Vista not updating and other problems

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Vista not updating and other problems Unknown Virus and need help removing

#1 Madmickc

Member

Group: Members
Posts: 15
Joined: 16-May 11

Posted 25 May 2011 - 05:47 PM

Am running Visat Home premium with SP 2.

Recently figured out it hadn't updated for about 2 months so tried to do manual updates but unable to.

Also the antivirus is now not loading (NOD32) and is being locked out of its kernal. tried uninstalling but unable to uninstall as some registry keys are blocked.

Also some flash sites and forms (the registration form for this site) throw up a page of wierd characters like:
��Y_s�6�f�Pe��=��$��d�&q�S�Nc�4}�$H�" �,�N��-

Have run:
Malawarebytes Anti Malware
Spybot
Sophos anti rootkit
Superantispyware

These have found and destroyed some things but still the same problems.

Installed Avast Antivirus and loaded OK but when restarted it too is blocked from starting.

Methinks there is a problem beyond my expertise.

Have also been through some procedures with you guys in: http://www.bleepingcomputer.com/forums/topic397653.html
.

Logs attached to this post of the Newest procedures.

Forgot the DDS Log

Attached File(s)

Attach.txt (15.41K)
Number of downloads: 0
ark.txt (191.41K)
Number of downloads: 2
DDS.txt (19.41K)
Number of downloads: 3

#2 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 02 June 2011 - 11:25 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)

Link 2 (zipped file)

Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth Code, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

NEXT:

Running OTL

We need to create a FULL OTL Report

Please download OTL from here:
- Main Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 Madmickc

Member

Group: Members
Posts: 15
Joined: 16-May 11

Posted 02 June 2011 - 08:27 PM

Hi SweetTech,

Thanks for taking the time to help me out with this problem. Not a problem with the delays as I can see by the forums that there is a lot of virus activity and can understand the problems that it is causing you people. For volunteers you all do a great job.

Computer had not changed whilst waiting for your reply, though I occasionally get Net 1.0 errors on startup (this is new).

Anyhow have run the scans and logs are attached.

OTL Extras logfile created on: 3/06/2011 10:53:09 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Michael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.50 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 58.25% Memory free
7.18 Gb Paging File | 5.84 Gb Available in Paging File | 81.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.31 Gb Total Space | 89.12 Gb Free Space | 40.45% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 66.47 Gb Free Space | 28.54% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 5.60 Gb Free Space | 55.99% Space Free | Partition Type: NTFS

Computer Name: SHARON-LAPTOP | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3164679014-3946964612-3241255314-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\Michael\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3164679014-3946964612-3241255314-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17D7A46A-9B32-4F70-A62B-C71466C91674}" = lport=10777 | protocol=17 | dir=in | name=passware kit enterprise 9.7 |
"{217EF8E8-9B43-47DD-8822-69EC56E80519}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{73CDD6CA-807B-4623-A784-E82E8D91ABF3}" = lport=41982 | protocol=6 | dir=in | name=mobilenoter |
"{E5F541BA-947F-454E-B8A7-251C6EFB82A9}" = lport=41982 | protocol=6 | dir=in | name=mobilenoter |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A92BBA-E9A0-4480-8E50-10274FAF9ECE}" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"{2309E58F-EFC1-4E13-94FB-C2ED79E03BAA}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{29142F25-1C5C-4ABC-9930-4012C7AABD85}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3C3D62FC-9DD0-453F-B0DF-B327D0ECE290}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{453E59A7-CAF6-4908-838B-676D77DD6A34}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{77DB9FC1-D8E7-4331-954B-98FE8C12DAF3}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{7FE57331-CE23-4363-AF5E-FB244F5723FE}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D1D3D86D-182F-47A1-AEA8-E341B4B85D97}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F1C0624F-49AE-4B9E-8972-4CADED5C0DE5}" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"{F316BF6F-3E79-43E3-8E71-117E06480D1B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FB706895-31EF-49A6-B139-6EB56BE6CAB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE565B7D-3EDA-44F5-926A-E655C6CD5A4A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{059B8C1E-1015-4C38-9257-0FEA946B5C83}M:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=m:\xampp\apache\bin\httpd.exe |
"TCP Query User{06B35292-B0E7-4FE8-BA4B-EF3109E46A8D}C:\program files\catvids\catvids.exe" = protocol=6 | dir=in | app=c:\program files\catvids\catvids.exe |
"TCP Query User{06E3CCDE-66FA-4A8E-8884-7A210893B6ED}G:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=g:\xampp\apache\bin\httpd.exe |
"TCP Query User{088BE625-E5C1-4B51-9C60-BD7987156BA6}C:\program files\common files\java\java update\jaucheck.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jaucheck.exe |
"TCP Query User{09FDF478-9F81-4AFC-BEC9-8A23BA35AF2C}G:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=g:\xampp\apache\bin\httpd.exe |
"TCP Query User{0C291E39-6072-43B7-B468-181925CFB108}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"TCP Query User{1350D30E-3708-4E59-B594-3F531B5D1CDA}C:\users\michael\appdata\local\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\mozilla firefox\firefox.exe |
"TCP Query User{1AB6AA35-653B-4A1A-BEE4-38D950BEF95C}C:\program files\seamonkey\seamonkey.exe" = protocol=6 | dir=in | app=c:\program files\seamonkey\seamonkey.exe |
"TCP Query User{26AD85D5-5EDB-4549-B06D-F7C2E33DE844}C:\program files\common files\adobe\oobe\pdapp\uwa\aam updates notifier.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\oobe\pdapp\uwa\aam updates notifier.exe |
"TCP Query User{2999BDDB-5E22-47D9-A4C6-F6381292250F}C:\users\michael\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\google\update\googleupdate.exe |
"TCP Query User{2BE3E3B8-4C48-40DD-8B5E-58BE17759BA8}C:\program files\sony ericsson\sony ericsson pc companion\pccompanion.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson pc companion\pccompanion.exe |
"TCP Query User{3069909B-0ADD-45E6-98B6-722F0B43DB08}C:\program files\weatherzone tracker\weather_tracker.exe" = protocol=6 | dir=in | app=c:\program files\weatherzone tracker\weather_tracker.exe |
"TCP Query User{317AD4AD-2780-4F1A-BCDE-1C89BA99E7FA}C:\program files\collectorz.com\movie collector\moviecollector.exe" = protocol=6 | dir=in | app=c:\program files\collectorz.com\movie collector\moviecollector.exe |
"TCP Query User{33749EA9-DEEE-41B4-B5C7-5BE230FBAADE}C:\users\michael\downloads\esetsmartinstaller_enu.exe" = protocol=6 | dir=in | app=c:\users\michael\downloads\esetsmartinstaller_enu.exe |
"TCP Query User{338C0FED-F29F-468D-8F83-DC6657A4867A}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{34782F8C-232E-4870-8730-03D6B5AEBF4E}C:\program files\avast software\avast\avastui.exe" = protocol=6 | dir=in | app=c:\program files\avast software\avast\avastui.exe |
"TCP Query User{363CA331-0965-40C9-BAA3-A65BE6B00A1A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3C5E144F-AD11-4FAA-BEE4-CFAA227FF7B0}C:\program files\common files\adobe\oobe\pdapp\core\pdapp.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\oobe\pdapp\core\pdapp.exe |
"TCP Query User{3DE6534C-41BD-4E7B-AC4A-D6A827212014}C:\program files\spybot - search & destroy\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\sdupdate.exe |
"TCP Query User{41582729-7CED-4DA3-9F3D-1422A85CCA9E}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{41BF7B72-23C9-407E-84E3-80E01A8C680E}C:\users\michael\dropbox\.dropbox.cache\dropbox-upgrade-1.1.35.exe" = protocol=6 | dir=in | app=c:\users\michael\dropbox\.dropbox.cache\dropbox-upgrade-1.1.35.exe |
"TCP Query User{434A432E-A4A9-4A73-A206-1BF48FE6F50B}C:\windows\system32\werfault.exe" = protocol=6 | dir=in | app=c:\windows\system32\werfault.exe |
"TCP Query User{4A6B8305-62A1-415D-9777-4615BF0252B8}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"TCP Query User{4A7A3783-2A76-4567-A730-B9C0310ED409}C:\windows\system32\mstsc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mstsc.exe |
"TCP Query User{4EF50B64-8C87-4291-BB9F-745A61EA7B65}G:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{59DFDF37-EFED-4012-93A7-F233DA00A4A0}C:\program files\common files\java\java update\jaucheck.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jaucheck.exe |
"TCP Query User{5D704981-3926-4FA6-9FE9-A5FE5A8202EB}C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"TCP Query User{5EAE5377-B601-4DE2-A4F5-EBA94070849C}C:\program files\dell\mediadirect\mdirect.exe" = protocol=6 | dir=in | app=c:\program files\dell\mediadirect\mdirect.exe |
"TCP Query User{62E0A15D-C2C0-41FB-A0D3-A9CFC668C51F}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{6D1C1DAC-0938-4812-8131-0CF737606541}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=6 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe |
"TCP Query User{722FE18B-92DE-40D4-8E2E-6AC78215A646}C:\program files\adobe\adobe photoshop cs5\photoshop.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe photoshop cs5\photoshop.exe |
"TCP Query User{731E168B-3B9E-4AA7-AFD5-9D8E5D42F764}C:\users\michael\appdata\local\temp\ssupdate.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\temp\ssupdate.exe |
"TCP Query User{85AD41C5-14D0-4747-B886-23E84B24C2BB}C:\program files\photodex\proshowgold\proshow.exe" = protocol=6 | dir=in | app=c:\program files\photodex\proshowgold\proshow.exe |
"TCP Query User{866B3B9D-E8B4-42E2-8FA8-1CB7C7A432B3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{87791EC8-5806-45A1-9CCC-D28745308DA1}C:\users\michael\desktop\esetsmartinstaller_enu.exe" = protocol=6 | dir=in | app=c:\users\michael\desktop\esetsmartinstaller_enu.exe |
"TCP Query User{8791C035-3495-4DF4-83AA-CF647B1FDDE8}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"TCP Query User{8B5667A9-8F01-44A8-BC7F-64D46AA08753}C:\users\michael\desktop\ccsetup306.exe" = protocol=6 | dir=in | app=c:\users\michael\desktop\ccsetup306.exe |
"TCP Query User{8E2A0C19-84C4-4310-B594-CC8C439CFCDB}C:\users\michael\downloads\bin902-setup.exe" = protocol=6 | dir=in | app=c:\users\michael\downloads\bin902-setup.exe |
"TCP Query User{94B45FAB-E6CA-4ABD-869C-999C19B5629D}G:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{9C786DB3-2CD5-43A3-BDA1-74D8BC29F346}C:\users\michael\appdata\local\flock\application\flock.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\flock\application\flock.exe |
"TCP Query User{A07C2D85-D644-425C-A3E8-1E2D7568104E}C:\program files\collectorz.com\movie collector5\moviecollector.exe" = protocol=6 | dir=in | app=c:\program files\collectorz.com\movie collector5\moviecollector.exe |
"TCP Query User{A0963411-943A-44FD-ACB5-5146A9EB81D7}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A15CF106-FEF9-45D1-85F6-21FECB282EDF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{A36C0AD6-D38F-4DCC-B5B6-DED92D4C27B2}C:\program files\spybot - search & destroy\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\sdupdate.exe |
"TCP Query User{B0355A83-3436-401C-A8D6-4B485D0BBED6}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B3B7EEDA-343C-4C04-B165-3C4B0076056E}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"TCP Query User{B79865E1-E26C-4BBA-AE25-1B415CF03E25}C:\program files\coollector\coollector.exe" = protocol=6 | dir=in | app=c:\program files\coollector\coollector.exe |
"TCP Query User{B79EED64-44E8-4366-8FE3-5DE873FF316F}C:\program files\npvr\nextpvr.exe" = protocol=6 | dir=in | app=c:\program files\npvr\nextpvr.exe |
"TCP Query User{B8CCE1AA-BABB-44A7-A164-CF89AA93B10C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{BCA4A85B-7537-4701-9210-56F3BFA9364C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C96A8DE0-0AAD-477F-AB06-178BB96D038A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{C9F223B8-B696-43C6-820E-3903F28F3D8C}C:\program files\common files\adobe\updater6\adobe_updater.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\updater6\adobe_updater.exe |
"TCP Query User{CD6851D8-D2FF-404F-91CD-2D685937EAE5}C:\users\michael\appdata\local\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\mozilla firefox\firefox.exe |
"TCP Query User{CDDA32B4-04AF-4E03-8E37-04ED97235252}C:\users\michael\appdata\local\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\mozilla firefox\plugin-container.exe |
"TCP Query User{CEA762D3-EA64-4FB3-B75E-3BF696161E7A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D102B26C-05FA-442F-ADE2-CDBF9355B5D0}C:\windows\system32\mstsc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mstsc.exe |
"TCP Query User{D4EC5682-1EE5-4632-8A6A-18D12A5752EE}G:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=g:\xampp\apache\bin\apache.exe |
"TCP Query User{D96C3E94-3514-4CEB-B597-C6D534232BA8}C:\windows\system32\wermgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe |
"TCP Query User{D973A96D-BCF0-4CEF-BF93-C49C05B22A2D}C:\windows\system32\wercon.exe" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe |
"TCP Query User{DDC7D06B-5730-42B9-AE13-3860A2A09F33}C:\program files\eset\eset online scanner\onlinecmdlinescanner.exe" = protocol=6 | dir=in | app=c:\program files\eset\eset online scanner\onlinecmdlinescanner.exe |
"TCP Query User{DE314482-C97E-405B-9CB1-E80F4BF00864}C:\program files\eset\eset online scanner\onlinescannerapp.exe" = protocol=6 | dir=in | app=c:\program files\eset\eset online scanner\onlinescannerapp.exe |
"TCP Query User{E2D80B14-35B1-4AFE-9FC8-0B23D2806009}C:\users\michael\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\google\update\googleupdate.exe |
"TCP Query User{E48DB47E-909F-4C1B-8E92-8E66D0374CF8}C:\program files\weatherzone tracker\weather_tracker.exe" = protocol=6 | dir=in | app=c:\program files\weatherzone tracker\weather_tracker.exe |
"TCP Query User{E6C73D23-3005-40AC-9574-3782226C3A66}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{EA8C1D6D-8E63-4B47-9744-4B6F3FF77FF7}C:\program files\sony ericsson\sony ericsson pc companion\pccompanion.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson pc companion\pccompanion.exe |
"TCP Query User{EABDE724-A68B-41DE-9096-ED580A4898DB}C:\program files\Microsoft Office\Office12\WINWORD.EXE" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\winword.exe |
"TCP Query User{EEB51D73-2E03-464A-9190-F5F7B52F7940}M:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=m:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{F18116B7-3EBE-42D7-B597-ABFFD24B0CA9}C:\program files\common files\java\java update\jusched.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
"TCP Query User{F75CF206-D367-485D-914C-305AF3DE9E15}C:\program files\nortoninstaller\{397e31aa-0d78-4649-a01c-339d73a2ed35}\nss\licensetype\3.1.1.6\inststub.exe" = protocol=6 | dir=in | app=c:\program files\nortoninstaller\{397e31aa-0d78-4649-a01c-339d73a2ed35}\nss\licensetype\3.1.1.6\inststub.exe |
"TCP Query User{FD0AE1A3-8D49-4945-9182-5F2DB4713432}C:\program files\seamonkey\seamonkey.exe" = protocol=6 | dir=in | app=c:\program files\seamonkey\seamonkey.exe |
"TCP Query User{FDDBA2DA-84E6-4313-A169-7B1EC6AB8993}C:\windows\system32\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"UDP Query User{0010EB18-9284-4F59-8724-E621CB155EA8}G:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{019E115B-E3BD-4180-9781-AFF8BC90C0EE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{03BD49E7-4B0E-42F8-AFEB-981FFC803837}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{06900CCC-F423-4631-A089-17541BA9EF60}C:\program files\common files\java\java update\jusched.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
"UDP Query User{0B130932-122E-41B5-AB46-2854D8D77D5E}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{0F94D221-EA79-4C8D-9F7A-B5B700CF4E59}C:\windows\system32\wermgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe |
"UDP Query User{13344501-155D-429B-9303-BC04BDDD45C9}C:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe" = protocol=17 | dir=in | app=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe |
"UDP Query User{13CC6C01-5A9F-4EFA-B3E3-C5D8AFE67D1D}C:\program files\common files\adobe\oobe\pdapp\uwa\aam updates notifier.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\oobe\pdapp\uwa\aam updates notifier.exe |
"UDP Query User{13FD3075-6D8B-49FF-ADE2-76ACF88E42FC}C:\program files\eset\eset online scanner\onlinescannerapp.exe" = protocol=17 | dir=in | app=c:\program files\eset\eset online scanner\onlinescannerapp.exe |
"UDP Query User{143800E2-13DE-43CB-92C2-56DB66EA9472}C:\program files\coollector\coollector.exe" = protocol=17 | dir=in | app=c:\program files\coollector\coollector.exe |
"UDP Query User{17C5447F-2AC7-4F2F-982E-121354A118CD}C:\users\michael\dropbox\.dropbox.cache\dropbox-upgrade-1.1.35.exe" = protocol=17 | dir=in | app=c:\users\michael\dropbox\.dropbox.cache\dropbox-upgrade-1.1.35.exe |
"UDP Query User{19CDA667-5F57-4041-BC9D-92FAA3AF6E22}C:\program files\collectorz.com\movie collector\moviecollector.exe" = protocol=17 | dir=in | app=c:\program files\collectorz.com\movie collector\moviecollector.exe |
"UDP Query User{1E731ADC-2428-4790-A0ED-DB3A9E196F6D}C:\users\michael\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\google\update\googleupdate.exe |
"UDP Query User{24B21795-7204-4AD9-8CE6-F9CDFF4ACD71}C:\program files\Microsoft Office\Office12\WINWORD.EXE" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\winword.exe |
"UDP Query User{2F4379B5-1BF0-4D75-85F6-A35FF4DFB801}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2FDAD78D-E489-4D54-B4D0-7AF921A9722D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{30C6A8E5-F1B6-4AB8-A733-CED0F1D14A78}C:\program files\spybot - search & destroy\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\sdupdate.exe |
"UDP Query User{34BB41D6-07C9-4E76-B83D-B8EB438D07D4}C:\program files\avast software\avast\avastui.exe" = protocol=17 | dir=in | app=c:\program files\avast software\avast\avastui.exe |
"UDP Query User{3F8466BD-F3FC-405C-8485-344607778863}C:\users\michael\appdata\local\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\mozilla firefox\firefox.exe |
"UDP Query User{3FD9076C-8D24-4C0C-AAE2-7BB2D83B1E08}C:\program files\sony ericsson\sony ericsson pc companion\pccompanion.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson pc companion\pccompanion.exe |
"UDP Query User{417135F7-CDC7-4BD8-996E-E73CCE1D9A08}C:\users\michael\desktop\esetsmartinstaller_enu.exe" = protocol=17 | dir=in | app=c:\users\michael\desktop\esetsmartinstaller_enu.exe |
"UDP Query User{47328CA5-0E8B-4BFB-BE66-5F62720BE12A}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{4B255005-4F35-48D1-A84D-199E113041DB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4BAAAC30-773F-459C-AA92-85D35F9F7BA4}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4DBDB576-9830-4FC0-86DA-16BD44E3A966}C:\users\michael\appdata\local\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\mozilla firefox\firefox.exe |
"UDP Query User{4E673AF2-A305-4126-93D7-1F62D20F7619}C:\users\michael\downloads\esetsmartinstaller_enu.exe" = protocol=17 | dir=in | app=c:\users\michael\downloads\esetsmartinstaller_enu.exe |
"UDP Query User{4FF720B7-F40B-419A-8E82-C0FCCE983432}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"UDP Query User{5C028CEC-DA8B-45CA-919C-4B90913061DF}M:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=m:\xampp\apache\bin\httpd.exe |
"UDP Query User{5E9C98B4-1E92-4388-9E45-E3D0B99C4A7B}C:\windows\system32\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"UDP Query User{626FCD80-8610-49E6-AEB3-3A56332E67FB}C:\users\michael\downloads\bin902-setup.exe" = protocol=17 | dir=in | app=c:\users\michael\downloads\bin902-setup.exe |
"UDP Query User{64AE7A84-814A-4069-A0D3-F3D53F409F60}M:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=m:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{672C943E-3360-44CE-A17E-D325B73E8364}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"UDP Query User{70D5FA4D-9533-45CF-B576-E5912A08FBE8}C:\users\michael\appdata\local\flock\application\flock.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\flock\application\flock.exe |
"UDP Query User{78ACDEE1-4159-457B-9796-5E2314262A53}C:\program files\spybot - search & destroy\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\sdupdate.exe |
"UDP Query User{7B3E816A-0EE5-4C31-9A55-B1554B188744}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"UDP Query User{7D7DD816-367F-45B7-B53C-529DB11E7D0C}G:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=g:\xampp\apache\bin\httpd.exe |
"UDP Query User{8109FBF1-0481-44D8-83CA-683D970F530D}C:\users\michael\appdata\local\temp\ssupdate.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\temp\ssupdate.exe |
"UDP Query User{82E26F29-A91C-46BC-B981-4765BE38DF04}C:\program files\eset\eset online scanner\onlinecmdlinescanner.exe" = protocol=17 | dir=in | app=c:\program files\eset\eset online scanner\onlinecmdlinescanner.exe |
"UDP Query User{86164990-4AD0-4091-BC17-F53A8C07EEC8}C:\program files\weatherzone tracker\weather_tracker.exe" = protocol=17 | dir=in | app=c:\program files\weatherzone tracker\weather_tracker.exe |
"UDP Query User{880491CA-42A6-4D36-AE4B-968E92C2F0DE}C:\program files\collectorz.com\movie collector5\moviecollector.exe" = protocol=17 | dir=in | app=c:\program files\collectorz.com\movie collector5\moviecollector.exe |
"UDP Query User{893F956F-5C9C-4520-BD4B-E6063C8EE354}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"UDP Query User{8AEB831F-FD6E-4B54-89EC-29C23D93C74F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8C6ADA30-3E22-4328-BD17-4D6725FAB5CC}C:\program files\seamonkey\seamonkey.exe" = protocol=17 | dir=in | app=c:\program files\seamonkey\seamonkey.exe |
"UDP Query User{8F94D1C0-EC0E-4890-B109-A6664DFAB97F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{92673C81-DD0E-4625-83D8-905164E757E8}C:\program files\weatherzone tracker\weather_tracker.exe" = protocol=17 | dir=in | app=c:\program files\weatherzone tracker\weather_tracker.exe |
"UDP Query User{9C4AEC78-8828-4CF9-947E-C57A7E53E2E3}C:\program files\adobe\adobe photoshop cs5\photoshop.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe photoshop cs5\photoshop.exe |
"UDP Query User{9D7244E4-E87C-4BE3-A067-728731A27ACC}C:\program files\npvr\nextpvr.exe" = protocol=17 | dir=in | app=c:\program files\npvr\nextpvr.exe |
"UDP Query User{A4E50255-DB24-4B8E-BA1A-53B5CD0796DA}C:\program files\common files\adobe\oobe\pdapp\core\pdapp.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\oobe\pdapp\core\pdapp.exe |
"UDP Query User{A587CFDC-54DB-4B10-9889-53E1F8670F22}C:\program files\dell\mediadirect\mdirect.exe" = protocol=17 | dir=in | app=c:\program files\dell\mediadirect\mdirect.exe |
"UDP Query User{A5C66AD1-34FF-41C0-9400-D1285A91009A}C:\windows\system32\mstsc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mstsc.exe |
"UDP Query User{B25AD1D1-D836-406E-84AA-E0B48BDFA4E3}C:\program files\common files\java\java update\jaucheck.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jaucheck.exe |
"UDP Query User{B397419E-04B3-4E06-8CE3-12810A9D1AC5}C:\users\michael\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\google\update\googleupdate.exe |
"UDP Query User{B4553B53-61CB-4BF9-B22A-DBB7AE605986}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{B7C5EE62-D544-4B53-8F15-869758C98584}C:\program files\common files\java\java update\jaucheck.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jaucheck.exe |
"UDP Query User{C44D89E6-0F19-4660-A446-46E140621E85}C:\program files\nortoninstaller\{397e31aa-0d78-4649-a01c-339d73a2ed35}\nss\licensetype\3.1.1.6\inststub.exe" = protocol=17 | dir=in | app=c:\program files\nortoninstaller\{397e31aa-0d78-4649-a01c-339d73a2ed35}\nss\licensetype\3.1.1.6\inststub.exe |
"UDP Query User{CB6B30D6-E2E6-4FA5-8D60-75CA827F8D23}C:\program files\catvids\catvids.exe" = protocol=17 | dir=in | app=c:\program files\catvids\catvids.exe |
"UDP Query User{CBBA81C5-44C1-46DA-A036-18C4A9CADC8F}C:\program files\seamonkey\seamonkey.exe" = protocol=17 | dir=in | app=c:\program files\seamonkey\seamonkey.exe |
"UDP Query User{CE983DAC-5A37-4931-A191-69424780D19B}G:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=g:\xampp\apache\bin\httpd.exe |
"UDP Query User{D1B5543F-0365-4EE0-8629-9E9BCCECE883}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{D605AB30-5B80-4D0A-81E8-8D13792E49BB}C:\program files\sony ericsson\sony ericsson pc companion\pccompanion.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson pc companion\pccompanion.exe |
"UDP Query User{D693800C-150F-4D93-905E-E0EAE790F7A1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D6BA9264-00B1-4035-AAC5-555B3BB48482}C:\program files\photodex\proshowgold\proshow.exe" = protocol=17 | dir=in | app=c:\program files\photodex\proshowgold\proshow.exe |
"UDP Query User{DB68EFD1-A6CC-42A1-A49B-160E558EBA82}C:\windows\system32\mstsc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mstsc.exe |
"UDP Query User{DD6B21D0-0D97-45B8-AA81-3BA7F92CBE3E}G:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=g:\xampp\apache\bin\apache.exe |
"UDP Query User{E1309A97-5771-4E0A-B50B-1514C394396D}G:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{E6733651-24A9-4849-9D17-96308AE65B1B}C:\windows\system32\wercon.exe" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe |
"UDP Query User{E86448AB-F2FD-4A05-8956-FA5009C4B412}C:\program files\common files\adobe\updater6\adobe_updater.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\updater6\adobe_updater.exe |
"UDP Query User{EC6B9375-4974-46F3-A3C0-56E32961EB1D}C:\users\michael\appdata\local\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\mozilla firefox\plugin-container.exe |
"UDP Query User{F099FE30-C833-406A-9B48-9C4582506C1F}C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"UDP Query User{F3CC193B-94A7-44F6-901E-7EB6C02F5090}C:\users\michael\desktop\ccsetup306.exe" = protocol=17 | dir=in | app=c:\users\michael\desktop\ccsetup306.exe |
"UDP Query User{FA29E60F-EBED-4E05-B7AD-BC2B3849CFFF}C:\windows\system32\werfault.exe" = protocol=17 | dir=in | app=c:\windows\system32\werfault.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{12DCDE3D-5C8E-4C5E-A7E4-CEF30F578179}" = Catz 5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 24
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A329709-A0F3-11D0-9501-444553540000}_is1" = PocketMirror (Professional Edition) 4.2
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{7448C481-9F9D-4F4F-88DB-FA5C5EA2E800}" = TMPGEnc Authoring Works 4.0.2.14 Retail Version
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1" = Movie Collector
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{37180755-CA2B-40AD-9637-89FB0CE7CB36}" = Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{E3FED5B9-29D7-42E7-B10D-88AFEAF470F0}" = Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97E22DDC-203F-48DA-98CF-9BD16DFB0B98}" = RedShift 6 Premium
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C1FCFDC-9644-4558-82B4-9BB90006C12D}" = TMPGEnc Video Mastering Works 5
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A4EE4223-98B1-4874-BA6E-E8A574F9C0FF}" = Adobe Photoshop Lightroom 2.2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B3350D7C-9D1B-44B3-A5A1-EDADC0D66109}" = Kid Pix Deluxe 4 School
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC0DCD27-345B-4013-A6E0-67EC92DF32C8}" = Presto! PVR
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF731945-7AAD-45E3-A202-A60C9213915C}_is1" = ISODisk 1.1
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EDD235BB-9FB4-4604-85ED-1B14A256F4E0}" = Adobe Photoshop Lightroom 3.2
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.173
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FEBED6FC-140F-43F6-8CB5-D3C0EB0F3D66}" = Passware Kit Enterprise 9.7
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Allway Sync_is1" = Allway Sync version 9.2.22
"Amaya" = Amaya
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"avast" = avast! Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CATVids_is1" = CATVids v8
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON TX510FN Series" = EPSON TX510FN Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.5.1
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Sound Recorder_is1" = Free Sound Recorder 2010 v9.2.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GoToAssist" = GoToAssist 8.0.0.514
"HandBrake" = HandBrake 0.9.5
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"Kernel Outlook PST Viewer_is1" = Kernel Outlook PST Viewer ver 10.09.01
"LHTTSSPE" = L&H TTS3000 Español
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MING Network Monitor_is1" = MING Network Monitor 3.1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MPE" = MyPhoneExplorer
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Network Play System (Patching)" = Network Play System (Patching)
"NextPVR" = NextPVR
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0PR
"PageshotsPro_is1" = PageshotsPro 1.0.0
"Pen Tablet Driver" = Pen Tablet
"Photobook Designer" = Photobook Designer 3.4
"Photodex Presenter" = Photodex Presenter
"ProInst" = Intel® PROSet/Wireless Software
"ProShow Gold" = ProShow Gold
"Scriptocean Slideshow" = Scriptocean Slideshow 1
"SeaMonkey (2.0.14)" = SeaMonkey (2.0.14)
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"sp6" = Logitech SetPoint 6.20
"ST6UNST #1" = NINTENDO DS GAME BROWSER
"Stellarium_is1" = Stellarium 0.10.6.1
"The Sims" = The Sims
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VirtuaWin_is1" = VirtuaWin v4.3
"VLC media player" = VLC media player 1.0.5
"WBFS Manager 3.0" = WBFS Manager 3.0
"Weatherzone Tracker_is1" = Weatherzone Tracker v2.04
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3164679014-3946964612-3241255314-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"58952e318794074e" = MobileNoter
"83e2694c0cbe065f" = Download Photo Albums
"Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05
"b7c0bad11b91039e" = Album Downloader
"Dropbox" = Dropbox
"Flock" = Flock (3.5.3.4641)
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/05/2011 4:35:45 AM | Computer Name = Sharon-Laptop | Source = Flock Update | ID = 20
Description =

Error - 28/05/2011 4:41:37 AM | Computer Name = Sharon-Laptop | Source = Flock Update | ID = 20
Description =

Error - 28/05/2011 5:35:44 AM | Computer Name = Sharon-Laptop | Source = Flock Update | ID = 20
Description =

Error - 28/05/2011 5:41:39 AM | Computer Name = Sharon-Laptop | Source = Flock Update | ID = 20
Description =

Error - 28/05/2011 6:35:44 AM | Computer Name = Sharon-Laptop | Source = Flock Update | ID = 20
Description =

Error - 28/05/2011 6:41:37 AM | Computer Name = Sharon-Laptop | Source = Flock Update | ID = 20
Description =

Error - 28/05/2011 7:35:42 AM | Computer Name = Sharon-Laptop | Source = Flock Update | ID = 20
Description =

Error - 28/05/2011 7:41:37 AM | Computer Name = Sharon-Laptop | Source = Flock Update | ID = 20
Description =

Error - 28/05/2011 8:35:43 AM | Computer Name = Sharon-Laptop | Source = Flock Update | ID = 20
Description =

Error - 28/05/2011 8:41:36 AM | Computer Name = Sharon-Laptop | Source = Flock Update | ID = 20
Description =

[ Media Center Events ]
Error - 31/05/2010 2:38:28 AM | Computer Name = Sharon-Laptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 31/05/2010 2:38:52 AM | Computer Name = Sharon-Laptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 27/05/2011 4:12:11 AM | Computer Name = Sharon-Laptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 13/06/2008 5:41:46 AM | Computer Name = Sharon-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 498
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/02/2010 9:17:01 PM | Computer Name = Sharon-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/02/2010 9:18:09 PM | Computer Name = Sharon-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24/02/2010 2:56:30 AM | Computer Name = Sharon-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/06/2011 8:47:29 PM | Computer Name = Sharon-Laptop | Source = Service Control Manager | ID = 7023
Description =

Error - 2/06/2011 8:47:29 PM | Computer Name = Sharon-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 2/06/2011 8:47:29 PM | Computer Name = Sharon-Laptop | Source = Service Control Manager | ID = 7023
Description =

Error - 2/06/2011 8:47:29 PM | Computer Name = Sharon-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 2/06/2011 8:50:34 PM | Computer Name = Sharon-Laptop | Source = Service Control Manager | ID = 7023
Description =

Error - 2/06/2011 8:50:34 PM | Computer Name = Sharon-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 2/06/2011 8:50:34 PM | Computer Name = Sharon-Laptop | Source = Service Control Manager | ID = 7023
Description =

Error - 2/06/2011 8:50:34 PM | Computer Name = Sharon-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 2/06/2011 8:52:14 PM | Computer Name = Sharon-Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 2/06/2011 8:52:14 PM | Computer Name = Sharon-Laptop | Source = Service Control Manager | ID = 7023
Description =

< End of report >

OTL logfile created on: 3/06/2011 10:53:09 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Michael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.50 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 58.25% Memory free
7.18 Gb Paging File | 5.84 Gb Available in Paging File | 81.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.31 Gb Total Space | 89.12 Gb Free Space | 40.45% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 66.47 Gb Free Space | 28.54% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 5.60 Gb Free Space | 55.99% Space Free | Partition Type: NTFS

Computer Name: SHARON-LAPTOP | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/03 10:52:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2011/05/26 06:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/05/10 22:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/14 13:26:56 | 000,428,544 | ---- | M] (Sony Ericsson) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2011/04/09 00:34:16 | 000,136,312 | ---- | M] (Google Inc.) -- C:\Users\Michael\AppData\Local\Flock\Update\FlockUpdate.exe
PRC - [2011/03/01 03:57:24 | 000,017,408 | ---- | M] (Menten Holdings Ltd) -- C:\Program Files\NPVR\NTray.exe
PRC - [2010/12/13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010/11/10 06:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/29 09:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/11/26 08:07:42 | 000,157,520 | ---- | M] (NewSoft) -- C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
PRC - [2009/07/17 15:53:10 | 002,888,403 | ---- | M] () -- C:\Program Files\Weatherzone Tracker\weather_tracker.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/01/02 14:37:16 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/12/21 12:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/09/24 19:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 19:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 19:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 19:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/07/20 20:13:26 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/11/03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 19:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2004/06/09 13:27:34 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe

========== Modules (SafeList) ==========

MOD - [2011/06/03 10:52:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
MOD - [2011/05/10 22:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (XAudioService)
SRV - File not found [Auto | Stopped] -- -- (TabletServicePen)
SRV - File not found [Auto | Stopped] -- -- (STacSV)
SRV - File not found [Disabled | Stopped] -- -- (ScsiAccess)
SRV - File not found [Disabled | Stopped] -- -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- -- (RegSrvc) Intel®
SRV - File not found [Disabled | Stopped] -- -- (NPVR Recording Service)
SRV - File not found [Auto | Stopped] -- -- (MDM)
SRV - File not found [Auto | Stopped] -- -- (EvtEng) Intel®
SRV - File not found [Auto | Stopped] -- -- (ekrn)
SRV - File not found [Disabled | Stopped] -- -- (Bonjour Service)
SRV - File not found [Disabled | Stopped] -- -- (bgsvcgen)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] -- -- (AESTFilters)
SRV - [2011/05/10 22:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/10/28 20:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/05/12 21:06:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/07 00:19:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/07 06:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - [2011/05/10 22:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 22:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 22:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 21:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 21:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 21:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/03/10 14:33:18 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2010/08/25 03:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/25 03:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/01/22 15:28:54 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2010/01/22 15:28:52 | 000,143,264 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009/12/03 19:30:47 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009/10/05 19:20:26 | 000,031,872 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009/04/11 15:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/04/11 14:46:40 | 000,069,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp) WAN Miniport (SSTP)
DRV - [2009/04/11 14:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/01/19 16:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/02 14:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/03 15:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/03 15:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/11/07 06:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/09/24 19:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/25 19:13:14 | 007,110,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 10:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/27 17:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 17:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 17:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 22:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 17:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 17:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/08/05 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/04/26 00:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ISODisk.sys -- (ISODisk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3164679014-3946964612-3241255314-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6080506
IE - HKU\S-1-5-21-3164679014-3946964612-3241255314-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3164679014-3946964612-3241255314-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "My Way"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.2.2
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.9
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:3.3.5
FF - prefs.js..extensions.enabledItems: dummylipsum@sogame.cat:3.0.0
FF - prefs.js..extensions.enabledItems: extensionlistdumper@sogame.cat:1.15.0
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.7
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: jid0-2rURdEv0oBelly8OSpHSRMwx9OI@jetpack:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..extensions.enabledItems: {69D30031-F4A8-452a-A5B3-5D6787C3C5CF}:3.6
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.71
FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.7
FF - prefs.js..extensions.enabledItems: {81514210-E22A-4e69-93D5-E1EFD45B4620}:0.3.10.01.23
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJYYYYYYYYAU&ptb=C43A70EF-9D92-4959-BAF7-45A5097A051A&psa=&ind=2011022323&ptnrS=YJYYYYYYYYAU&si=&st=kwd&n=77ddc3f3&searchfor="

FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/02/24 10:43:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/02/24 17:10:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/16 13:20:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Users\Michael\AppData\Local\Mozilla Firefox\components [2011/05/16 15:23:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Users\Michael\AppData\Local\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\SeaMonkey 2.0.14\extensions\\Components: C:\Program Files\SeaMonkey\components [2011/05/04 16:32:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.14\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2011/05/13 21:23:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2011/02/28 08:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2011/02/28 08:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/06/01 15:16:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions
[2011/02/26 07:19:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/23 08:26:20 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011/03/23 08:21:36 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/04/18 16:00:35 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/02/24 20:04:54 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/02/24 20:04:53 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/03/25 09:32:32 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011/03/13 07:55:57 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/02/24 20:04:53 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/02/24 20:05:00 | 000,000,000 | ---D | M] (Dummy Lipsum) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions\dummylipsum@sogame.cat
[2011/03/19 20:04:00 | 000,000,000 | ---D | M] (Extension List Dumper) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions\extensionlistdumper@sogame.cat
[2011/02/24 20:05:07 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions\inspector@mozilla.org
[2011/03/19 20:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions\extensionlistdumper@sogame.cat\chrome
[2011/03/19 20:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\extensions\extensionlistdumper@sogame.cat\defaults
[2011/06/02 11:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\SeaMonkey\Profiles\727noer5.default\extensions
[2011/06/02 11:18:22 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Michael\AppData\Roaming\Mozilla\SeaMonkey\Profiles\727noer5.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/04/02 13:36:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Michael\AppData\Roaming\Mozilla\SeaMonkey\Profiles\727noer5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/03 08:12:51 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\Michael\AppData\Roaming\Mozilla\SeaMonkey\Profiles\727noer5.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2011/03/03 08:12:51 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Michael\AppData\Roaming\Mozilla\SeaMonkey\Profiles\727noer5.default\extensions\inspector@mozilla.org
[2011/02/24 14:37:28 | 000,009,946 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\searchplugins\Guffins.xml
[2011/03/23 08:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/06 20:03:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/28 09:33:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/15 13:30:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/23 10:10:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/25 09:34:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/25 08:49:13 | 000,000,000 | ---D | M] (Pageshots Pro) -- C:\Program Files\Mozilla Firefox\extensions\jid0-2rURdEv0oBelly8OSpHSRMwx9OI@jetpack
File not found (No name found) --
[2011/02/24 10:43:33 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2011/05/16 13:20:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N1EP9GUJ.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N1EP9GUJ.DEFAULT\EXTENSIONS\{966762EB-7132-4081-AC70-20D20161AD96}.XPI
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N1EP9GUJ.DEFAULT\EXTENSIONS\{C0CB8BA3-6C1B-47E8-A6AB-1FAB889562D9}.XPI
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N1EP9GUJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N1EP9GUJ.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N1EP9GUJ.DEFAULT\EXTENSIONS\VIDEO.DOWNLOADER.PLUGIN@FFPIMP.COM.XPI
[2011/04/30 15:03:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/03/27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/17 13:40:39 | 000,000,057 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3164679014-3946964612-3241255314-1002\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe (NewSoft)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe (NewSoft)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-3164679014-3946964612-3241255314-1002..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3164679014-3946964612-3241255314-1002..\Run: [Flock Update] C:\Users\Michael\AppData\Local\Flock\Update\FlockUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3164679014-3946964612-3241255314-1002..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-21-3164679014-3946964612-3241255314-1002..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3164679014-3946964612-3241255314-1002..\Run: [Weather Tracker3] C:\Program Files\Weatherzone Tracker\weather_tracker.exe ()
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3164679014-3946964612-3241255314-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3164679014-3946964612-3241255314-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3164679014-3946964612-3241255314-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKU\S-1-5-21-3164679014-3946964612-3241255314-1002\..Trusted Domains: maris.com ([www.redshift] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/03 10:52:13 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/05/29 16:34:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Hootie
[2011/05/28 21:58:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\HTML Output
[2011/05/28 21:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\CATVids
[2011/05/28 21:50:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CATVids
[2011/05/27 22:10:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Coollector
[2011/05/26 13:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Collectorz.com
[2011/05/26 13:53:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Movie Collector
[2011/05/26 13:53:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Collectorz.com
[2011/05/26 13:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Collectorz.com
[2011/05/25 16:16:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\De Virus Stuff
[2011/05/20 09:23:19 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Michael\Desktop\esetsmartinstaller_enu.exe
[2011/05/20 09:21:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Scan logs
[2011/05/19 15:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2011/05/17 10:30:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/05/17 09:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/17 09:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/17 08:56:19 | 003,063,136 | ---- | C] (Piriform Ltd) -- C:\Users\Michael\Desktop\ccsetup306.exe
[2011/05/16 19:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/16 18:54:23 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SAVRKBootTasks.sys
[2011/05/16 17:49:35 | 011,145,968 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Michael\Desktop\SUPERAntiSpyware.exe
[2011/05/16 16:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/05/16 16:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/05/16 15:23:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Mozilla Firefox
[2011/05/16 13:21:41 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/16 13:21:41 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/16 13:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/16 13:21:40 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/16 13:21:39 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/16 13:21:39 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/16 13:21:39 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/16 13:20:54 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/16 13:20:53 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/16 13:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/16 13:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/16 12:53:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/16 12:42:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/16 09:12:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/16 09:12:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/16 09:12:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/16 09:12:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/16 09:12:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/15 21:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/05/15 21:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/05/15 21:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/05/15 21:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/05/14 22:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/14 22:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/05/14 22:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/14 22:08:39 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ESET
[2011/05/14 16:53:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2011/05/14 16:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/14 16:53:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/14 16:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/14 16:53:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/14 16:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/14 16:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/05/14 16:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/14 15:54:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Images
[2011/05/14 15:21:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Imaginova Canada
[2011/05/14 15:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starry Night Pro Plus 6
[2011/05/14 15:03:48 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2011/05/14 15:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\Starry Night Pro Plus 6
[2011/05/14 15:03:14 | 000,000,000 | -H-D | C] -- C:\Users\Michael\InstallAnywhere
[2011/05/14 14:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Starry Night
[2011/05/14 14:05:23 | 000,000,000 | -H-D | C] -- C:\Users\Michael\Zero G Registry
[2011/05/14 14:05:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\Starry Night Pro Plus 6
[2011/05/14 14:05:23 | 000,000,000 | ---D | C] -- C:\Sky Data
[2011/05/14 13:40:21 | 000,074,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrclr40.dll
[2011/05/14 13:40:21 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrecr40.dll
[2011/05/14 13:40:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\AIM
[2011/05/14 13:40:20 | 001,046,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJET35.DLL
[2011/05/14 13:40:20 | 000,415,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSREPL35.DLL
[2011/05/14 13:40:20 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBAR332.DLL
[2011/05/14 13:40:20 | 000,330,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSEXCH35.DLL
[2011/05/14 13:40:20 | 000,287,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSXBSE35.DLL
[2011/05/14 13:40:20 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSRD2X35.DLL
[2011/05/14 13:40:20 | 000,250,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSPDOX35.DLL
[2011/05/14 13:40:20 | 000,250,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSEXCL35.DLL
[2011/05/14 13:40:20 | 000,166,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSLTUS35.DLL
[2011/05/14 13:40:20 | 000,165,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSTEXT35.DLL
[2011/05/14 13:40:20 | 000,148,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJINT35.DLL
[2011/05/14 13:40:20 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJTER35.DLL
[2011/05/14 12:15:53 | 000,232,960 | ---- | C] (Neil Hodgson neilh@scintilla.org) -- C:\Windows\System32\SciLexer.dll
[2011/05/14 12:15:53 | 000,161,792 | ---- | C] (Neil Hodgson neilh@scintilla.org) -- C:\Windows\System32\Scintilla.dll
[2011/05/14 12:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Maris Technologies
[2011/05/14 12:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedShift 6 Premium
[2011/05/13 22:29:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\WindowsUpdate
[2011/05/13 21:41:45 | 000,000,000 | --SD | C] -- C:\Users\Michael\Documents\My Web Sites
[2011/05/13 21:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/05/13 08:39:30 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/11 19:11:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Stellarium
[2011/05/11 19:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
[2011/05/11 19:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Stellarium
[2011/05/07 13:55:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\dvdcss
[2011/05/06 23:57:39 | 000,000,000 | ---D | C] -- C:\Temp
[2011/05/06 23:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NPVR
[2011/05/06 23:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\NPVR
[6 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/03 10:52:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/06/03 10:41:33 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\FlockUpdateTaskUserS-1-5-21-3164679014-3946964612-3241255314-1002UA.job
[2011/06/03 10:20:15 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/03 10:10:15 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164679014-3946964612-3241255314-1002UA.job
[2011/06/03 09:51:00 | 000,116,985 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\nvModes.dat
[2011/06/03 09:51:00 | 000,116,985 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\nvModes.001
[2011/06/03 09:45:48 | 000,647,740 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/03 09:45:48 | 000,123,708 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/03 09:44:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/03 09:39:00 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 09:38:59 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 09:38:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/03 09:38:24 | 3756,044,288 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/02 23:59:34 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/02 22:42:06 | 000,019,891 | ---- | M] () -- C:\Users\Michael\Desktop\crest02.jpg
[2011/06/02 14:10:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164679014-3946964612-3241255314-1002Core.job
[2011/05/30 08:44:25 | 000,000,952 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/29 17:21:12 | 000,068,096 | ---- | M] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/28 21:51:05 | 000,001,652 | ---- | M] () -- C:\Users\Public\Desktop\CATVids.lnk
[2011/05/28 12:13:38 | 000,016,020 | ---- | M] () -- C:\Users\Michael\Desktop\grey_nurse_shark.jpg
[2011/05/27 17:55:50 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Movie Collector 5.lnk
[2011/05/27 17:55:50 | 000,000,180 | ---- | M] () -- C:\Users\Public\Desktop\Movie Collector Website.lnk
[2011/05/26 07:30:43 | 000,002,099 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2011/05/26 07:30:43 | 000,002,061 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/26 00:39:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\FlockUpdateTaskUserS-1-5-21-3164679014-3946964612-3241255314-1002Core.job
[2011/05/25 16:30:34 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2011/05/25 16:29:30 | 000,001,728 | -H-- | M] () -- C:\Users\Michael\Documents\Default.rdp
[2011/05/24 13:48:54 | 000,542,434 | ---- | M] () -- C:\Users\Michael\Desktop\Bird.jpg
[2011/05/23 15:31:48 | 128,372,154 | ---- | M] () -- C:\Users\Michael\Desktop\Adwords full.mov
[2011/05/21 13:44:17 | 000,001,456 | ---- | M] () -- C:\Users\Michael\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/05/21 12:52:36 | 000,000,132 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/05/20 09:23:21 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Michael\Desktop\esetsmartinstaller_enu.exe
[2011/05/19 15:38:18 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2011/05/19 02:12:05 | 000,132,965 | ---- | M] () -- C:\Users\Michael\Desktop\a Easy Phone Tunes Plus v1.1.1.apk
[2011/05/18 22:49:58 | 000,031,052 | ---- | M] () -- C:\Users\Michael\Desktop\Android_Apps_and_Games_Pack_Collection_UNCOMPRESSED-_=Demonoid.me=__554013.8.torrent
[2011/05/18 20:46:33 | 000,000,132 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/05/18 17:46:26 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011/05/17 13:40:39 | 000,000,057 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/17 10:09:49 | 003,933,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/17 09:19:19 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/17 08:56:28 | 003,063,136 | ---- | M] (Piriform Ltd) -- C:\Users\Michael\Desktop\ccsetup306.exe
[2011/05/16 21:52:34 | 000,000,016 | ---- | M] () -- C:\Users\Michael\persistent_state
[2011/05/16 17:50:12 | 011,145,968 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Michael\Desktop\SUPERAntiSpyware.exe
[2011/05/16 16:16:56 | 001,376,832 | ---- | M] () -- C:\Users\Michael\Desktop\sar_15_sfx.exe
[2011/05/16 15:28:35 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/16 15:23:50 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/16 15:23:50 | 000,000,952 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/16 13:21:41 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/16 13:21:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/16 09:08:24 | 004,348,896 | R--- | M] () -- C:\Users\Michael\Desktop\ComboFix.exe
[2011/05/14 22:16:11 | 000,001,081 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/14 22:16:11 | 000,001,057 | ---- | M] () -- C:\Users\Michael\Desktop\Spybot - Search & Destroy.lnk
[2011/05/14 16:53:38 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/14 15:00:28 | 000,000,000 | ---- | M] () -- C:\Users\Michael\cbe.4b79a25d12fece0879c
[2011/05/14 14:13:05 | 000,000,000 | ---- | M] () -- C:\Users\Michael\cbe.d450bc4012fecb525c3
[2011/05/14 14:11:37 | 000,000,000 | ---- | M] () -- C:\Users\Michael\cbe.70bb5e7d12fecb3cf7b
[2011/05/14 13:20:33 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\RedShift 6 Premium.lnk
[2011/05/12 22:46:12 | 000,001,249 | ---- | M] () -- C:\Users\Michael\Desktop\+-Demonoid.me-+_Charlaine_Harris_DEAD_RECKONING_fixed_554013.8.torrent
[2011/05/11 19:11:38 | 000,001,714 | ---- | M] () -- C:\Users\Public\Desktop\Stellarium.lnk
[2011/05/11 12:32:28 | 1228,708,892 | ---- | M] () -- C:\Users\Michael\Desktop\DVD5.avi
[2011/05/10 22:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 22:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 22:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 22:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 22:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 21:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 21:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 21:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/06 23:49:11 | 000,000,773 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NextPVR Tray.lnk
[6 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/02 22:42:05 | 000,019,891 | ---- | C] () -- C:\Users\Michael\Desktop\crest02.jpg
[2011/05/28 21:51:05 | 000,001,652 | ---- | C] () -- C:\Users\Public\Desktop\CATVids.lnk
[2011/05/28 12:13:47 | 000,016,020 | ---- | C] () -- C:\Users\Michael\Desktop\grey_nurse_shark.jpg
[2011/05/27 17:55:50 | 000,000,180 | ---- | C] () -- C:\Users\Public\Desktop\Movie Collector Website.lnk
[2011/05/26 13:53:38 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Movie Collector 5.lnk
[2011/05/25 16:30:34 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2011/05/24 13:48:49 | 000,542,434 | ---- | C] () -- C:\Users\Michael\Desktop\Bird.jpg
[2011/05/23 15:24:15 | 128,372,154 | ---- | C] () -- C:\Users\Michael\Desktop\Adwords full.mov
[2011/05/19 15:32:15 | 000,132,965 | ---- | C] () -- C:\Users\Michael\Desktop\a Easy Phone Tunes Plus v1.1.1.apk
[2011/05/18 22:49:55 | 000,031,052 | ---- | C] () -- C:\Users\Michael\Desktop\Android_Apps_and_Games_Pack_Collection_UNCOMPRESSED-_=Demonoid.me=__554013.8.torrent
[2011/05/17 10:08:53 | 3756,044,288 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/17 09:19:19 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/16 16:16:55 | 001,376,832 | ---- | C] () -- C:\Users\Michael\Desktop\sar_15_sfx.exe
[2011/05/16 13:21:41 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/16 09:12:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/16 09:12:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/16 09:12:23 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/16 09:12:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/16 09:12:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/16 09:07:35 | 004,348,896 | R--- | C] () -- C:\Users\Michael\Desktop\ComboFix.exe
[2011/05/14 22:16:11 | 000,001,081 | ---- | C] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/14 22:16:11 | 000,001,057 | ---- | C] () -- C:\Users\Michael\Desktop\Spybot - Search & Destroy.lnk
[2011/05/14 16:53:38 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/14 15:00:28 | 000,000,000 | ---- | C] () -- C:\Users\Michael\cbe.4b79a25d12fece0879c
[2011/05/14 14:13:05 | 000,000,000 | ---- | C] () -- C:\Users\Michael\cbe.d450bc4012fecb525c3
[2011/05/14 14:11:37 | 000,000,000 | ---- | C] () -- C:\Users\Michael\cbe.70bb5e7d12fecb3cf7b
[2011/05/14 14:04:36 | 000,000,016 | ---- | C] () -- C:\Users\Michael\persistent_state
[2011/05/14 13:40:21 | 000,000,696 | ---- | C] () -- C:\Windows\System32\jetodbc.rsp
[2011/05/14 12:11:45 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\RedShift 6 Premium.lnk
[2011/05/12 22:46:11 | 000,001,249 | ---- | C] () -- C:\Users\Michael\Desktop\+-Demonoid.me-+_Charlaine_Harris_DEAD_RECKONING_fixed_554013.8.torrent
[2011/05/11 19:11:38 | 000,001,714 | ---- | C] () -- C:\Users\Public\Desktop\Stellarium.lnk
[2011/05/11 10:36:20 | 1228,708,892 | ---- | C] () -- C:\Users\Michael\Desktop\DVD5.avi
[2011/05/06 23:49:11 | 000,000,773 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NextPVR Tray.lnk
[2011/04/10 23:14:58 | 000,000,132 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/04/06 09:06:46 | 000,001,456 | ---- | C] () -- C:\Users\Michael\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/03 16:16:05 | 000,000,132 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/04/02 16:07:35 | 000,013,030 | ---- | C] () -- C:\ProgramData\PDOXUSRS.NET
[2011/03/10 14:56:53 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2011/03/01 11:46:36 | 000,007,592 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2011/02/28 08:41:44 | 000,038,435 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/02/25 23:28:39 | 000,116,985 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\nvModes.dat
[2011/02/25 23:28:39 | 000,116,985 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\nvModes.001
[2011/02/25 09:23:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/24 20:15:43 | 000,068,096 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/24 10:12:54 | 000,009,600 | ---- | C] () -- C:\Windows\System32\drivers\ISODisk.sys
[2011/02/24 09:37:01 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/11/05 08:41:41 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systemmem3.dll
[2010/10/29 21:46:38 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/03/03 10:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/03/03 10:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/03/03 10:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/03/03 10:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010/03/03 10:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/03/03 10:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010/03/03 10:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/03/03 10:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010/03/03 10:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010/03/03 10:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010/03/03 10:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010/03/03 10:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/03/03 10:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010/03/03 10:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010/03/03 10:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010/03/03 10:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010/03/03 10:00:00 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/15 04:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/11/15 04:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2009/11/15 04:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/11/15 04:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/11/15 04:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/11/15 04:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/11/15 04:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/11/15 04:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/11/15 04:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/11/15 04:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2009/11/15 04:11:36 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2009/11/15 04:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/11/15 04:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009/10/23 09:34:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/23 09:34:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/23 09:33:28 | 000,069,120 | ---- | C] () -- C:\Windows\System32\drivers\rassstp.sys
[2009/08/12 07:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/06/08 02:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/15 20:48:57 | 000,000,000 | ---- | C] () -- C:\Windows\ka.ini
[2009/01/22 21:24:38 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2009/01/11 08:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/11/29 11:25:12 | 000,000,503 | ---- | C] () -- C:\Windows\eReg.dat
[2008/11/29 11:13:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/07 02:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/12 22:06:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/05/12 21:13:45 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/05/07 07:46:56 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/05/07 00:11:24 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/05/06 23:54:12 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/11/07 06:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007/10/13 19:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/10 23:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 003,933,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,647,740 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,123,708 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A636021B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:60A4BB64
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x90204000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7114752 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 101.43 )
0x82C47000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82C47000 PnpManager 3907584 bytes
0x82C47000 RAW 3907584 bytes
0x82C47000 WMIxWDM 3907584 bytes
0x90E08000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2289664 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x9C090000 Win32k 2109440 bytes
0x9C090000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C60A000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8C27D000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x91AF0000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8C406000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D2000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA7A00000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8C50B000 C:\Windows\System32\Drivers\dump_iaStor.sys 778240 bytes
0x832A6000 C:\Windows\system32\drivers\iastor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x91C06000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA4C67000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x908CD000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x83206000 C:\Windows\system32\drivers\iastorv.sys 655360 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))
0x90A00000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x928B1000 C:\Windows\System32\Drivers\bthport.sys 524288 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x8060A000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8C20C000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x91CC7000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x80408000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA4D6E000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x91A0C000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)
0x910A1000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xA70F3000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x9C2E0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x92809000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0x8073C000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x807B2000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80693000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80491000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x90A8D000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x90984000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x91AB3000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x805B2000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8C3B3000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x929A3000 C:\Windows\system32\DRIVERS\OEM02Dev.sys 237568 bytes (Creative Technology Ltd., Video Capture Device Driver)
0xA707A000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8C71A000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xA4C24000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x90B85000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82C14000 ACPI_HAL 208896 bytes
0x82C14000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8338A000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8C5C9000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x91195000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x91A61000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x91105000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x8C388000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x90B44000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA4D27000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9293A000 C:\Windows\system32\DRIVERS\rfcomm.sys 167936 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x833D6000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA70CB000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8C76A000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EA000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x91A8E000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x90ACE000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x92877000 C:\Windows\system32\drivers\RTL2832UBDA.sys 139264 bytes (REALTEK SEMICONDUCTOR Corp., RTL2832UBDA Driver)
0x8C7A2000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA703A000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x91D5F000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA705B000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8336C000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA4DDB000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8C4F0000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xA4C09000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9296D000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x91065000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xA700C000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x9114F000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA70B3000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x909E4000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x911CE000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x92853000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA7B37000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x90BE4000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x91DB2000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA7025000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x929DF000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA7AF4000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x90AF1000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9108D000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x91DD2000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x910F2000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA4D5B000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x909D1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA7B09000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8C791000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x90BD3000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80478000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x91037000 C:\Windows\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0x833BC000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9117C000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA4D17000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807A2000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x91047000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x90B34000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x92987000 C:\Windows\system32\DRIVERS\bthmodem.sys 61440 bytes (Microsoft Corporation, Bluetooth Communications Driver)
0x8C7ED000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8C3EE000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8C75B000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80711000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x911F0000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x909C2000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8072D000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x91057000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x90B05000 2367009372 57344 bytes
0x9C2D0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x91DEB000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x91D9B000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8078D000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x90B05000 C:\Windows\system32\DRIVERS\rassstp.sys 57344 bytes
0x9107F000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0x928A4000 C:\Windows\System32\Drivers\BTHUSB.sys 53248 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x92996000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x91CBA000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x90B78000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80686000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA7AE8000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x91D53000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x9096D000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x9113C000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x91131000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x91D90000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x911E5000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9286C000 C:\Windows\System32\Drivers\RTL2832UUSB.sys 45056 bytes (REALTEK SEMICONDUCTOR Corp., RTL2832UUSB Driver)
0x911C3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8C7D9000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90979000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
!!!!!!!!!!!Hidden driver: 0x90B13000 2367008688 40960 bytes
0x91DC8000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x80723000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x92963000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x929F4000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x90B6E000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA4D51000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x91BF3000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x833CC000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA7ADE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xA7B2D000 C:\Windows\system32\DRIVERS\WSDPrint.sys 40960 bytes (Microsoft Corporation, Web Services Print Device Driver)
0xA7B23000 C:\Windows\system32\DRIVERS\WSDScan.sys 40960 bytes (Microsoft Corporation, Web Service Based Scan Device Driver)
0xA7B4D000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8C7C3000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x91D3C000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x92931000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x90BCA000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x91DA9000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9C2B0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C7E4000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x91171000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806D9000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x83364000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80489000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x91147000 C:\Windows\System32\Drivers\cdrbsdrv.SYS 32768 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)
0x92800000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0x91A00000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0x90BBA000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806E2000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x91D80000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x91D88000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x9289C000 C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys 32768 bytes (Realtek, Realtek Virtual Hid IR Device)
0x8C753000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x90BC2000 C:\Windows\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xA7B1B000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x91D4C000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x9118C000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80786000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80401000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xA715D000 C:\Windows\system32\drivers\npf.sys 28672 bytes (CACE Technologies, npf.sys (NT5/6 x86) Kernel Driver)
0x91D45000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8079B000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x91167000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x91DE6000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x91D37000 C:\Windows\system32\SAVRKBootTasks.sys 20480 bytes (Sophos Plc, Sophos boot tasks for Windows 2000)
0x9116D000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA7159000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xA4C5C000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x92899000 C:\Windows\system32\drivers\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x80720000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x91DF9000 C:\Windows\System32\Drivers\ISODisk.SYS 12288 bytes
0x929DD000 C:\Windows\system32\DRIVERS\OEM02Vfx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter
Driver (Win2K based))
0x90E00000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9286A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x9117A000 C:\Windows\system32\DRIVERS\wacomvhid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
0x91193000 C:\Windows\system32\DRIVERS\WacomVKHid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
==============================================
>Stealth
==============================================
0x90B18430 Unknown thread object [ ETHREAD 0x87E5BD78 ] TID: 368, 600 bytes
0x90B18430 Unknown thread object [ ETHREAD 0x87E5BAD0 ] TID: 372, 600 bytes

Attached File(s)

RKKUnhooker Report 030611.txt (42.73K)
Number of downloads: 1
Extras_030611.Txt (108.18K)
Number of downloads: 1
OTL_030611.Txt (122.71K)
Number of downloads: 1

This post has been edited by SweetTech: 03 June 2011 - 09:17 AM
Reason for edit: expanded logs.--ST

#4 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 03 June 2011 - 09:25 AM

Hi Madmickc!

This is completely unrelated, but your logs seem to indicate that you're from the 'land down under'. How do you like living in Australia? What's the best thing about living their? Do you ever see Kangeroos?

Quote

Thanks for taking the time to help me out with this problem. Not a problem with the delays as I can see by the forums that there is a lot of virus activity and can understand the problems that it is causing you people. For volunteers you all do a great job.

Quote

Computer had not changed whilst waiting for your reply, though I occasionally get Net 1.0 errors on startup (this is new).

Okay.

Quote

Anyhow have run the scans and logs are attached.

In the future, I'd prefer it if you could post the logs for me, it's much easier for me to work with the logs when they are posted rather than attached.

Do you recognize these files?

[2011/05/14 15:00:28 | 000,000,000 | ---- | M] () -- C:\Users\Michael\cbe.4b79a25d12fece0879c
[2011/05/14 14:13:05 | 000,000,000 | ---- | M] () -- C:\Users\Michael\cbe.d450bc4012fecb525c3
[2011/05/14 14:11:37 | 000,000,000 | ---- | M] () -- C:\Users\Michael\cbe.70bb5e7d12fecb3cf7b
[2011/05/11 12:32:28 | 1228,708,892 | ---- | M] () -- C:\Users\Michael\Desktop\DVD5.avi

Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
If prompted with a legal dialog, accept the warning.
Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press
Click on
Click on
Uncheck this checkbox:
Close/Exit Spybot Search and Destroy

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
SRV - File not found [Auto | Stopped] --  -- (XAudioService)
SRV - File not found [Auto | Stopped] --  -- (TabletServicePen)
SRV - File not found [Auto | Stopped] --  -- (STacSV)
SRV - File not found [Disabled | Stopped] --  -- (ScsiAccess)
SRV - File not found [Disabled | Stopped] --  -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] --  -- (RegSrvc) Intel(R)
SRV - File not found [Disabled | Stopped] --  -- (NPVR Recording Service)
SRV - File not found [Auto | Stopped] --  -- (MDM)
SRV - File not found [Auto | Stopped] --  -- (EvtEng) Intel(R)
SRV - File not found [Auto | Stopped] --  -- (ekrn)
SRV - File not found [Disabled | Stopped] --  -- (Bonjour Service)
SRV - File not found [Disabled | Stopped] --  -- (bgsvcgen)
SRV - File not found [Auto | Stopped] --  -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] --  -- (AESTFilters)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

:Reg

:Files
type "C:\ComboFix.txt" /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

What issues are you currently experiencing with your computer?

#5 Madmickc

Member

Group: Members
Posts: 15
Joined: 16-May 11

Posted 04 June 2011 - 02:45 AM

Hi SweetTech,

Don't see Kangaroos in the cities (we live about 50 miles south of Sydney). Occasionally see dead ones on the side of the road when we go to Sydney or over the escarpment behind us. Theres a place we go camping and there are hundreds of them, are a few there that will come up to the kids and eat from their hands.

Have done the scan and fix, log below. Computer is still the same, wont update, strange code using Firefox and IE, .net runtime error on startup. That DVD5.avi is a movie I converted. Don't need it though.

OTL LOG 06042011_17954

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service XAudioService stopped successfully!
Service XAudioService deleted successfully!
Service TabletServicePen stopped successfully!
Service TabletServicePen deleted successfully!
Service STacSV stopped successfully!
Service STacSV deleted successfully!
Service ScsiAccess stopped successfully!
Service ScsiAccess deleted successfully!
Service SBSDWSCService stopped successfully!
Service SBSDWSCService deleted successfully!
Error: No service named RegSrvc) Intel(R was found to stop!
Service\Driver key RegSrvc) Intel(R not found.
Service NPVR Recording Service stopped successfully!
Service NPVR Recording Service deleted successfully!
Service MDM stopped successfully!
Service MDM deleted successfully!
Error: No service named EvtEng) Intel(R was found to stop!
Service\Driver key EvtEng) Intel(R not found.
Service ekrn stopped successfully!
Service ekrn deleted successfully!
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
Service bgsvcgen stopped successfully!
Service bgsvcgen deleted successfully!
Service Apple Mobile Device stopped successfully!
Service Apple Mobile Device deleted successfully!
Service AESTFilters stopped successfully!
Service AESTFilters deleted successfully!
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== REGISTRY ==========
========== FILES ==========
< type "C:\ComboFix.txt" /c >
ComboFix 11-05-15.03 - Michael 16/05/2011 12:43:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3581.1940 [GMT 10:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-16 to 2011-05-16 )))))))))))))))))))))))))))))))
.
.
2011-05-16 02:52 . 2011-05-16 02:52 -------- d-----w- c:\users\Sharon\AppData\Local\temp
2011-05-16 02:52 . 2011-05-16 02:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-15 11:25 . 2011-05-15 11:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-05-15 11:22 . 2011-05-15 11:33 -------- d-----w- c:\programdata\Symantec
2011-05-15 11:22 . 2011-05-15 11:33 -------- d-----w- c:\programdata\Norton
2011-05-15 03:14 . 2011-04-17 23:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D832C9EC-3A7E-4FAA-9790-B6DD09AE5503}\mpengine.dll
2011-05-14 12:16 . 2011-05-15 02:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-14 12:16 . 2011-05-14 12:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-14 12:08 . 2011-05-14 12:08 -------- d-----w- c:\users\Michael\AppData\Local\ESET
2011-05-14 06:53 . 2011-05-14 06:53 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-05-14 06:53 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-14 06:53 . 2011-05-14 06:53 -------- d-----w- c:\programdata\Malwarebytes
2011-05-14 06:53 . 2011-05-14 06:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-14 06:53 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-14 06:35 . 2011-05-15 22:41 -------- d-----w- c:\program files\ESET
2011-05-14 06:12 . 2011-05-14 06:12 62197 ----a-w- c:\users\Michael\ia_remove.sh0543.tmp
2011-05-14 05:21 . 2011-05-14 05:21 -------- d-----w- c:\users\Michael\AppData\Local\Imaginova Canada
2011-05-14 05:03 . 2011-05-14 07:04 -------- d-----w- c:\program files\Starry Night Pro Plus 6
2011-05-14 05:03 . 2011-05-14 05:12 -------- d--h--w- c:\program files\Zero G Registry
2011-05-14 05:03 . 2011-05-14 05:03 -------- d--h--w- c:\users\Michael\InstallAnywhere
2011-05-14 05:00 . 2011-05-14 05:00 61788 ----a-w- c:\users\Michael\ia_remove.sh4906.tmp
2011-05-14 04:13 . 2011-05-14 04:13 61788 ----a-w- c:\users\Michael\ia_remove.sh0683.tmp
2011-05-14 04:11 . 2011-05-14 04:11 61788 ----a-w- c:\users\Michael\ia_remove.sh5839.tmp
2011-05-14 04:11 . 2011-05-14 05:00 -------- d-----w- c:\program files\Starry Night
2011-05-14 04:07 . 2011-05-14 04:07 61788 ----a-w- c:\users\Michael\ia_remove.sh0958.tmp
2011-05-14 04:05 . 2011-05-14 04:07 -------- d-----w- c:\users\Michael\Starry Night Pro Plus 6
2011-05-14 04:05 . 2011-05-14 04:06 -------- d--h--w- c:\users\Michael\Zero G Registry
2011-05-14 04:05 . 2011-05-14 04:06 -------- d-----w- C:\Sky Data
2011-05-14 02:15 . 2005-06-10 13:33 232960 ----a-w- c:\windows\system32\SciLexer.dll
2011-05-14 02:15 . 2005-06-10 13:33 161792 ----a-w- c:\windows\system32\Scintilla.dll
2011-05-14 02:11 . 2011-05-14 02:11 -------- d-----w- c:\program files\Maris Technologies
2011-05-13 12:29 . 2011-05-13 12:29 -------- d-----w- c:\users\Michael\AppData\Local\WindowsUpdate
2011-05-13 11:22 . 2011-05-13 11:22 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-05-12 22:39 . 2011-05-12 22:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 09:11 . 2011-05-11 09:11 -------- d-----w- c:\users\Michael\AppData\Roaming\Stellarium
2011-05-11 09:11 . 2011-05-11 09:11 -------- d-----w- c:\program files\Stellarium
2011-05-07 03:55 . 2011-05-10 05:02 -------- d-----w- c:\users\Michael\AppData\Roaming\dvdcss
2011-05-06 13:57 . 2011-05-08 06:26 -------- d-----w- C:\Temp
2011-05-06 13:49 . 2011-05-15 22:42 -------- d-----w- c:\users\Public\NPVR
2011-05-06 13:48 . 2011-05-06 13:48 -------- d-----w- c:\program files\NPVR
2011-05-02 08:15 . 2011-05-02 08:15 -------- d-----w- c:\users\Michael\AppData\Roaming\AVS4YOU
2011-04-30 05:14 . 2011-04-30 05:14 -------- d-----w- c:\programdata\rionix
2011-04-28 08:21 . 2011-04-28 08:21 -------- d-----w- c:\programdata\HipSoft
2011-04-28 08:20 . 2011-04-28 08:20 -------- d-----w- C:\games
2011-04-20 23:44 . 2011-04-20 23:44 -------- d-----w- c:\users\Michael\AppData\Roaming\CyberLink
2011-04-19 09:33 . 2011-04-19 09:33 -------- d--h--w- c:\programdata\CanonIJEGV
2011-04-19 09:33 . 2011-04-19 09:34 -------- d-----w- c:\programdata\CanonIJPLM
2011-04-19 09:32 . 2011-04-19 09:32 -------- d-----w- c:\users\Michael\{d731c444-e20b-4608-a310-60c664e527f9}
2011-04-19 09:31 . 2011-04-19 09:31 -------- d-----w- c:\users\Michael\{67cf1b50-a5f4-4471-bb41-e1b9b757d807}
2011-04-19 09:29 . 2011-04-19 09:33 -------- d-----w- c:\program files\Canon
2011-04-18 06:39 . 2011-04-18 06:39 -------- d-----w- c:\program files\Photodex Presenter
2011-04-18 06:39 . 2011-04-18 06:39 -------- d-----w- c:\users\Michael\AppData\Roaming\Netscape
2011-04-18 06:39 . 2011-04-18 06:39 -------- d-----w- c:\program files\Photodex
2011-04-18 06:38 . 2011-04-18 06:38 -------- d-----w- c:\users\Michael\AppData\Roaming\Photodex
2011-04-18 06:38 . 2011-04-18 06:39 -------- d-----w- c:\programdata\Photodex
2011-04-18 06:00 . 2011-04-18 06:00 -------- d-----w- c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
2011-04-18 06:00 . 2011-04-18 06:00 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-04-18 06:00 . 2011-04-18 06:00 -------- d-----w- c:\program files\DVDVideoSoft
2011-04-18 03:27 . 2011-04-18 03:27 -------- d-----w- c:\users\Sharon\AppData\Roaming\Apple Computer
2011-04-18 00:58 . 2011-04-18 05:28 -------- d-----w- c:\users\Michael\AppData\Local\Apple Computer
2011-04-18 00:58 . 2011-04-18 01:52 -------- d-----w- c:\users\Michael\AppData\Roaming\Apple Computer
2011-04-18 00:57 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-18 00:57 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-18 00:56 . 2011-04-18 00:56 -------- dc----w- c:\windows\system32\DRVSTORE
2011-04-18 00:55 . 2011-04-18 00:55 -------- d-----w- c:\program files\iPod
2011-04-18 00:55 . 2011-04-18 00:56 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-18 00:55 . 2011-04-18 00:56 -------- d-----w- c:\program files\iTunes
2011-04-18 00:53 . 2011-04-18 00:54 -------- d-----w- c:\program files\QuickTime
2011-04-18 00:53 . 2011-04-18 00:55 -------- d-----w- c:\programdata\Apple Computer
2011-04-18 00:53 . 2011-04-18 00:53 -------- d-----w- c:\users\Michael\AppData\Local\Apple
2011-04-18 00:53 . 2011-04-18 00:53 -------- d-----w- c:\program files\Apple Software Update
2011-04-18 00:51 . 2011-04-18 00:55 -------- d-----w- c:\program files\Common Files\Apple
2011-04-18 00:51 . 2011-04-18 00:51 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 22:44 . 2011-04-11 22:44 341256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-02 02:38 . 2011-02-24 04:10 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-03-10 04:33 . 2004-06-09 03:27 16694 ----a-w- c:\windows\system32\drivers\PalmUSBD.sys
2011-03-10 04:33 . 2011-03-10 04:36 53248 ----a-w- c:\windows\PalmDevC.dll
2011-02-24 04:11 . 2011-02-24 04:11 53248 ----a-r- c:\users\Sharon\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-04-30 05:03 . 2011-03-22 22:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-06 68856]
"Weather Tracker3"="c:\program files\Weatherzone Tracker\weather_tracker.exe" [2009-07-17 2888403]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-02-28 427008]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]
"Flock Update"="c:\users\Michael\AppData\Local\Flock\Update\FlockUpdate.exe" [2011-04-08 136312]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-25 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-25 67584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2007-06-08 51280]
"Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2009-11-25 157520]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-04 843776]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-27 23361424]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-9-19 2367488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-7 50688]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
NextPVR Tray.lnk - c:\program files\NPVR\NTray.exe [2011-3-1 17408]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]
VirtuaWin.lnk - c:\program files\VirtuaWin\VirtuaWin.exe [2011-3-5 135680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-06 14:19 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3164679014-3946964612-3241255314-1000]
"EnableNotificationsRef"=dword:00000003
.
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-03-19 731840]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-02-21 151552]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 OSFMount;OSFMount;g:\osfmount\OSFMount.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 31872]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-01-22 143264]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2010-01-22 32800]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 ISODisk;ISODisk; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 77824]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S2 NPVR Recording Service;NPVR Recording Service;c:\program files\NPVR\NRecord.exe [2011-02-28 45568]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-14 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-3164679014-3946964612-3241255314-1002Core.job
- c:\users\Michael\AppData\Local\Flock\Update\FlockUpdate.exe [2011-04-08 14:34]
.
2011-05-16 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-3164679014-3946964612-3241255314-1002UA.job
- c:\users\Michael\AppData\Local\Flock\Update\FlockUpdate.exe [2011-04-08 14:34]
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 06:03]
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 06:03]
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3164679014-3946964612-3241255314-1002Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-10 11:10]
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3164679014-3946964612-3241255314-1002UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-10 11:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6080506
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: mswsock.dll
Trusted Zone: maris.com\www.redshift
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\
FF - prefs.js: browser.search.selectedEngine - My Way
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJYYYYYYYYAU&ptb=C43A70EF-9D92-4959-BAF7-45A5097A051A&psa=&ind=2011022323&ptnrS=YJYYYYYYYYAU&si=&st=kwd&n=77ddc3f3&searchfor=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-16 12:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(172)
c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\palmOne\PqiIcon.dll
.
Completion time: 2011-05-16 12:54:16
ComboFix-quarantined-files.txt 2011-05-16 02:54
ComboFix2.txt 2011-05-15 23:30
.
Pre-Run: 95,946,952,704 bytes free
Post-Run: 95,894,822,912 bytes free
.
- - End Of File - - 3C77B02C27EA9309C69776E446B3D868
C:\Users\Michael\Desktop\cmd.bat deleted successfully.
C:\Users\Michael\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Michael\Desktop\cmd.bat deleted successfully.
C:\Users\Michael\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Michael
->Temp folder emptied: 54598772 bytes
->Temporary Internet Files folder emptied: 3078871 bytes
->Java cache emptied: 494858 bytes
->FireFox cache emptied: 54136813 bytes
->Google Chrome cache emptied: 7663885 bytes
->Flash cache emptied: 79909 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sharon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 864568 bytes
->Java cache emptied: 37843162 bytes
->FireFox cache emptied: 40293152 bytes
->Flash cache emptied: 113899 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6076 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3811946 bytes

Total Files Cleaned = 194.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Michael
->Flash cache emptied: 0 bytes

User: Public

User: Sharon
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06042011_171954

Files\Folders moved on Reboot...
C:\Users\Michael\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.

Registry entries deleted on Reboot...

#6 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 04 June 2011 - 09:54 AM

Hi Madmickc!

Quote

Don't see Kangaroos in the cities (we live about 50 miles south of Sydney). Occasionally see dead ones on the side of the road when we go to Sydney or over the escarpment behind us. Theres a place we go camping and there are hundreds of them, are a few there that will come up to the kids and eat from their hands.

OMG! I'd love to feed a Kangaroo from my hand! I'm jealous! I hope to visit Australia some day!

Quote

Have done the scan and fix, log below. Computer is still the same, wont update, strange code using Firefox and IE, .net runtime error on startup. That DVD5.avi is a movie I converted. Don't need it though.

Okay.

We might be dealing with a TDL infection here.

Lets see what this scan finds:

Running TDSSKiller

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#7 Madmickc

Member

Group: Members
Posts: 15
Joined: 16-May 11

Posted 04 June 2011 - 06:28 PM

Hi SweetTech,

Lived in Australia all my life (59 years of it) and don't think I would live anywhere else, though have considered New Zealand a few times, only because I feel guilty barracking for the All Blacks Rugby Union team.

Have run the scan and it didn't find any errors. Log below.

TDSSKiller Log:

2011/06/05 09:17:22.0803 4896 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 09:17:24.0174 4896 ================================================================================
2011/06/05 09:17:24.0174 4896 SystemInfo:
2011/06/05 09:17:24.0174 4896
2011/06/05 09:17:24.0174 4896 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/05 09:17:24.0174 4896 Product type: Workstation
2011/06/05 09:17:24.0174 4896 ComputerName: SHARON-LAPTOP
2011/06/05 09:17:24.0174 4896 UserName: Michael
2011/06/05 09:17:24.0174 4896 Windows directory: C:\Windows
2011/06/05 09:17:24.0174 4896 System windows directory: C:\Windows
2011/06/05 09:17:24.0174 4896 Processor architecture: Intel x86
2011/06/05 09:17:24.0174 4896 Number of processors: 2
2011/06/05 09:17:24.0174 4896 Page size: 0x1000
2011/06/05 09:17:24.0174 4896 Boot type: Normal boot
2011/06/05 09:17:24.0174 4896 ================================================================================
2011/06/05 09:17:25.0644 4896 Initialize success
2011/06/05 09:17:56.0559 3632 ================================================================================
2011/06/05 09:17:56.0559 3632 Scan started
2011/06/05 09:17:56.0559 3632 Mode: Manual;
2011/06/05 09:17:56.0559 3632 ================================================================================
2011/06/05 09:17:57.0807 3632 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/05 09:17:57.0951 3632 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/05 09:17:58.0015 3632 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/05 09:17:58.0289 3632 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/05 09:17:58.0474 3632 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/05 09:17:58.0616 3632 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/05 09:17:58.0708 3632 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/06/05 09:17:58.0756 3632 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/05 09:17:58.0820 3632 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
2011/06/05 09:17:58.0865 3632 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/06/05 09:17:58.0917 3632 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
2011/06/05 09:17:58.0985 3632 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/05 09:17:59.0003 3632 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/05 09:17:59.0330 3632 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/05 09:17:59.0508 3632 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/05 09:17:59.0822 3632 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/05 09:18:00.0006 3632 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/05 09:18:00.0221 3632 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/05 09:18:00.0410 3632 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/06/05 09:18:00.0691 3632 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/06/05 09:18:00.0888 3632 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/06/05 09:18:01.0223 3632 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/06/05 09:18:01.0391 3632 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/05 09:18:01.0631 3632 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/05 09:18:01.0837 3632 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/06/05 09:18:02.0022 3632 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/05 09:18:02.0586 3632 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/05 09:18:02.0721 3632 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/05 09:18:03.0088 3632 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/05 09:18:03.0254 3632 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/05 09:18:03.0407 3632 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/05 09:18:03.0545 3632 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/05 09:18:03.0698 3632 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/05 09:18:03.0795 3632 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/05 09:18:04.0086 3632 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/05 09:18:04.0472 3632 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/05 09:18:04.0584 3632 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/06/05 09:18:04.0690 3632 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/05 09:18:04.0943 3632 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2011/06/05 09:18:05.0088 3632 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/06/05 09:18:05.0642 3632 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/05 09:18:06.0020 3632 cdrbsdrv (9008ad94f28360a2f1409592bfc7acf7) C:\Windows\system32\drivers\cdrbsdrv.sys
2011/06/05 09:18:06.0590 3632 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/05 09:18:06.0800 3632 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/05 09:18:07.0049 3632 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/05 09:18:07.0251 3632 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/05 09:18:07.0647 3632 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
2011/06/05 09:18:07.0829 3632 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/05 09:18:08.0033 3632 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/05 09:18:08.0204 3632 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/05 09:18:08.0693 3632 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/05 09:18:08.0961 3632 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/05 09:18:09.0182 3632 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/05 09:18:09.0461 3632 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/05 09:18:09.0855 3632 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/06/05 09:18:09.0998 3632 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/05 09:18:10.0222 3632 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/05 09:18:10.0488 3632 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/05 09:18:10.0910 3632 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/05 09:18:11.0269 3632 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/05 09:18:11.0416 3632 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/05 09:18:11.0603 3632 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/05 09:18:12.0109 3632 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/05 09:18:12.0408 3632 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/05 09:18:12.0663 3632 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/05 09:18:12.0922 3632 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/05 09:18:13.0016 3632 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/05 09:18:13.0510 3632 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/05 09:18:13.0799 3632 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/05 09:18:13.0965 3632 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/05 09:18:14.0391 3632 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/05 09:18:14.0842 3632 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/05 09:18:15.0049 3632 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/05 09:18:15.0214 3632 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/05 09:18:15.0626 3632 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/06/05 09:18:15.0842 3632 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/05 09:18:16.0051 3632 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/05 09:18:16.0288 3632 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/05 09:18:16.0392 3632 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
2011/06/05 09:18:16.0704 3632 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/05 09:18:16.0966 3632 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/05 09:18:17.0157 3632 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/05 09:18:17.0532 3632 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/05 09:18:17.0685 3632 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/05 09:18:17.0952 3632 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/05 09:18:18.0105 3632 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/05 09:18:18.0412 3632 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/05 09:18:18.0555 3632 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/06/05 09:18:18.0787 3632 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/05 09:18:18.0985 3632 ISODisk (96f2f5884d02535e2d4dfc849836f4a6) C:\Windows\system32\drivers\ISODisk.sys
2011/06/05 09:18:19.0169 3632 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/05 09:18:19.0416 3632 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/05 09:18:19.0707 3632 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/05 09:18:19.0924 3632 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/05 09:18:20.0062 3632 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/05 09:18:20.0398 3632 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/06/05 09:18:20.0578 3632 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/05 09:18:20.0821 3632 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/06/05 09:18:21.0008 3632 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/05 09:18:21.0238 3632 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/05 09:18:21.0495 3632 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/05 09:18:21.0669 3632 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/05 09:18:21.0803 3632 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/05 09:18:21.0926 3632 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/05 09:18:22.0354 3632 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/05 09:18:22.0626 3632 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/05 09:18:22.0770 3632 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/05 09:18:23.0113 3632 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/05 09:18:23.0568 3632 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/05 09:18:23.0716 3632 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/05 09:18:23.0951 3632 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/05 09:18:24.0214 3632 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/05 09:18:24.0683 3632 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/05 09:18:24.0998 3632 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/05 09:18:25.0185 3632 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/05 09:18:25.0435 3632 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/05 09:18:25.0628 3632 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2011/06/05 09:18:25.0848 3632 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/05 09:18:26.0094 3632 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/05 09:18:26.0493 3632 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/05 09:18:26.0668 3632 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/05 09:18:26.0785 3632 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/05 09:18:27.0148 3632 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/05 09:18:27.0352 3632 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/05 09:18:27.0600 3632 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/05 09:18:27.0770 3632 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/05 09:18:28.0136 3632 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/05 09:18:28.0487 3632 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/05 09:18:28.0687 3632 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/05 09:18:29.0064 3632 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/05 09:18:29.0267 3632 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/05 09:18:29.0471 3632 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/05 09:18:29.0852 3632 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/05 09:18:30.0485 3632 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/05 09:18:30.0804 3632 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/05 09:18:30.0999 3632 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/06/05 09:18:31.0278 3632 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/05 09:18:31.0482 3632 NPF (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\drivers\npf.sys
2011/06/05 09:18:31.0675 3632 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/05 09:18:32.0085 3632 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/05 09:18:32.0327 3632 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/05 09:18:32.0773 3632 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/05 09:18:32.0959 3632 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/05 09:18:33.0475 3632 nvlddmkm (1e4292406ebb5224cb1124fbd272ade3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/05 09:18:33.0931 3632 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/05 09:18:34.0045 3632 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/05 09:18:34.0105 3632 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/06/05 09:18:34.0239 3632 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2011/06/05 09:18:34.0294 3632 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2011/06/05 09:18:34.0531 3632 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/05 09:18:34.0753 3632 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\Windows\system32\drivers\PalmUSBD.sys
2011/06/05 09:18:35.0059 3632 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/05 09:18:35.0241 3632 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/05 09:18:35.0325 3632 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/05 09:18:35.0449 3632 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/05 09:18:35.0485 3632 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/05 09:18:35.0678 3632 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/05 09:18:35.0868 3632 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/05 09:18:36.0107 3632 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/05 09:18:36.0212 3632 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/05 09:18:36.0369 3632 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/05 09:18:36.0443 3632 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/05 09:18:36.0572 3632 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/05 09:18:36.0639 3632 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/05 09:18:36.0876 3632 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/05 09:18:37.0046 3632 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/05 09:18:37.0353 3632 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/05 09:18:37.0562 3632 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/05 09:18:37.0661 3632 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/05 09:18:37.0734 3632 RasSstp (c803993a90a77ddc38d4eabe18faf960) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/05 09:18:37.0744 3632 RasSstp - detected Rootkit.Win32.ZAccess.c (0)
2011/06/05 09:18:37.0814 3632 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/05 09:18:37.0873 3632 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/05 09:18:38.0137 3632 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/06/05 09:18:38.0308 3632 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/05 09:18:38.0515 3632 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/05 09:18:38.0696 3632 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/05 09:18:38.0769 3632 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/06/05 09:18:38.0816 3632 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/06/05 09:18:38.0871 3632 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/06/05 09:18:38.0955 3632 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/05 09:18:39.0051 3632 RTL2832UBDA (9f55771752d6130e6e1ef28905965961) C:\Windows\system32\drivers\RTL2832UBDA.sys
2011/06/05 09:18:39.0222 3632 RTL2832UUSB (65c058cc2fc28a65929777636b8df378) C:\Windows\system32\Drivers\RTL2832UUSB.sys
2011/06/05 09:18:39.0569 3632 RTL2832U_IRHID (636f046efd77b22f7c95716895d172e2) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
2011/06/05 09:18:39.0792 3632 SAVRKBootTasks (0aef47e0a6b0cba8c9833d55298b2791) C:\Windows\system32\SAVRKBootTasks.sys
2011/06/05 09:18:39.0937 3632 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/05 09:18:40.0064 3632 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/05 09:18:40.0152 3632 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/05 09:18:40.0234 3632 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/05 09:18:40.0396 3632 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/05 09:18:40.0491 3632 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/05 09:18:40.0600 3632 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/06/05 09:18:40.0648 3632 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/05 09:18:40.0694 3632 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/05 09:18:40.0732 3632 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/05 09:18:40.0819 3632 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/06/05 09:18:40.0867 3632 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/05 09:18:40.0917 3632 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/05 09:18:41.0051 3632 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/05 09:18:41.0174 3632 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/05 09:18:41.0421 3632 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/06/05 09:18:41.0505 3632 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/05 09:18:41.0534 3632 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/05 09:18:41.0647 3632 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/06/05 09:18:41.0760 3632 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/05 09:18:41.0938 3632 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/05 09:18:41.0988 3632 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/05 09:18:42.0105 3632 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/05 09:18:42.0270 3632 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/05 09:18:42.0377 3632 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/05 09:18:42.0554 3632 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/05 09:18:42.0663 3632 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/05 09:18:42.0711 3632 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/05 09:18:42.0867 3632 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/05 09:18:42.0948 3632 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/05 09:18:43.0151 3632 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/05 09:18:43.0350 3632 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/05 09:18:43.0761 3632 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/05 09:18:43.0916 3632 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/05 09:18:44.0083 3632 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/05 09:18:44.0204 3632 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/05 09:18:44.0263 3632 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/05 09:18:44.0330 3632 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/05 09:18:44.0381 3632 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/05 09:18:44.0468 3632 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/05 09:18:44.0584 3632 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/05 09:18:44.0698 3632 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/05 09:18:44.0977 3632 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/05 09:18:45.0255 3632 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/05 09:18:45.0377 3632 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/05 09:18:45.0447 3632 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/06/05 09:18:45.0538 3632 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/05 09:18:45.0640 3632 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/05 09:18:45.0787 3632 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/05 09:18:45.0840 3632 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/05 09:18:45.0887 3632 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/06/05 09:18:46.0057 3632 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/05 09:18:46.0149 3632 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
2011/06/05 09:18:46.0222 3632 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/05 09:18:46.0338 3632 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/05 09:18:46.0423 3632 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/05 09:18:46.0489 3632 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/05 09:18:46.0609 3632 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/06/05 09:18:46.0647 3632 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/05 09:18:46.0716 3632 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/06/05 09:18:46.0737 3632 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\Windows\system32\DRIVERS\WacomVKHid.sys
2011/06/05 09:18:46.0897 3632 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 09:18:46.0919 3632 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 09:18:47.0108 3632 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/05 09:18:47.0441 3632 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/05 09:18:47.0722 3632 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/05 09:18:48.0004 3632 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/06/05 09:18:48.0158 3632 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/05 09:18:48.0378 3632 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/05 09:18:48.0548 3632 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/05 09:18:48.0705 3632 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/06/05 09:18:48.0831 3632 WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
2011/06/05 09:18:48.0918 3632 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/05 09:18:48.0991 3632 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/05 09:18:49.0077 3632 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/05 09:18:49.0107 3632 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
2011/06/05 09:18:49.0121 3632 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
2011/06/05 09:18:49.0129 3632 ================================================================================
2011/06/05 09:18:49.0129 3632 Scan finished
2011/06/05 09:18:49.0129 3632 ================================================================================
2011/06/05 09:18:49.0142 4084 Detected object count: 1
2011/06/05 09:18:49.0142 4084 Actual detected object count: 1
2011/06/05 09:24:13.0493 4084 Rootkit.Win32.ZAccess.c(RasSstp) - User select action: Skip

#8 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 04 June 2011 - 06:38 PM

Hi Madmickc!

You know, I've never really gotten into the whole Rugby thing, I think that has something to do with it not being as popular as it is in Australia.

When you ran TDSSKiller did you have the option to Quarantine the file it found?

#9 Madmickc

Member

Group: Members
Posts: 15
Joined: 16-May 11

Posted 04 June 2011 - 09:49 PM

No Option to quarantine anything, just cure with basically similar to what you have above with the locked files..

#10 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 04 June 2011 - 10:03 PM

Madmickc,

Your TDSSKiller log seems to indicate that you have a rootkit. However, TDSSKiller doesn't seem able to properly remove it, so we will need to utilize a more powerful tool. Hopefully it will be able to remove it, if not, we may be forced to call in an exorcist.

Okay. Please delete the current copy of ComboFix from your desktop and download a fresh copy from one of the links below;

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

Please post the C:\ComboFix.txt for further review.

#11 Madmickc

Member

Group: Members
Posts: 15
Joined: 16-May 11

Posted 05 June 2011 - 12:25 AM

Thought it might have become possessed. I was going to fdisk, reformat and start from scratch but thought I would give you people a shot at it 1st. Anyhow, here be the Combofix log.

ComboFix 11-06-04.02 - Michael 05/06/2011 14:22:13.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3581.1843 [GMT 10:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\assembly\GAC_MSIL\desktop.ini
.
----- BITS: Possible infected sites -----
.
hxxp://update.flock.com
.
((((((((((((((((((((((((( Files Created from 2011-05-05 to 2011-06-05 )))))))))))))))))))))))))))))))
.
.
2011-06-05 04:31 . 2011-06-05 04:31 -------- d-----w- c:\users\Sharon\AppData\Local\temp
2011-06-05 04:31 . 2011-06-05 04:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-04 07:19 . 2011-06-04 07:19 -------- d-----w- C:\_OTL
2011-05-28 11:51 . 2011-05-28 11:51 -------- d-----w- c:\program files\CATVids
2011-05-26 03:53 . 2011-05-26 03:53 -------- d-----w- c:\users\Michael\AppData\Local\Collectorz.com
2011-05-26 03:53 . 2011-05-27 07:55 -------- d-----w- c:\program files\Collectorz.com
2011-05-16 23:19 . 2011-05-16 23:19 -------- d-----w- c:\program files\CCleaner
2011-05-16 11:54 . 2011-05-16 11:54 48854 ----a-w- c:\users\Michael\ia_remove.sh4683.tmp
2011-05-16 09:04 . 2011-05-16 09:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-16 08:54 . 2010-05-26 00:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-05-16 06:17 . 2011-05-16 06:17 -------- d-----w- c:\program files\Sophos
2011-05-16 05:23 . 2011-05-16 05:23 -------- d-----w- c:\users\Michael\AppData\Local\Mozilla Firefox
2011-05-16 03:21 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-16 03:21 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-16 03:21 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-16 03:21 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-16 03:21 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-16 03:21 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-16 03:20 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-16 03:20 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-16 03:20 . 2011-05-16 03:20 -------- d-----w- c:\programdata\AVAST Software
2011-05-16 03:20 . 2011-05-16 03:20 -------- d-----w- c:\program files\AVAST Software
2011-05-15 11:25 . 2011-05-15 11:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-05-15 11:22 . 2011-05-15 11:33 -------- d-----w- c:\programdata\Symantec
2011-05-15 11:22 . 2011-05-15 11:33 -------- d-----w- c:\programdata\Norton
2011-05-15 03:14 . 2011-04-17 23:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D832C9EC-3A7E-4FAA-9790-B6DD09AE5503}\mpengine.dll
2011-05-14 12:16 . 2011-05-23 23:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-14 12:16 . 2011-05-17 00:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-14 12:08 . 2011-05-14 12:08 -------- d-----w- c:\users\Michael\AppData\Local\ESET
2011-05-14 06:53 . 2011-05-14 06:53 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-05-14 06:53 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-14 06:53 . 2011-05-14 06:53 -------- d-----w- c:\programdata\Malwarebytes
2011-05-14 06:53 . 2011-05-14 06:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-14 06:53 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-14 06:35 . 2011-05-19 23:39 -------- d-----w- c:\program files\ESET
2011-05-14 06:12 . 2011-05-14 06:12 62197 ----a-w- c:\users\Michael\ia_remove.sh0543.tmp
2011-05-14 05:21 . 2011-05-14 05:21 -------- d-----w- c:\users\Michael\AppData\Local\Imaginova Canada
2011-05-14 05:03 . 2011-05-16 11:54 -------- d-----w- c:\program files\Starry Night Pro Plus 6
2011-05-14 05:03 . 2011-05-14 05:12 -------- d--h--w- c:\program files\Zero G Registry
2011-05-14 05:03 . 2011-05-14 05:03 -------- d--h--w- c:\users\Michael\InstallAnywhere
2011-05-14 05:00 . 2011-05-14 05:00 61788 ----a-w- c:\users\Michael\ia_remove.sh4906.tmp
2011-05-14 04:13 . 2011-05-14 04:13 61788 ----a-w- c:\users\Michael\ia_remove.sh0683.tmp
2011-05-14 04:11 . 2011-05-14 04:11 61788 ----a-w- c:\users\Michael\ia_remove.sh5839.tmp
2011-05-14 04:11 . 2011-05-14 05:00 -------- d-----w- c:\program files\Starry Night
2011-05-14 04:07 . 2011-05-14 04:07 61788 ----a-w- c:\users\Michael\ia_remove.sh0958.tmp
2011-05-14 04:05 . 2011-05-14 04:07 -------- d-----w- c:\users\Michael\Starry Night Pro Plus 6
2011-05-14 04:05 . 2011-05-14 04:06 -------- d--h--w- c:\users\Michael\Zero G Registry
2011-05-14 04:05 . 2011-05-14 04:06 -------- d-----w- C:\Sky Data
2011-05-14 02:15 . 2005-06-10 13:33 232960 ----a-w- c:\windows\system32\SciLexer.dll
2011-05-14 02:15 . 2005-06-10 13:33 161792 ----a-w- c:\windows\system32\Scintilla.dll
2011-05-14 02:11 . 2011-05-14 02:11 -------- d-----w- c:\program files\Maris Technologies
2011-05-13 12:29 . 2011-05-13 12:29 -------- d-----w- c:\users\Michael\AppData\Local\WindowsUpdate
2011-05-13 11:22 . 2011-05-13 11:22 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-05-12 22:39 . 2011-05-16 05:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 09:11 . 2011-05-11 09:11 -------- d-----w- c:\users\Michael\AppData\Roaming\Stellarium
2011-05-11 09:11 . 2011-05-11 09:11 -------- d-----w- c:\program files\Stellarium
2011-05-07 03:55 . 2011-06-03 03:21 -------- d-----w- c:\users\Michael\AppData\Roaming\dvdcss
2011-05-06 13:57 . 2011-05-08 06:26 -------- d-----w- C:\Temp
2011-05-06 13:49 . 2011-05-28 05:47 -------- d-----w- c:\users\Public\NPVR
2011-05-06 13:48 . 2011-05-23 23:51 -------- d-----w- c:\program files\NPVR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 22:44 . 2011-04-11 22:44 341256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-02 02:38 . 2011-02-24 04:10 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-03-10 04:33 . 2004-06-09 03:27 16694 ----a-w- c:\windows\system32\drivers\PalmUSBD.sys
2011-03-10 04:33 . 2011-03-10 04:36 53248 ----a-w- c:\windows\PalmDevC.dll
2011-04-30 05:03 . 2011-03-22 22:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-06 68856]
"Weather Tracker3"="c:\program files\Weatherzone Tracker\weather_tracker.exe" [2009-07-17 2888403]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-04-14 428544]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]
"Flock Update"="c:\users\Michael\AppData\Local\Flock\Update\FlockUpdate.exe" [2011-04-08 136312]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-25 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-25 67584]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2007-06-08 51280]
"Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2009-11-25 157520]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-7 50688]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
NextPVR Tray.lnk - c:\program files\NPVR\NTray.exe [2011-3-1 17408]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-06 14:19 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VirtuaWin.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk
backup=c:\windows\pss\VirtuaWin.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=c:\windows\pss\palmOne Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-10-25 04:13 821144 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-10-25 04:13 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-10-25 04:13 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-11 15:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-09-16 04:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 17:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 04:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]
2009-06-04 13:00 843776 ----a-w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 05:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 07:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 02:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3164679014-3946964612-3241255314-1000]
"EnableNotificationsRef"=dword:00000003
.
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\8803.tmp [x]
R3 OSFMount;OSFMount;g:\osfmount\OSFMount.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ISODisk;ISODisk; [x]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 31872]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-01-22 143264]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2010-01-22 32800]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 16505320
*Deregistered* - 16505320
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-04 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-3164679014-3946964612-3241255314-1002Core.job
- c:\users\Michael\AppData\Local\Flock\Update\FlockUpdate.exe [2011-04-08 14:34]
.
2011-06-05 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-3164679014-3946964612-3241255314-1002UA.job
- c:\users\Michael\AppData\Local\Flock\Update\FlockUpdate.exe [2011-04-08 14:34]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 06:03]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 06:03]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3164679014-3946964612-3241255314-1002Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-10 11:10]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3164679014-3946964612-3241255314-1002UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-10 11:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6080506
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: mswsock.dll
Trusted Zone: maris.com\www.redshift
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n1ep9guj.default\
FF - prefs.js: browser.search.selectedEngine - My Way
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-05 14:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8803.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-05 14:33:34
ComboFix-quarantined-files.txt 2011-06-05 04:33
ComboFix2.txt 2011-05-16 02:54
ComboFix3.txt 2011-05-15 23:30
.
Pre-Run: 96,112,447,488 bytes free
Post-Run: 96,877,350,912 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 7D1F8F0903573D2F7668BADAB7EF70C6

#12 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 05 June 2011 - 10:01 AM

Hi!

Please run this scan:

Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.

Link 1

Link 2

Be sure to print out and read the instructions provided in:

How to Install Kaspersky Virus Removal Tool

How to use the Kaspersky Virus Removal Tool to automatically remove viruses

Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe) to select your language and install the utility.
Vista/Windows 7 users right-click and select Run As Administrator.
If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
When the 'Setup page' appears, click Next, check the box 'I accept the license agreement' and click Next twice more to begin extracting the required files.
Setup may recommend to scan the computer in Safe Mode. Click Ok.
A window will open with a tab that says Autoscan and one for Manual disinfection.
Click the green Start scan button on the Autoscan tab in the main window.
If malware is detected, you will see the Scan Alert screen. Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
Copy and paste the report results of any threats detected and if they were successfully removed in your next reply. Do not include the longer list marked Events.
When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2010.

-- If you cannot run this tool in normal mode, then try using it in "safe mode".

#13 Madmickc

Member

Group: Members
Posts: 15
Joined: 16-May 11

Posted 06 June 2011 - 06:57 PM

Kaspersky Log:

Autoscan: stopped 1 hour ago (events: 3, objects: 167, time: 00:03:50)
7/06/2011 8:37:43 AM Task started
7/06/2011 8:39:06 AM Detected: Packed.Win32.Katusha.b c:\Program Files\AVAST Software\Avast\AvastSvc.exe
7/06/2011 8:41:33 AM Task stopped
Disinfect active threats: completed 54 minutes ago (events: 13, objects: 7247, time: 00:17:26)
7/06/2011 8:41:33 AM Task started
7/06/2011 8:41:35 AM Detected: Packed.Win32.Katusha.b c:\Program Files\AVAST Software\Avast\AvastSvc.exe
7/06/2011 8:43:29 AM Detected: Packed.Win32.Katusha.b c:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
7/06/2011 8:46:45 AM Cannot be deleted: Packed.Win32.Katusha.b c:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Object is locked
7/06/2011 8:46:49 AM Detected: Packed.Win32.Katusha.b c:\Program Files\Google\Update\GoogleUpdate.exe
7/06/2011 8:47:48 AM Cannot be deleted: Packed.Win32.Katusha.b c:\Program Files\Google\Update\GoogleUpdate.exe Object is locked
7/06/2011 8:47:49 AM Detected: Packed.Win32.Katusha.b c:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
7/06/2011 8:48:43 AM Cannot be deleted: Packed.Win32.Katusha.b c:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Object is locked
7/06/2011 8:48:52 AM Detected: Rootkit.Win32.ZAccess.c c:\Windows\System32\drivers\rassstp.sys
7/06/2011 8:48:52 AM Cannot be deleted: Rootkit.Win32.ZAccess.c c:\Windows\System32\drivers\rassstp.sys Object is locked
7/06/2011 8:51:28 AM Detected: HEUR:Backdoor.Win32.Generic c:\Qoobox\Quarantine\C\Windows\assembly\GAC_MSIL\desktop.ini.vir
7/06/2011 8:58:46 AM Detected: HEUR:Backdoor.Win32.Generic c:\Windows\assembly\GAC_MSIL\Desktop.ini
7/06/2011 8:58:59 AM Task completed

#14 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 06 June 2011 - 07:23 PM

Hi Madmickc!

I'm afraid I have some bad news.

I'm really not liking the looks of your latest log. It looks like some of the files have become patched/infected, and I'm afraid that this infection has done much more damage then I can truly see. At this point, I think the best solution would be to reformat and re-install the operating system, to ensure that this infection gets removed. Suggesting anything else would be irresponsible on my part, and would not be in your best interest.

Reformatting a hard disk deletes all data. You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (.exe), screensavers (.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

I wish the end result could have been better, but feel that a reformat and re-install is the best option to take at this stage.

If I can be of any additional assistance, please let me know.

Kindest Regards,
SweetTech.