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
[2007.02.26 00:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
[2006.08.23 19:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2008.05.27 12:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008.01.19 14:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2008.09.29 08:07:00 | 00,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
[2008.09.29 08:07:00 | 00,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
[2007.01.11 19:26:56 | 00,063,112 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAB4RPK.EXE
[2008.06.20 06:37:00 | 01,316,136 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2008.12.11 09:40:15 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2006.11.15 01:02:36 | 01,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
[2008.10.04 02:41:09 | 04,417,016 | ---- | M] (Mail.Ru) -- C:\Program Files\Mail.Ru\Agent\magent.exe
[2006.09.29 13:57:30 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2008.06.20 06:14:00 | 00,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
[2006.12.08 09:06:25 | 00,258,048 | ---- | M] (ABBYY (BIT Software)) -- E:\темп\LvAgent.exe
[2008.01.19 14:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2006.11.15 00:19:42 | 00,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
[2006.11.06 20:14:44 | 00,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
[2008.03.14 04:00:00 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
[2008.09.29 08:07:00 | 00,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
[2009.01.16 09:29:47 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008.08.04 06:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2006.11.13 18:27:46 | 00,413,696 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
[2008.08.11 16:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
[2008.10.16 15:20:08 | 00,735,016 | ---- | M] (ООО Яндекс) -- C:\Program Files\Punto Switcher\punto.exe
[2008.12.09 14:10:12 | 05,062,144 | ---- | M] (QIP) -- C:\Program Files\QIP Infium\infium.exe
[2009.02.03 12:00:09 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
[2008.12.29 17:40:30 | 00,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
[2004.06.09 13:27:34 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
[2008.03.14 04:00:00 | 00,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
[2006.09.29 13:57:36 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2008.08.11 16:46:50 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
[2008.06.20 06:37:00 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
[2007.12.12 22:42:10 | 00,467,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
[2008.01.19 14:33:32 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskmgr.exe
[2008.06.12 01:47:22 | 00,349,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
[2008.10.17 04:09:43 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2008.01.19 14:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008.01.19 14:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008.05.27 12:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2008.05.27 12:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009.02.16 01:51:16 | 00,422,912 | ---- | M] (OldTimer Tools) -- E:\софт\virus scan\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006.10.05 18:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
[2007.06.21 16:25:50 | 00,606,208 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2006.11.14 23:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
[2008.07.28 01:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008.01.19 14:33:06 | 02,091,520 | ---- | M] (Корпорация Майкрософт) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008.01.19 14:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008.01.19 14:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006.11.02 19:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008.06.20 08:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
[2008.08.29 09:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2008.09.02 04:40:40 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005.04.03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007.03.21 15:35:18 | 00,695,136 | ---- | M] (National Instruments, Inc.) -- c:\Windows\System32\lkcitdl.exe -- (LkCitadelServer [Auto | Running])
[2007.07.16 21:14:46 | 00,040,488 | ---- | M] (National Instruments Corporation) -- c:\Windows\System32\lkads.exe -- (lkClassAds [Auto | Running])
[2007.07.16 21:14:56 | 00,050,736 | ---- | M] (National Instruments Corporation) -- c:\Windows\System32\lktsrv.exe -- (lkTimeSync [Auto | Running])
[2008.09.29 08:07:00 | 00,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService [Unknown | Running])
[2008.03.14 04:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running])
[2008.09.29 08:07:00 | 00,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield [Unknown | Running])
[2008.09.29 08:07:00 | 00,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Unknown | Running])
[2008.09.29 08:07:00 | 00,067,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe -- (mfevtp [Unknown | Running])
[2007.08.24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2006.11.02 20:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2002.12.17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [Auto | Running])
[2002.12.17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2007.03.08 21:29:26 | 00,012,696 | ---- | M] (National Instruments Corporation) -- c:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr [Auto | Running])
[2006.11.10 19:18:02 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2008.06.20 08:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007.07.16 21:15:06 | 00,213,040 | ---- | M] (National Instruments Corporation) -- c:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService [Auto | Running])
[2007.01.29 19:19:48 | 01,007,616 | ---- | M] (Macrovision Corporation) -- c:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager [Disabled | Stopped])
[2007.07.19 20:38:16 | 00,048,704 | ---- | M] (National Instruments Corp.) -- c:\Windows\System32\nisvcloc.exe -- (niSvcLoc [Auto | Running])
[2007.07.23 13:29:14 | 00,609,384 | ---- | M] (National Instruments Corporation) -- c:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService [Auto | Running])
[2007.08.24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2007.05.09 19:34:34 | 00,098,304 | ---- | M] (OPC Foundation) -- C:\Windows\System32\Opcenum.exe -- (OpcEnum [On_Demand | Stopped])
[2006.10.26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008.01.19 14:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008.01.19 14:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006.11.02 16:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2002.12.17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
[2007.05.28 23:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
[2007.01.05 07:19:00 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Stopped])
[2006.05.25 22:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv [Auto | Running])
[2007.03.29 13:39:00 | 00,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv [Auto | Running])
[2007.02.26 00:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running])
[2008.01.19 14:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2006.08.23 19:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2007.01.19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008.01.19 14:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008.01.19 14:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008.05.27 12:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2008.01.19 12:53:31 | 00,045,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2006.11.02 16:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006.11.02 16:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006.11.02 16:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006.11.02 16:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006.11.28 21:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2006.11.02 16:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006.11.02 16:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006.11.02 16:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006.11.02 16:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006.11.02 15:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006.11.02 15:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006.11.02 16:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006.11.02 16:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2006.11.02 14:30:52 | 00,467,456 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys -- (athr [On_Demand | Stopped])
[2007.06.21 16:36:32 | 02,600,960 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag [On_Demand | Running])
[2008.01.19 12:53:31 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2008.01.19 12:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006.11.02 15:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006.11.02 15:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006.11.02 15:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006.11.02 15:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006.11.02 15:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006.11.02 15:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006.11.02 15:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2008.01.19 12:53:24 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [On_Demand | Running])
[2008.01.19 14:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006.11.02 16:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2007.03.06 18:01:04 | 00,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Windows\System32\drivers\CplIR.sys -- (CplIR [Boot | Running])
[2006.11.02 16:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006.11.02 15:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2007.07.24 14:00:00 | 00,004,096 | ---- | M] () -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv [Auto | Running])
[2008.01.19 12:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008.08.02 08:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006.11.02 14:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008.01.19 14:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006.11.02 16:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008.01.19 12:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008.01.19 14:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008.01.19 12:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006.11.02 16:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006.11.02 14:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
[2008.01.19 11:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006.11.02 15:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006.11.02 15:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [On_Demand | Stopped])
[2006.11.02 16:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2007.03.11 06:11:02 | 00,210,432 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor [Boot | Running])
[2006.11.02 16:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006.12.28 05:48:00 | 00,212,280 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys -- (IDSvix86 [System | Running])
[2006.11.02 16:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006.11.02 15:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008.01.19 14:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006.11.02 16:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006.11.02 16:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008.01.19 12:49:17 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007.01.18 21:40:56 | 00,219,392 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I [Disabled | Stopped])
[2007.01.18 21:47:18 | 00,211,072 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N [Disabled | Stopped])
[2008.01.19 12:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006.07.28 19:25:26 | 00,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter [Boot | Running])
[2006.11.02 16:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006.11.02 16:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006.11.02 16:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008.01.19 12:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006.11.02 16:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008.09.29 08:07:00 | 00,074,648 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
[2008.09.29 08:07:00 | 00,090,360 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2008.09.29 08:07:00 | 00,042,424 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2008.09.29 08:07:00 | 00,340,592 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk [Boot | Running])
[2008.09.29 08:07:00 | 00,064,432 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet [On_Demand | Stopped])
[2008.09.29 08:07:00 | 00,062,704 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik [System | Running])
[2008.01.19 12:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006.11.02 16:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008.01.19 12:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006.11.02 16:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008.08.27 08:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008.01.19 12:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2008.01.19 14:41:40 | 00,028,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Boot | Running])
[2006.11.02 16:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008.01.19 12:53:28 | 00,052,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2008.01.19 14:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008.01.19 14:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008.05.20 09:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2007.09.26 12:12:22 | 02,251,776 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32 [On_Demand | Stopped])
[2008.11.17 15:40:22 | 03,668,480 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32 [On_Demand | Running])
[2006.11.02 16:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008.01.19 12:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006.11.02 14:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006.11.02 16:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006.11.02 16:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006.11.02 16:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2008.10.06 06:16:25 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
[2006.11.02 16:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008.04.05 08:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006.11.02 16:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006.11.02 16:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008.01.19 12:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008.01.19 12:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008.01.19 13:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008.01.19 12:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2007.04.30 12:42:14 | 00,081,408 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
[2008.01.19 14:42:41 | 00,081,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Boot | Running])
[2008.01.19 12:32:56 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006.11.02 13:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008.01.19 12:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2008.01.19 12:49:46 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [On_Demand | Stopped])
[2006.11.02 15:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2008.01.19 12:49:46 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006.11.02 16:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006.11.02 16:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006.11.02 16:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008.01.19 12:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2008.01.19 14:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008.10.15 05:51:40 | 00,717,296 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007.11.30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP [On_Demand | Stopped])
[2007.11.30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2007.11.30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2008.01.19 12:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008.01.19 12:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006.11.02 16:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2008.10.03 14:14:08 | 00,012,848 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008.11.06 12:28:51 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008.10.03 14:14:10 | 00,146,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2008.10.03 14:14:10 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2008.10.03 14:14:12 | 00,037,936 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV [On_Demand | Running])
[2008.10.03 14:14:10 | 00,027,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008.10.03 14:14:10 | 00,187,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2006.11.02 16:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006.11.02 16:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008.06.20 06:37:00 | 00,200,112 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2008.01.19 12:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006.10.18 15:50:04 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
[2008.01.19 12:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2007.01.24 19:44:06 | 00,290,304 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
[2006.10.23 19:32:20 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec [On_Demand | Running])
[2008.01.19 13:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008.01.19 12:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008.01.19 12:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2007.11.09 04:00:52 | 00,023,640 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ [Boot | Running])
[2006.11.02 16:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006.11.02 16:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006.11.02 16:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006.11.02 16:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006.11.02 16:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008.01.19 12:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006.11.02 15:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008.01.19 12:53:38 | 00,134,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
[2008.01.19 12:56:08 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2007.04.16 14:19:10 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
[2006.11.02 15:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006.11.02 15:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006.11.02 16:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008.01.19 14:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008.01.19 14:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006.11.02 16:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006.11.02 15:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006.11.02 16:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008.01.19 14:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006.11.02 15:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2008.01.19 12:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{83821C2B-32A8-4DD7-B6D4-44309A78E668}" (HKLM) -- C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1432365773-3656013238-2386469604-1001\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"StartPageCache"=

[HKEY_USERS\S-1-5-21-1432365773-3656013238-2386469604-1001\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{83821C2B-32A8-4DD7-B6D4-44309A78E668}" (HKLM) -- C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll ()

[HKEY_USERS\S-1-5-21-1432365773-3656013238-2386469604-1001\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1432365773-3656013238-2386469604-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{09900DE8-1DCA-443F-9243-26FF581438AF}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\program files\google\googletoolbar2.dll File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1432365773-3656013238-2386469604-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{09900DE8-1DCA-443F-9243-26FF581438AF}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1432365773-3656013238-2386469604-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\program files\google\googletoolbar2.dll File not found

[HKEY_USERS\S-1-5-21-1432365773-3656013238-2386469604-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
"HSON"=%ProgramFiles%\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
"HWSetup"=\HWSetup.exe hwSetUP File not found
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
"Lingvo Launcher"="E:\темп\Lvagent.exe" /STARTUP (ABBYY (BIT Software))
"MAgent"=C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM (Mail.Ru)
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey (McAfee, Inc.)
"NDSTray.exe"=NDSTray.exe File not found
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL (TOSHIBA)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup (TOSHIBA)
"TPwrMain"=%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" ()
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"fsm"= File not found
"Google Update"="C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
"ICQ"="C:\PROGRA~1\ICQ6.5\ICQ.exe" silent File not found
"Infium"="C:\Program Files\QIP Infium\infium.exe" (QIP)
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup (Macrovision Corporation)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Punto Switcher"=C:\Program Files\Punto Switcher\punto.exe (ООО Яндекс)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1432365773-3656013238-2386469604-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"fsm"= File not found
"Google Update"="C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
"ICQ"="C:\PROGRA~1\ICQ6.5\ICQ.exe" silent File not found
"Infium"="C:\Program Files\QIP Infium\infium.exe" (QIP)
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup (Macrovision Corporation)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Punto Switcher"=C:\Program Files\Punto Switcher\punto.exe (ООО Яндекс)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Online-словари: C:\Program Files\PRMT8\PRMTIE\oda.htm File not found
Настроить параметры перевода: C:\Program Files\PRMT8\PRMTIE\options.htm File not found
Незнакомые слова: C:\Program Files\PRMT8\PRMTIE\infopanel.htm File not found
Открыть словарную статью: C:\Program Files\PRMT8\PRMTIE\addentry.htm File not found
Перевести: C:\Program Files\PRMT8\PRMTIE\translat.htm File not found
Перевести страницу: C:\Program Files\PRMT8\PRMTIE\page.htm File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Online-словари: C:\Program Files\PRMT8\PRMTIE\oda.htm File not found
Настроить параметры перевода: C:\Program Files\PRMT8\PRMTIE\options.htm File not found
Незнакомые слова: C:\Program Files\PRMT8\PRMTIE\infopanel.htm File not found
Открыть словарную статью: C:\Program Files\PRMT8\PRMTIE\addentry.htm File not found
Перевести: C:\Program Files\PRMT8\PRMTIE\translat.htm File not found
Перевести страницу: C:\Program Files\PRMT8\PRMTIE\page.htm File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Online-словари: Reg Error: Key does not exist or could not be opened. File not found
Настроить параметры перевода: Reg Error: Key does not exist or could not be opened. File not found
Незнакомые слова: Reg Error: Key does not exist or could not be opened. File not found
Открыть словарную статью: Reg Error: Key does not exist or could not be opened. File not found
Перевести: Reg Error: Key does not exist or could not be opened. File not found
Перевести страницу: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Online-словари: Reg Error: Key does not exist or could not be opened. File not found
Настроить параметры перевода: Reg Error: Key does not exist or could not be opened. File not found
Незнакомые слова: Reg Error: Key does not exist or could not be opened. File not found
Открыть словарную статью: Reg Error: Key does not exist or could not be opened. File not found
Перевести: Reg Error: Key does not exist or could not be opened. File not found
Перевести страницу: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1432365773-3656013238-2386469604-1001\Software\Microsoft\Internet Explorer\MenuExt\]
Online-словари: Reg Error: Key does not exist or could not be opened. File not found
Настроить параметры перевода: Reg Error: Key does not exist or could not be opened. File not found
Незнакомые слова: Reg Error: Key does not exist or could not be opened. File not found
Открыть словарную статью: Reg Error: Key does not exist or could not be opened. File not found
Перевести: Reg Error: Key does not exist or could not be opened. File not found
Перевести страницу: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Отправить в OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007.12.13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: &Отправить в OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007.12.13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{7558B7E5-7B26-4201-BEDB-00D5FF534523}: Button: Mail.Ru Агент -- %ProgramFiles%\Mail.Ru\Agent\magent.exe [2008.10.04 02:41:09 | 04,417,016 | ---- | M] (Mail.Ru)
{7558B7E5-7B26-4201-BEDB-00D5FF534523}: Menu: Mail.Ru Агент -- %ProgramFiles%\Mail.Ru\Agent\magent.exe [2008.10.04 02:41:09 | 04,417,016 | ---- | M] (Mail.Ru)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008.08.11 16:46:50 | 01,443,112 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006.10.27 00:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class

========== (O17) DNS Name Servers ==========

{2F67C971-2AAB-46A0-A2C4-1FF8280A7BBC} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)
{A43C0454-F1C7-4A8B-B18F-48508DDC49C5} (Servers: | Description: Intel® Wireless WiFi Link 4965AGN)
{D14E48FE-F435-4037-A896-16E06B3971A3} (Servers: | Description: Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0))

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008.01.19 14:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008.01.19 14:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006.09.19 04:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

autorun.inf [[AutoRun] | open=LaunchU3.exe -a | icon=LaunchU3.exe,0 | action=Run U3 Launchpad | | [Definitions] | Launchpad=LaunchPad.exe | Vtype=2 | | [CopyFiles] | FileNumber=1 | File1=LaunchPad.zip | | [Update] | URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.6.1.2&brand=PelicanBFG | | | [Comment] | brand=PelicanBFG | ]
[2008.05.06 19:26:23 | 00,000,309 | R--- | M] () -- I:\autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9e5ef36-c8c5-11dc-a751-0013e8a28473}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9e5ef36-c8c5-11dc-a751-0013e8a28473}\Shell\AutoRun\command]
""=H:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\Shell\AutoRun\command]
""=I:\LaunchU3.exe -- [2007.10.23 14:45:39 | 01,336,632 | R--- | M] ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[1 C:\Users\admin\Desktop\*.tmp files]
[2009.02.18 03:22:02 | 00,286,517 | ---- | C] () -- C:\Users\admin\Desktop\Ansys simulation of pin.pptx
[2009.02.18 03:22:02 | 00,000,165 | -H-- | C] () -- C:\Users\admin\Desktop\~$Ansys simulation of pin.pptx
[2009.02.18 03:14:57 | 21,458,20672 | -HS- | C] () -- C:\hiberfil.sys
[2009.02.15 09:43:30 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009.02.15 09:43:29 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009.02.15 09:43:28 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009.02.15 09:43:27 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009.02.15 09:43:27 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009.02.13 11:50:49 | 05,699,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009.02.13 11:50:49 | 01,659,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009.02.13 06:20:20 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\DassaultSystemes
[2009.02.13 06:20:20 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\DassaultSystemes
[2009.02.13 06:20:20 | 00,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes
[2009.02.12 06:50:02 | 36,694,8352 | ---- | C] () -- C:\Extreme Engineering - 2x01 - Turning Torso.avi
[2009.02.12 06:49:38 | 00,028,402 | ---- | C] () -- C:\Users\admin\Desktop\[isoHunt] Extreme Engineering - 2x01 - Turning Torso.avi.torrent
[2009.02.12 06:39:55 | 00,000,000 | ---D | C] -- C:\Extreme.Engineering.S03E04.Woodrow.Wilson.Bridge.HDTV.AC3.XviD-FQM
[2009.02.12 06:39:06 | 00,028,807 | ---- | C] () -- C:\Users\admin\Desktop\[isoHunt] Extreme.Engineering.S03E04.Woodrow.Wilson.Bridge.HDTV.AC3.XviD-F.1377368.SN.torrent
[2009.02.12 06:37:41 | 45,675,3280 | ---- | C] () -- C:\Building_Hong_Kong's_Airport-Discovery_Channel_-_1x07_-_Extreme_Engineering.mpg
[2009.02.12 06:33:52 | 00,054,589 | ---- | C] () -- C:\Users\admin\Desktop\[isoHunt] Extreme.Engineering.S01.DVDRip.Xvid-FFNDVD.torrent
[2009.02.11 07:39:37 | 17,400,09793 | ---- | C] () -- C:\Ansys 11.rar
[2009.02.10 03:21:57 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Ansys
[2009.02.10 03:16:35 | 01,916,928 | ---- | C] () -- C:\Users\admin\Desktop\a110sp1_calc.exe
[2009.02.10 02:52:50 | 01,009,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mschrt20.ocx
[2009.02.10 02:52:49 | 00,389,120 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.DockingPane.Unicode.9601.ocx
[2009.02.10 02:49:01 | 00,000,000 | ---D | C] -- C:\Program Files\ANSYS Inc
[2009.02.10 01:02:42 | 00,618,496 | ---- | C] () -- C:\Users\admin\Desktop\five love languages.doc
[2009.02.09 10:50:07 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Mathsoft
[2009.02.09 10:43:28 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Mathsoft
[2009.02.09 10:36:40 | 00,000,000 | ---D | C] -- C:\Program Files\Mathcad
[2009.02.09 09:32:51 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Pro
[2009.02.09 09:32:45 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009.02.09 09:32:41 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009.02.09 09:32:21 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
[2009.02.06 12:24:47 | 00,185,056 | ---- | C] () -- C:\91fc8aa122a1 copy.jpg
[2009.02.05 21:52:42 | 00,256,512 | ---- | C] () -- C:\Wensina.pps
[2009.02.03 12:01:02 | 00,000,000 | ---D | C] -- C:\Users\admin\Documents\Downloads
[2009.02.03 11:59:58 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Apps
[2009.02.03 11:59:57 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Deployment
[2009.02.03 11:57:45 | 00,000,000 | ---D | C] -- C:\Program Files\BreakPoint Software
[2009.02.03 11:00:48 | 00,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.02 09:44:31 | 00,056,221 | ---- | C] () -- C:\Users\admin\Desktop\прикол.jpg
[2009.02.02 06:40:02 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Winamp
[2009.02.02 06:40:02 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp
[2009.01.30 02:01:47 | 04,083,462 | ---- | C] () -- C:\Users\admin\Desktop\PhotoshopCS.chm
[2009.01.30 01:59:15 | 06,201,322 | ---- | C] () -- C:\Users\admin\Desktop\Mathcad.chm
[2009.01.30 01:55:29 | 05,144,800 | ---- | C] () -- C:\Users\admin\Desktop\Matlab.chm
[2009.01.28 14:24:53 | 00,029,021 | ---- | C] () -- C:\Users\admin\Desktop\филмы.docx
[2009.01.28 05:35:21 | 00,006,198 | ---- | C] () -- C:\Users\admin\Desktop\image001.jpg
[2009.01.26 11:07:24 | 00,000,000 | ---D | C] -- C:\Users\admin\Desktop\БИЛЕТ ДОМОЙ !!!!!
[2009.01.24 04:29:43 | 00,000,000 | ---D | C] -- C:\Users\admin\Desktop\German visa
[2009.01.24 01:50:11 | 00,017,110 | ---- | C] () -- C:\Users\admin\Desktop\us-time-zone-map.gif
[2009.01.23 12:55:05 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009.01.23 07:00:28 | 00,000,000 | ---D | C] -- C:\QUARANTINE
[2009.01.22 03:04:02 | 00,000,000 | ---D | C] -- C:\Users\admin\Desktop\Recent DLLs
[2009.01.22 01:56:09 | 00,064,432 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2009.01.22 01:56:08 | 00,042,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2009.01.22 01:56:07 | 00,074,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2009.01.22 01:56:06 | 00,090,360 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2009.01.22 01:56:05 | 00,062,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2009.01.22 01:56:04 | 00,340,592 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2009.01.22 01:56:02 | 00,067,904 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2009.01.22 01:54:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2009.01.22 01:54:25 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009.01.22 01:54:17 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009.01.22 01:54:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009.01.22 01:48:45 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009.01.22 01:48:43 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Users\admin\Desktop\KillBox.exe
[2009.01.22 01:29:37 | 00,000,000 | ---D | C] -- C:\Users\admin\Desktop\virus info
[2009.01.21 09:05:43 | 00,000,000 | ---D | C] -- C:\Users\admin\Desktop\модели
[2009.01.21 06:54:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009.01.20 22:54:44 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009.01.20 22:54:44 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009.01.20 22:54:44 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009.01.20 22:54:44 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009.01.20 22:54:44 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009.01.20 22:54:43 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009.01.20 22:54:43 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009.01.20 22:54:43 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009.01.20 22:54:43 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009.01.20 22:54:43 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrivacIE.dll
[2009.01.20 22:54:43 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009.01.20 22:54:43 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009.01.20 22:54:42 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009.01.20 22:54:42 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009.01.20 22:54:42 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009.01.20 22:54:42 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009.01.20 22:54:42 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009.01.20 22:54:42 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009.01.20 22:54:42 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009.01.20 22:54:41 | 00,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009.01.20 22:54:41 | 00,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009.01.20 22:54:41 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009.01.20 22:54:41 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009.01.20 22:54:41 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009.01.20 22:54:41 | 00,056,413 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009.01.20 22:54:40 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009.01.20 22:54:40 | 00,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009.01.20 22:54:40 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009.01.20 22:54:40 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009.01.20 22:54:40 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009.01.20 22:54:40 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009.01.20 22:54:39 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009.01.20 22:54:39 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009.01.20 22:54:39 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009.01.20 22:54:39 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009.01.20 22:54:39 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009.01.20 22:54:39 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009.01.20 22:54:39 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009.01.20 22:54:38 | 01,778,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009.01.20 22:54:38 | 00,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009.01.20 22:54:38 | 00,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009.01.20 22:54:37 | 03,670,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009.01.20 22:54:37 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009.01.20 22:54:37 | 00,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009.01.20 22:54:37 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009.01.20 22:54:37 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009.01.20 22:54:36 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009.01.20 22:54:36 | 00,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009.01.20 22:54:36 | 00,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009.01.20 22:54:35 | 11,985,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009.01.20 22:54:35 | 01,415,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009.01.20 22:47:38 | 00,000,134 | ---- | C] () -- C:\Users\admin\Desktop\Internet Explorer Troubleshooting.url
[2009.01.20 12:53:58 | 00,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009.01.20 04:54:14 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2009.01.19 13:54:39 | 00,002,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
[2009.01.19 12:34:58 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.01.19 12:34:58 | 00,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.01.19 12:34:55 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.01.19 12:34:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.01.19 12:34:54 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.01.19 12:27:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009.01.19 12:22:46 | 00,002,087 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2009.01.19 12:22:46 | 00,001,660 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
[2009.01.19 12:22:46 | 00,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Окно состояния.lnk
[2009.01.19 12:22:46 | 00,000,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
[2009.01.19 11:45:20 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009.01.19 11:23:52 | 00,001,879 | ---- | C] () -- C:\Users\admin\Desktop\HijackThis.lnk
[2009.01.19 11:23:52 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009.01.19 11:23:43 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HJTInstall.exe
[2009.01.19 06:35:04 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009.01.19 05:37:23 | 00,000,000 | ---D | C] -- C:\Users\admin\Desktop\KASPERSKY ANTI-VIRUS 7.0.1.325(With 100 NEW SERIAL KEYS)

========== Files - Modified Within 30 Days ==========

[2 C:\Windows\System32\*.tmp files]
[1 C:\Windows\*.tmp files]
[1 C:\Users\admin\Desktop\*.tmp files]
[2009.02.18 03:27:58 | 00,286,517 | ---- | M] () -- C:\Users\admin\Desktop\Ansys simulation of pin.pptx
[2009.02.18 03:22:02 | 00,000,165 | -H-- | M] () -- C:\Users\admin\Desktop\~$Ansys simulation of pin.pptx
[2009.02.18 03:21:09 | 01,519,474 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.02.18 03:21:09 | 00,674,222 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2009.02.18 03:21:09 | 00,607,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.02.18 03:21:09 | 00,134,340 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2009.02.18 03:21:09 | 00,109,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.02.18 03:20:14 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{183E2C8B-9E6E-49C2-A42A-78C4D223EE23}.job
[2009.02.18 03:15:11 | 00,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2009.02.18 03:15:10 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.02.18 03:15:09 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.02.18 03:15:09 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.02.18 03:15:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.02.18 03:14:57 | 21,458,20672 | -HS- | M] () -- C:\hiberfil.sys
[2009.02.15 11:13:17 | 00,579,576 | ---- | M] () -- C:\Users\admin\Documents\Default2.sfvidcap
[2009.02.14 01:49:32 | 00,055,296 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.13 14:46:05 | 00,000,680 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2009.02.12 08:02:51 | 45,675,3280 | ---- | M] () -- C:\Building_Hong_Kong's_Airport-Discovery_Channel_-_1x07_-_Extreme_Engineering.mpg
[2009.02.12 08:02:51 | 36,694,8352 | ---- | M] () -- C:\Extreme Engineering - 2x01 - Turning Torso.avi
[2009.02.12 06:49:40 | 00,028,402 | ---- | M] () -- C:\Users\admin\Desktop\[isoHunt] Extreme Engineering - 2x01 - Turning Torso.avi.torrent
[2009.02.12 06:39:07 | 00,028,807 | ---- | M] () -- C:\Users\admin\Desktop\[isoHunt] Extreme.Engineering.S03E04.Woodrow.Wilson.Bridge.HDTV.AC3.XviD-F.1377368.SN.torrent
[2009.02.12 06:33:57 | 00,054,589 | ---- | M] () -- C:\Users\admin\Desktop\[isoHunt] Extreme.Engineering.S01.DVDRip.Xvid-FFNDVD.torrent
[2009.02.11 07:45:15 | 17,400,09793 | ---- | M] () -- C:\Ansys 11.rar
[2009.02.10 01:02:46 | 00,618,496 | ---- | M] () -- C:\Users\admin\Desktop\five love languages.doc
[2009.02.10 00:09:25 | 01,916,928 | ---- | M] () -- C:\Users\admin\Desktop\a110sp1_calc.exe
[2009.02.09 10:53:29 | 00,401,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.02.09 10:44:17 | 00,114,760 | ---- | M] () -- C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.02.06 12:24:08 | 00,185,056 | ---- | M] () -- C:\91fc8aa122a1 copy.jpg
[2009.02.05 21:54:23 | 00,256,512 | ---- | M] () -- C:\Wensina.pps
[2009.02.04 06:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009.02.03 11:57:51 | 00,000,374 | ---- | M] () -- C:\Windows\win.ini
[2009.02.03 11:00:48 | 00,000,047 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009.02.02 09:43:59 | 00,056,221 | ---- | M] () -- C:\Users\admin\Desktop\прикол.jpg
[2009.01.31 14:05:27 | 00,000,508 | ---- | M] () -- C:\Users\admin\Documents\My Sharing Folders.lnk
[2009.01.30 02:01:47 | 04,083,462 | ---- | M] () -- C:\Users\admin\Desktop\PhotoshopCS.chm
[2009.01.30 01:59:15 | 06,201,322 | ---- | M] () -- C:\Users\admin\Desktop\Mathcad.chm
[2009.01.30 01:56:09 | 05,144,800 | ---- | M] () -- C:\Users\admin\Desktop\Matlab.chm
[2009.01.28 14:46:31 | 00,029,021 | ---- | M] () -- C:\Users\admin\Desktop\филмы.docx
[2009.01.28 05:34:55 | 00,006,198 | ---- | M] () -- C:\Users\admin\Desktop\image001.jpg
[2009.01.24 01:50:03 | 00,017,110 | ---- | M] () -- C:\Users\admin\Desktop\us-time-zone-map.gif
[2009.01.21 13:39:14 | 00,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Users\admin\Desktop\KillBox.exe
[2009.01.20 22:47:38 | 00,000,134 | ---- | M] () -- C:\Users\admin\Desktop\Internet Explorer Troubleshooting.url
[2009.01.20 12:53:58 | 00,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009.01.19 13:54:39 | 00,002,095 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
[2009.01.19 12:34:58 | 00,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.01.19 11:23:52 | 00,001,879 | ---- | M] () -- C:\Users\admin\Desktop\HijackThis.lnk
[2009.01.19 11:23:41 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HJTInstall.exe
< End of report >

Edited by Billy O'Neal, 19 February 2009 - 05:28 PM.


#4 evangelist1

evangelist1
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 19 February 2009 - 11:49 AM

<<< DUPLICATE POST REMOVED BY BILL >>>

Edited by Billy O'Neal, 19 February 2009 - 05:28 PM.


#5 evangelist1

evangelist1
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 19 February 2009 - 11:50 AM

I cant attach Gmer log file......its size is 568 kb, but max single upload size is 189 k !!////.....

Edited by evangelist1, 19 February 2009 - 11:56 AM.


#6 Billy O'Neal

Billy O'Neal

    Bleepin Microsoftie Engineer


  • Malware Response Instructor
  • 11,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:09 PM

Posted 19 February 2009 - 05:29 PM

I have removed the attachments above. The max size should be 500k now.

Zip up the GMER report before posting it and it should fit :thumbup2:

Billy3
Look buddy, I'm an Engineer, and that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall within the purview of your conundrums of philosophy....
GitHub - Twitter
My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)

#7 Billy O'Neal

Billy O'Neal

    Bleepin Microsoftie Engineer


  • Malware Response Instructor
  • 11,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:09 PM

Posted 19 February 2009 - 05:30 PM

Also... you ran the wrong tool. The link I provided above was for OTListIt2 rather than OTViewIt.

Please take a log with the OTListIt tool.

Billy3
Look buddy, I'm an Engineer, and that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall within the purview of your conundrums of philosophy....
GitHub - Twitter
My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)

#8 evangelist1

evangelist1
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 19 February 2009 - 07:12 PM

hi

thanks a lot for your time..))
What is going on with my laptop is: everything works fine, except internet explorer (and i tried google chrome, mozilla..).
in normal mode internet explorer is not able to connect to internet. Although ISQ, skype, windows messeger work perfectly.
Internet explorer works only in Safe Mode.

Some пнуы tried to help me - using "hijack this", but failed, couldnt figure out what is going on.

I appreciate your help.

here is gmer

here is gmer file

Attached Files



#9 evangelist1

evangelist1
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 19 February 2009 - 07:14 PM

here is gmer file

here is gmer file

Edited by evangelist1, 19 February 2009 - 07:14 PM.


#10 evangelist1

evangelist1
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 19 February 2009 - 07:17 PM

excuse me, but I tried may be 6 times, couldnt upload gmer file..it is zipped, 28.7 kb

#11 evangelist1

evangelist1
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 19 February 2009 - 07:20 PM

Also, ITlistIt after scanning and creating 1-st text file didnt create 2nd log file and showed this message: "access violation at adress 779D5973 in module ntdll.dll. Read of adress 0000001A"

#12 Billy O'Neal

Billy O'Neal

    Bleepin Microsoftie Engineer


  • Malware Response Instructor
  • 11,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:09 PM

Posted 19 February 2009 - 09:17 PM

That logfile has been modified. Please do not modify the contents of the log.

Please take another log without modifying the contents.

Go ahead and upload the GMER file here:
http://bleepingcomputer.com/submit-malware.php?channel=54

Billy3
Look buddy, I'm an Engineer, and that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall within the purview of your conundrums of philosophy....
GitHub - Twitter
My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)

#13 evangelist1

evangelist1
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 20 February 2009 - 12:40 AM

Hi
I submitted gmer zipped file to the link you provided..


excuse me Bill, may be i just dont understand...what do you mean by "That logfile has been modified. Please do not modify the contents of the log.

Please take another log without modifying the contents". I didnt modified log, i just ran the scan and that s it..)))

sincerely.evangelist1

#14 Billy O'Neal

Billy O'Neal

    Bleepin Microsoftie Engineer


  • Malware Response Instructor
  • 11,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:09 PM

Posted 20 February 2009 - 06:32 PM

Hello, evangelist1

Please take another log without modifying the contents". I didnt modified log, i just ran the scan and that s it..)))


Sorry.. entirely my fault.

The text editor I was using didn't know how to display the cryllic characters in your log. As a result, it came out that every place your username was were ????? marks. Commonly users modify their username out of the log, and I thought you had done so.

Sorry about that.


[2009.01.26 11:07:24 | 00,000,000 | ---D | C] -- C:\Users\admin\Desktop\БИЛЕТ ДОМОЙ !!!!!

Do you recognise this file? Can you translate it for me?

We need to back up your registry
  • Please download ERUNT and save it to your desktop.
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
We need to run an OTListIt2 Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :otli
    O4 - HKCU..\Run: [fsm]  File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-1432365773-3656013238-2386469604-1001\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-1432365773-3656013238-2386469604-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll File not found
    O3 - HKU\S-1-5-21-1432365773-3656013238-2386469604-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: []  File not found
    O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} -  File not found
    O13 - gopher Prefix: missing
    :commands
    [EmptyTemp]
    [Reboot]
  • Push Posted Image
  • OTLI2 may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTListIt2 Fix Log
  • ESET OnlineScan's Log
  • A new OTListIt2 log

BillyIII
Look buddy, I'm an Engineer, and that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall within the purview of your conundrums of philosophy....
GitHub - Twitter
My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)

#15 Billy O'Neal

Billy O'Neal

    Bleepin Microsoftie Engineer


  • Malware Response Instructor
  • 11,977 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:09 PM

Posted 26 February 2009 - 08:28 PM

Hello, evangelist1
Are you still here?

BillyIII
Look buddy, I'm an Engineer, and that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall within the purview of your conundrums of philosophy....
GitHub - Twitter
My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users