Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Brisv.A!nf


  • This topic is locked This topic is locked
19 replies to this topic

#1 elmongo2

elmongo2

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:07 PM

Posted 12 February 2009 - 04:25 PM

DDS (Ver_09-02-01.01) - NTFSx86
Run by El Mongo at 15:17:35.22 on Thu 02/12/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3071.2041 [GMT -6:00]

FW: Sunbelt Personal Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\lxddcoms.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\El Mongo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.yahoo.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.2.0.7\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: FreshDownload Bar: {ed0e8ca5-42fb-4b18-997b-769e0408e79d} - c:\progra~1\freshd~1\freshd~1\fdiebar.dll
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [Media Codec Update Service] c:\program files\essentials codec pack\update.exe -silent
mRun: [LXDDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDDtime.dll,_RunDLLEntry@16
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {7F35E3A0-C4D1-47B7-AFC9-2A198295883F} - c:\program files\freshdevices\freshdownload\fd.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} - hxxp://simcity.ea.com/exchange/lots/teleport/MaxisSimCity4LotTeleX.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\elmong~1\appdata\roaming\mozilla\firefox\profiles\r5fsfsmn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll

============= SERVICES / DRIVERS ===============

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1002000.007\BHDrvx86.sys [2009-1-31 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1002000.007\cchpx86.sys [2009-1-31 362544]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090206.001\IDSvix86.sys [2009-2-10 292912]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-7-16 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.2.0.7\ccSvcHst.exe [2009-1-31 115560]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-7-30 95528]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-27 356920]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-7-30 1361192]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-10-4 388936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-31 99376]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2008-10-5 65576]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\nav\1002000.007\symndisv.sys [2009-1-31 40496]
S2 .norton2009Reset;Norton 2009 Reset;c:\programdata\norton\Norton2009Reset.exe [2009-1-30 280833]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2002-2-28 280644]

=============== Created Last 30 ================

2009-02-10 14:05 827,392 a------- c:\windows\system32\wininet.dll
2009-02-10 14:05 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-09 18:13 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-09 18:13 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-09 18:13 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-09 18:13 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-09 18:13 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-09 18:13 11,264 a------- c:\windows\system32\icardres.dll
2009-02-09 18:13 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-09 18:13 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-09 18:05 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-09 18:05 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-09 18:05 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-09 18:04 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-09 18:03 83,968 a------- c:\windows\system32\mscories.dll
2009-02-07 17:23 <DIR> --d----- c:\programdata\WindowsSearch
2009-02-04 16:20 <DIR> --d----- c:\users\elmong~1\appdata\roaming\Lexmark Imaging Studio
2009-02-01 10:48 <DIR> --d----- c:\programdata\Symantec
2009-02-01 10:48 <DIR> --d----- c:\progra~2\Symantec
2009-02-01 10:17 25,136 a----r-- c:\windows\system32\drivers\SymIMV.sys
2009-01-31 09:42 534 a------- c:\windows\eReg.dat
2009-01-31 09:42 <DIR> --d----- c:\program files\Maxis
2009-01-30 23:48 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-30 23:48 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-30 23:48 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-30 23:48 <DIR> --d----- c:\program files\Symantec
2009-01-30 23:48 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-01-30 23:47 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-01-30 23:47 <DIR> --d----- c:\program files\Norton AntiVirus
2009-01-30 23:47 <DIR> --d----- c:\programdata\Norton
2009-01-30 23:47 <DIR> --d----- c:\progra~2\Norton
2009-01-30 23:47 <DIR> --d----- c:\programdata\NortonInstaller
2009-01-30 23:47 <DIR> --d----- c:\program files\NortonInstaller
2009-01-30 23:47 <DIR> --d----- c:\progra~2\NortonInstaller

==================== Find3M ====================

2009-02-01 10:17 86,016 a------- c:\windows\inf\infstrng.dat
2009-02-01 10:17 86,016 a------- c:\windows\inf\infstor.dat
2009-02-01 10:17 51,200 a------- c:\windows\inf\infpub.dat
2008-12-17 08:26 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-15 20:42 288,768 a------- c:\windows\system32\drivers\srv.sys
2008-12-14 20:09 410,984 a------- c:\windows\system32\deploytk.dll
2008-10-05 17:37 665,600 a------- c:\windows\inf\drvindex.dat
2008-10-04 21:33 174 a--sh--- c:\program files\desktop.ini
2006-11-02 06:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 06:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 06:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 06:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-11-07 16:09 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-07 16:09 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-07 16:09 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 15:22:22.22 ===============
People do dumb things. And I'm not talking about paying too much for car insurance either.

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 20 February 2009 - 04:31 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

You appear to have a cracked version of Norton. Please remove it.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. If you are using Windows Vista, right click the icon and select "Run as Administrator". Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.

Post back with:
-the OTViewIt log
-the GMER

Please also tell me of any changes you have made to your computer since your topic was started.

With Regards,
The Panda

#3 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:07 PM

Posted 20 February 2009 - 06:05 PM

OTViewIt logfile created on: 2/20/2009 4:21:11 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\El Mongo\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 446.23 Gb Total Space | 189.31 Gb Free Space | 42.43% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 13.72 Gb Free Space | 9.20% Space Free | Partition Type: NTFS
Drive E: | 19.53 Gb Total Space | 7.70 Gb Free Space | 39.44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-0FF9C7D57B
Current User Name: El Mongo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/01/18 22:33:38 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/18 22:33:16 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/09/17 22:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2008/01/18 22:33:24 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/11/02 03:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/01/18 22:33:34 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/01/18 22:33:10 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/01/18 22:33:10 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2008/07/07 09:42:06 | 02,156,368 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
[2008/10/09 19:45:35 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2007/02/12 17:59:16 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
[2007/09/04 18:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
[2008/10/05 18:44:59 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2008/07/30 09:36:54 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
[2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
[2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
[2008/01/18 22:33:14 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
[2008/01/18 22:33:14 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/01/18 22:33:10 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2008/07/30 09:36:56 | 01,361,192 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
[2008/08/25 12:36:36 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
[2008/05/26 23:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2007/08/09 12:56:26 | 00,388,936 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
[2008/01/18 22:33:42 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2008/07/30 09:36:54 | 01,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
[2008/01/18 22:33:34 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/06/19 19:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[2009/02/20 16:14:09 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\El Mongo\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2009/01/30 23:50:38 | 00,280,833 | R--- | M] () -- C:\ProgramData\Norton\Norton2009Reset.exe -- (.norton2009Reset [Auto | Stopped])
[2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/07/27 12:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/01/18 22:33:08 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/18 22:34:08 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/18 22:33:10 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 06:34:14 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/06/19 19:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
[2008/10/09 19:45:35 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2007/02/12 17:59:16 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device [Auto | Running])
[2008/10/09 17:54:20 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/06/19 19:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/09/04 18:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
[2008/09/17 22:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/10/05 18:44:59 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2008/07/30 09:36:54 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher [Auto | Running])
[2008/01/18 22:36:20 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
[2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
[2008/01/18 22:33:24 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 03:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008/07/30 09:36:56 | 01,361,192 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4 [Auto | Running])
[2008/12/13 17:23:02 | 00,104,944 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
[2008/01/18 22:33:34 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2008/01/18 22:33:34 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2008/01/18 22:33:36 | 00,917,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbengine.exe -- (wbengine [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/01/18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/05/26 23:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2007/08/09 12:56:26 | 00,388,936 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc [Auto | Running])

========== Driver Services ==========

[2006/11/02 03:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 03:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 03:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 03:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 03:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 03:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 02:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2008/01/18 20:27:22 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])
[2006/11/02 03:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 03:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2004/08/04 13:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\Windows\System32\drivers\asc.sys -- (asc [Boot | Running])
[2004/08/04 13:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\Windows\System32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2006/11/02 01:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV [On_Demand | Running])
[2008/01/18 20:28:28 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 02:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 02:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/18 22:43:00 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 03:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 03:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 02:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/18 20:28:58 | 00,350,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.sys -- (CSC [System | Running])
[2004/08/04 13:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\Windows\System32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2008/01/18 20:28:22 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/08/01 19:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 01:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/18 22:42:12 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 03:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/18 20:28:02 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/18 22:42:32 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/18 20:30:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2008/01/18 22:42:14 | 00,145,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol [Boot | Running])
[2006/11/02 03:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[1996/04/03 13:33:26 | 00,005,248 | ---- | M] () -- C:\Windows\System32\giveio.sys -- (giveio [Boot | Running])
[2002/02/28 23:35:00 | 00,280,644 | ---- | M] (Hauppauge Computer Works) -- C:\Windows\System32\drivers\HCWBT8XX.sys -- (HCWBT8xx [On_Demand | Stopped])
[2006/11/02 01:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
[2008/01/18 19:30:50 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 02:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 02:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 03:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2008/08/25 12:36:28 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
[2008/08/25 12:36:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
[2008/08/25 12:36:30 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
[2006/11/02 02:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/18 22:42:36 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 02:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2008/01/18 20:55:04 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 03:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 03:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 03:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/18 20:30:38 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 03:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/18 20:52:20 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 03:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/18 20:54:48 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/08/26 19:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/18 20:28:38 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 03:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 03:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/18 22:41:16 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/18 22:42:30 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/05/19 20:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/18 20:55:52 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2007/11/18 02:39:50 | 01,040,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])
[2008/09/17 22:55:00 | 07,379,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2007/09/04 18:26:32 | 00,029,696 | ---- | M] (NVidia Corp.) -- C:\Windows\nvoclock.sys -- (NVR0Dev [On_Demand | Running])
[2006/11/02 03:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2007/01/05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Boot | Running])
[2007/08/09 17:12:30 | 00,110,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32 [Boot | Running])
[2006/11/02 03:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 03:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008/04/04 19:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006/08/24 21:47:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 13:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2004/08/04 13:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2004/08/04 13:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2006/11/02 03:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/18 20:56:08 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008/01/18 20:56:44 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/18 21:01:10 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/18 20:55:04 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2008/07/16 08:57:40 | 00,269,736 | R--- | M] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw [System | Running])
[2008/06/21 03:54:54 | 00,065,576 | ---- | M] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL [On_Demand | Running])
[2008/06/21 03:54:54 | 00,066,600 | R--- | M] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips [System | Running])
[2006/11/02 03:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2007/08/06 18:15:07 | 00,033,052 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/18 20:49:18 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 02:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 02:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 02:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 03:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 03:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 03:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/18 20:55:28 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2004/08/04 13:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2006/09/24 07:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\speedfan.sys -- (speedfan [Boot | Running])
[2008/01/18 22:41:32 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/01/18 20:29:16 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/18 20:29:14 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2004/08/04 13:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\Windows\System32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008/01/18 20:56:08 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008/01/18 20:56:00 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008/01/18 21:01:16 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/18 20:55:42 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/18 20:55:52 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 03:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 03:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 03:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 03:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2004/08/04 13:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ultra.sys -- (ultra [Boot | Running])
[2008/01/18 20:53:42 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2005/05/26 09:01:18 | 00,021,344 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
[2006/11/02 02:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2005/05/26 09:01:36 | 00,038,144 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
[2005/06/24 16:36:16 | 00,039,036 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
[2006/11/02 02:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 02:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 03:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/02/12 03:42:38 | 00,232,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMM.sys -- (vmm [System | Running])
[2008/01/18 22:42:20 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/18 22:43:04 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2008/02/05 01:50:44 | 00,059,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2 [On_Demand | Running])
[2006/11/02 03:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 02:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 03:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/18 22:43:28 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 02:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2008/01/18 20:56:50 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-217402157-2608355252-3968612516-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-217402157-2608355252-3968612516-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-217402157-2608355252-3968612516-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (290304 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
9999 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{ED0E8CA5-42FB-4B18-997B-769E0408E79D}" (HKLM) -- C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
"LXDDCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16 (Lexmark International, Inc.)
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" ()
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe -silent (MediaCodec.Org)
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent (Take-Two Interactive Software, Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-217402157-2608355252-3968612516-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent (Take-Two Interactive Software, Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"legalnoticecaption"=
"legalnoticetext"=
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"MemCheckBoxInRunDlg"=1

[HKEY_USERS\S-1-5-21-217402157-2608355252-3968612516-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"MemCheckBoxInRunDlg"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-217402157-2608355252-3968612516-1006\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{7F35E3A0-C4D1-47B7-AFC9-2A198295883F}: Button: FreshDownload -- %ProgramFiles%\FreshDevices\FreshDownload\fd.exe File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 09:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-217402157-2608355252-3968612516-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{4871A87A-BFDD-4106-8153-FFDE2BAC2967}: http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab -- DLM Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{BC18E6DF-BE57-4580-93E8-F228F9A133AA}: http://simcity.ea.com/exchange/lots/telepo...ty4LotTeleX.cab -- MaxisSimCity4LotTeleX Control
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{60136C82-3EC0-4D3E-8060-8EC3DC1B0E08} (Servers: | Description: Broadcom 802.11g Network Adapter)
{C707925B-F5DF-4B38-8BFB-27EFE162C115} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E31004D1-A431-41B8-826F-E902F9D95C81}" (HKLM) = Windows DreamScene -- C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/18 22:34:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/18 22:36:44 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/06/01 12:49:08 | 00,000,000 | ---- | M] () -- D:\AUTOEXEC.BAT -- [ NTFS ]

autoexec.bat [REM Dummy file for NTVDM | ]
[2008/10/15 10:11:14 | 00,000,024 | ---- | M] () -- E:\autoexec.bat -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7e06186-9336-11dd-990e-0016171b32cd}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7e06186-9336-11dd-990e-0016171b32cd}\Shell\AutoRun\command]
""=L:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command]
""=G:\Autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell\AutoRun\command]
""=K:\Autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\Shell\AutoRun\command]
""=L:\RunGame.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\ProgramData\*.tmp files]
[2009/02/20 16:20:40 | 00,747,873 | ---- | C] () -- C:\Users\El Mongo\Desktop\gmer.zip
[2009/02/20 16:19:12 | 00,000,000 | ---D | C] -- C:\00000082
[2009/02/20 16:13:58 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\El Mongo\Desktop\OTViewIt.exe
[2009/02/17 19:22:45 | 01,642,039 | ---- | C] () -- C:\Users\El Mongo\Desktop\Dickpurtan.WKNR.May.1965.mp3
[2009/02/17 17:52:25 | 73,602,2528 | ---- | C] () -- C:\Users\El Mongo\Desktop\Amusement.2008.DVDRiP.XviD-WaLMaRT.avi
[2009/02/17 17:51:10 | 73,578,0864 | ---- | C] () -- C:\Users\El Mongo\Desktop\vmt-grudge3-xvid.avi
[2009/02/17 17:49:39 | 73,417,7280 | ---- | C] () -- C:\Users\El Mongo\Desktop\p-hsm3-cd2.avi
[2009/02/17 17:48:39 | 73,386,5984 | ---- | C] () -- C:\Users\El Mongo\Desktop\p-hsm3-cd1.avi
[2009/02/17 17:45:11 | 73,384,9600 | ---- | C] () -- C:\Users\El Mongo\Desktop\coa-friday13-xvid.avi
[2009/02/15 15:55:27 | 04,053,162 | ---- | C] () -- C:\Users\El Mongo\Documents\Juice Newton - Heart of The Night.mp3
[2009/02/15 10:37:06 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/02/15 10:37:04 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/02/15 10:37:00 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/02/15 10:37:00 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/02/15 10:36:59 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/02/14 20:53:42 | 07,815,703 | ---- | C] () -- C:\Users\El Mongo\Documents\My Morning Jacket - Off The Record.mp3
[2009/02/14 12:21:31 | 04,697,751 | ---- | C] () -- C:\Users\El Mongo\Documents\Does It Offend You, Yeah - Dawn Of The Dead(2).mp3
[2009/02/14 12:20:58 | 06,101,788 | ---- | C] () -- C:\Users\El Mongo\Documents\The Asteroids Galaxy Tour - Around The Bend.mp3
[2009/02/14 12:16:18 | 06,708,596 | ---- | C] () -- C:\Users\El Mongo\Documents\Shinedown - Second Chance.mp3
[2009/02/12 21:06:52 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\Documents\USI Material
[2009/02/12 16:04:52 | 73,518,2208 | ---- | C] () -- C:\Users\El Mongo\Desktop\His Name Was Jason.avi
[2009/02/10 21:58:36 | 00,244,351 | ---- | C] () -- C:\Users\El Mongo\Documents\2008 Income Tax (Federal).pdf
[2009/02/10 14:06:02 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/02/10 14:06:01 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/02/10 14:05:59 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/02/10 14:05:59 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/02/10 14:05:58 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/02/10 14:05:58 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/02/10 14:05:57 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/02/10 14:05:57 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/02/10 14:05:57 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/02/09 18:13:47 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/02/09 18:13:43 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/02/09 18:13:38 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/02/09 18:13:38 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/02/09 18:13:37 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/02/09 18:13:37 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/02/09 18:13:33 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/02/09 18:13:24 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/02/09 18:05:13 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/02/09 18:05:04 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/02/09 18:05:01 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/02/09 18:04:33 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/02/09 18:03:14 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/02/07 17:23:36 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/02/06 16:57:35 | 04,892,212 | ---- | C] () -- C:\Users\El Mongo\Documents\Phill Collins - I Don't Care Anymore.mp3
[2009/02/04 16:20:10 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\AppData\Roaming\Lexmark Imaging Studio
[2009/02/03 20:00:58 | 06,427,882 | ---- | C] () -- C:\Users\El Mongo\Documents\Corrosion of Conformity- Congratulations Song.mp3
[2009/02/01 10:48:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2009/01/31 09:46:27 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\Documents\SimCity 4
[2009/01/31 09:42:19 | 00,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2009/01/31 09:42:15 | 00,000,000 | ---D | C] -- C:\Program Files\Maxis
[2009/01/30 23:47:25 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009/01/30 23:47:00 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/01/30 23:43:29 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\Documents\Norton AntiVirus 2009 v16.0.0.125 [Final]
[2009/01/29 21:14:17 | 00,189,180 | ---- | C] () -- C:\Users\El Mongo\Documents\return2007.pdf
[2009/01/25 10:21:02 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2009/01/25 10:21:02 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\Documents\EA Games
[2009/01/22 16:21:58 | 03,825,719 | ---- | C] () -- C:\Users\El Mongo\Documents\George Michael + Aretha Franklin - I Knew You Were Waiting .mp3
[2009/01/22 16:21:44 | 04,895,228 | ---- | C] () -- C:\Users\El Mongo\Documents\Peabo Bryson -Can You Stop the Rain.mp3
[2009/01/22 16:17:14 | 04,128,768 | ---- | C] () -- C:\Users\El Mongo\Documents\Walter Egan - Magnet And Steel.mp3

========== Files - Modified Within 30 Days ==========

[5 C:\ProgramData\*.tmp files]
[2009/02/20 16:20:54 | 00,004,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/02/20 16:20:53 | 00,004,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/02/20 16:20:41 | 00,747,873 | ---- | M] () -- C:\Users\El Mongo\Desktop\gmer.zip
[2009/02/20 16:18:56 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/02/20 16:18:50 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/20 16:18:46 | 32,206,27456 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/20 16:17:46 | 06,291,456 | -H-- | M] () -- C:\Users\El Mongo\AppData\Local\IconCache.db
[2009/02/20 16:14:09 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\El Mongo\Desktop\OTViewIt.exe
[2009/02/19 18:28:14 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/02/19 18:28:14 | 00,597,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/02/19 18:28:14 | 00,101,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/02/17 19:22:51 | 01,642,039 | ---- | M] () -- C:\Users\El Mongo\Desktop\Dickpurtan.WKNR.May.1965.mp3
[2009/02/17 17:53:05 | 00,057,856 | ---- | M] () -- C:\Users\El Mongo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/15 23:34:11 | 73,384,9600 | ---- | M] () -- C:\Users\El Mongo\Desktop\coa-friday13-xvid.avi
[2009/02/15 15:59:02 | 04,053,162 | ---- | M] () -- C:\Users\El Mongo\Documents\Juice Newton - Heart of The Night.mp3
[2009/02/14 21:07:18 | 03,307,105 | ---- | M] () -- C:\Users\El Mongo\Documents\Carolina Liar- I'm Not Over.mp3
[2009/02/14 20:57:31 | 07,815,703 | ---- | M] () -- C:\Users\El Mongo\Documents\My Morning Jacket - Off The Record.mp3
[2009/02/14 12:22:29 | 06,101,788 | ---- | M] () -- C:\Users\El Mongo\Documents\The Asteroids Galaxy Tour - Around The Bend.mp3
[2009/02/14 12:22:20 | 04,697,751 | ---- | M] () -- C:\Users\El Mongo\Documents\Does It Offend You, Yeah - Dawn Of The Dead(2).mp3
[2009/02/14 12:17:48 | 06,708,596 | ---- | M] () -- C:\Users\El Mongo\Documents\Shinedown - Second Chance.mp3
[2009/02/13 12:06:06 | 73,518,2208 | ---- | M] () -- C:\Users\El Mongo\Desktop\His Name Was Jason.avi
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/02/10 21:58:37 | 00,244,351 | ---- | M] () -- C:\Users\El Mongo\Documents\2008 Income Tax (Federal).pdf
[2009/02/06 16:58:06 | 04,892,212 | ---- | M] () -- C:\Users\El Mongo\Documents\Phill Collins - I Don't Care Anymore.mp3
[2009/02/03 20:22:12 | 06,427,882 | ---- | M] () -- C:\Users\El Mongo\Documents\Corrosion of Conformity- Congratulations Song.mp3
[2009/02/03 17:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/02/01 00:00:46 | 00,000,352 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2009/01/31 09:42:19 | 00,000,534 | ---- | M] () -- C:\Windows\eReg.dat
[2009/01/29 21:14:26 | 00,189,180 | ---- | M] () -- C:\Users\El Mongo\Documents\return2007.pdf
[2009/01/29 15:57:56 | 73,578,0864 | ---- | M] () -- C:\Users\El Mongo\Desktop\vmt-grudge3-xvid.avi
[2009/01/28 21:57:54 | 73,417,7280 | ---- | M] () -- C:\Users\El Mongo\Desktop\p-hsm3-cd2.avi
[2009/01/28 21:56:29 | 73,386,5984 | ---- | M] () -- C:\Users\El Mongo\Desktop\p-hsm3-cd1.avi
[2009/01/22 16:24:34 | 03,825,719 | ---- | M] () -- C:\Users\El Mongo\Documents\George Michael + Aretha Franklin - I Knew You Were Waiting .mp3
[2009/01/22 16:22:08 | 04,895,228 | ---- | M] () -- C:\Users\El Mongo\Documents\Peabo Bryson -Can You Stop the Rain.mp3
[2009/01/22 16:17:35 | 04,128,768 | ---- | M] () -- C:\Users\El Mongo\Documents\Walter Egan - Magnet And Steel.mp3
< End of report >
People do dumb things. And I'm not talking about paying too much for car insurance either.

#4 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:07 PM

Posted 20 February 2009 - 06:10 PM

Cannot post GMER. Log file is too big to post and cannot attach it because the board says the limit is 512k.
People do dumb things. And I'm not talking about paying too much for car insurance either.

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 20 February 2009 - 06:35 PM

Hello.

Please upload it to me here
  • Open to the Submission Channel.
  • Under Link to topic where this file was requested, input:
    http://www.bleepingcomputer.com/forums/t/202945/trojanbrisvanf/
  • Select the log file.
  • Under the comments section, say the file was too large.
With Regards,
The Panda

Edited by PropagandaPanda, 20 February 2009 - 06:36 PM.


#6 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:07 PM

Posted 20 February 2009 - 09:50 PM

All right did it.
People do dumb things. And I'm not talking about paying too much for car insurance either.

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 21 February 2009 - 11:07 AM

Hello elmongo2.

Your logs look clean.

[2009/01/30 23:50:38 | 00,280,833 | R--- | M] () -- C:\ProgramData\Norton\Norton2009Reset.exe -- (.norton2009Reset [Auto | Stopped])

We will be removing this.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

To disable SpyBot's TeaTimer:
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

Do not use the NTREGOPT that comes with the installation package.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. If you are using Windows Vista, right click the icon and select "Run As Administrator." Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished, you may, remove ERUNT using Add/Remove Programs.

Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :services
    .norton2009Reset
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    "{ED0E8CA5-42FB-4B18-997B-769E0408E79D}"=-
    
    :files
    C:\ProgramData\Norton\Norton2009Reset.exe
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Install Antivirus
An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a free anti-virus program from one of the trusted venders below:After installing, update the database, run a full system scan and remove any items found.

Please post back with:
-the OTMoveIt log
-a new OTViewIt.txt log

Please tell me what symptoms of infection are present at the moment.

With Regards,
The Panda

#8 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:07 PM

Posted 21 February 2009 - 12:14 PM

Old log....

OTViewIt logfile created on: 2/20/2009 4:21:11 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\El Mongo\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 446.23 Gb Total Space | 189.31 Gb Free Space | 42.43% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 13.72 Gb Free Space | 9.20% Space Free | Partition Type: NTFS
Drive E: | 19.53 Gb Total Space | 7.70 Gb Free Space | 39.44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-0FF9C7D57B
Current User Name: El Mongo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/01/18 22:33:38 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/18 22:33:16 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/09/17 22:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2008/01/18 22:33:24 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/11/02 03:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/01/18 22:33:34 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/01/18 22:33:10 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/01/18 22:33:10 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2008/07/07 09:42:06 | 02,156,368 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
[2008/10/09 19:45:35 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2007/02/12 17:59:16 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
[2007/09/04 18:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
[2008/10/05 18:44:59 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2008/07/30 09:36:54 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
[2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
[2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
[2008/01/18 22:33:14 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
[2008/01/18 22:33:14 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/01/18 22:33:10 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2008/07/30 09:36:56 | 01,361,192 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
[2008/08/25 12:36:36 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
[2008/05/26 23:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2007/08/09 12:56:26 | 00,388,936 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
[2008/01/18 22:33:42 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2008/07/30 09:36:54 | 01,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
[2008/01/18 22:33:34 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/06/19 19:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[2009/02/20 16:14:09 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\El Mongo\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2009/01/30 23:50:38 | 00,280,833 | R--- | M] () -- C:\ProgramData\Norton\Norton2009Reset.exe -- (.norton2009Reset [Auto | Stopped])
[2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/07/27 12:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/01/18 22:33:08 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/18 22:34:08 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/18 22:33:10 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 06:34:14 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/06/19 19:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
[2008/10/09 19:45:35 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2007/02/12 17:59:16 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device [Auto | Running])
[2008/10/09 17:54:20 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/06/19 19:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/09/04 18:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
[2008/09/17 22:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/10/05 18:44:59 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2008/07/30 09:36:54 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher [Auto | Running])
[2008/01/18 22:36:20 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
[2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
[2008/01/18 22:33:24 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 03:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008/07/30 09:36:56 | 01,361,192 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4 [Auto | Running])
[2008/12/13 17:23:02 | 00,104,944 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
[2008/01/18 22:33:34 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2008/01/18 22:33:34 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2008/01/18 22:33:36 | 00,917,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbengine.exe -- (wbengine [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/01/18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/05/26 23:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2007/08/09 12:56:26 | 00,388,936 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc [Auto | Running])

========== Driver Services ==========

[2006/11/02 03:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 03:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 03:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 03:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 03:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 03:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 02:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2008/01/18 20:27:22 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])
[2006/11/02 03:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 03:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2004/08/04 13:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\Windows\System32\drivers\asc.sys -- (asc [Boot | Running])
[2004/08/04 13:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\Windows\System32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2006/11/02 01:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV [On_Demand | Running])
[2008/01/18 20:28:28 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 02:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 02:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/18 22:43:00 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 03:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 03:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 02:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/18 20:28:58 | 00,350,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.sys -- (CSC [System | Running])
[2004/08/04 13:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\Windows\System32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2008/01/18 20:28:22 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/08/01 19:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 01:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/18 22:42:12 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 03:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/18 20:28:02 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/18 22:42:32 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/18 20:30:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2008/01/18 22:42:14 | 00,145,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol [Boot | Running])
[2006/11/02 03:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[1996/04/03 13:33:26 | 00,005,248 | ---- | M] () -- C:\Windows\System32\giveio.sys -- (giveio [Boot | Running])
[2002/02/28 23:35:00 | 00,280,644 | ---- | M] (Hauppauge Computer Works) -- C:\Windows\System32\drivers\HCWBT8XX.sys -- (HCWBT8xx [On_Demand | Stopped])
[2006/11/02 01:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
[2008/01/18 19:30:50 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 02:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 02:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 03:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2008/08/25 12:36:28 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
[2008/08/25 12:36:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
[2008/08/25 12:36:30 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
[2006/11/02 02:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/18 22:42:36 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 02:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2008/01/18 20:55:04 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 03:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 03:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 03:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/18 20:30:38 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 03:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/18 20:52:20 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 03:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/18 20:54:48 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/08/26 19:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/18 20:28:38 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 03:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 03:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/18 22:41:16 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/18 22:42:30 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/05/19 20:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/18 20:55:52 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2007/11/18 02:39:50 | 01,040,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])
[2008/09/17 22:55:00 | 07,379,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2007/09/04 18:26:32 | 00,029,696 | ---- | M] (NVidia Corp.) -- C:\Windows\nvoclock.sys -- (NVR0Dev [On_Demand | Running])
[2006/11/02 03:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2007/01/05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Boot | Running])
[2007/08/09 17:12:30 | 00,110,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32 [Boot | Running])
[2006/11/02 03:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 03:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008/04/04 19:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006/08/24 21:47:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 13:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2004/08/04 13:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2004/08/04 13:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2006/11/02 03:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/18 20:56:08 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008/01/18 20:56:44 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/18 21:01:10 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/18 20:55:04 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2008/07/16 08:57:40 | 00,269,736 | R--- | M] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw [System | Running])
[2008/06/21 03:54:54 | 00,065,576 | ---- | M] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL [On_Demand | Running])
[2008/06/21 03:54:54 | 00,066,600 | R--- | M] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips [System | Running])
[2006/11/02 03:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2007/08/06 18:15:07 | 00,033,052 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/18 20:49:18 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 02:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 02:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 02:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 03:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 03:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 03:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/18 20:55:28 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2004/08/04 13:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2006/09/24 07:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\speedfan.sys -- (speedfan [Boot | Running])
[2008/01/18 22:41:32 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/01/18 20:29:16 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/18 20:29:14 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2004/08/04 13:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\Windows\System32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008/01/18 20:56:08 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008/01/18 20:56:00 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008/01/18 21:01:16 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/18 20:55:42 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/18 20:55:52 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 03:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 03:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 03:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 03:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2004/08/04 13:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ultra.sys -- (ultra [Boot | Running])
[2008/01/18 20:53:42 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2005/05/26 09:01:18 | 00,021,344 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
[2006/11/02 02:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2005/05/26 09:01:36 | 00,038,144 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
[2005/06/24 16:36:16 | 00,039,036 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
[2006/11/02 02:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 02:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 03:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/02/12 03:42:38 | 00,232,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMM.sys -- (vmm [System | Running])
[2008/01/18 22:42:20 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/18 22:43:04 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2008/02/05 01:50:44 | 00,059,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2 [On_Demand | Running])
[2006/11/02 03:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 02:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 03:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/18 22:43:28 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 02:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2008/01/18 20:56:50 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-217402157-2608355252-3968612516-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-217402157-2608355252-3968612516-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-217402157-2608355252-3968612516-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (290304 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
9999 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{ED0E8CA5-42FB-4B18-997B-769E0408E79D}" (HKLM) -- C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
"LXDDCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16 (Lexmark International, Inc.)
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" ()
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe -silent (MediaCodec.Org)
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent (Take-Two Interactive Software, Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-217402157-2608355252-3968612516-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent (Take-Two Interactive Software, Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"legalnoticecaption"=
"legalnoticetext"=
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"MemCheckBoxInRunDlg"=1

[HKEY_USERS\S-1-5-21-217402157-2608355252-3968612516-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"MemCheckBoxInRunDlg"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-217402157-2608355252-3968612516-1006\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{7F35E3A0-C4D1-47B7-AFC9-2A198295883F}: Button: FreshDownload -- %ProgramFiles%\FreshDevices\FreshDownload\fd.exe File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 09:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-217402157-2608355252-3968612516-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{4871A87A-BFDD-4106-8153-FFDE2BAC2967}: http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab -- DLM Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{BC18E6DF-BE57-4580-93E8-F228F9A133AA}: http://simcity.ea.com/exchange/lots/telepo...ty4LotTeleX.cab -- MaxisSimCity4LotTeleX Control
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{60136C82-3EC0-4D3E-8060-8EC3DC1B0E08} (Servers: | Description: Broadcom 802.11g Network Adapter)
{C707925B-F5DF-4B38-8BFB-27EFE162C115} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E31004D1-A431-41B8-826F-E902F9D95C81}" (HKLM) = Windows DreamScene -- C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/18 22:34:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/18 22:36:44 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/06/01 12:49:08 | 00,000,000 | ---- | M] () -- D:\AUTOEXEC.BAT -- [ NTFS ]

autoexec.bat [REM Dummy file for NTVDM | ]
[2008/10/15 10:11:14 | 00,000,024 | ---- | M] () -- E:\autoexec.bat -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7e06186-9336-11dd-990e-0016171b32cd}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7e06186-9336-11dd-990e-0016171b32cd}\Shell\AutoRun\command]
""=L:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command]
""=G:\Autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell\AutoRun\command]
""=K:\Autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\Shell\AutoRun\command]
""=L:\RunGame.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\ProgramData\*.tmp files]
[2009/02/20 16:20:40 | 00,747,873 | ---- | C] () -- C:\Users\El Mongo\Desktop\gmer.zip
[2009/02/20 16:19:12 | 00,000,000 | ---D | C] -- C:\00000082
[2009/02/20 16:13:58 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\El Mongo\Desktop\OTViewIt.exe
[2009/02/17 19:22:45 | 01,642,039 | ---- | C] () -- C:\Users\El Mongo\Desktop\Dickpurtan.WKNR.May.1965.mp3
[2009/02/17 17:52:25 | 73,602,2528 | ---- | C] () -- C:\Users\El Mongo\Desktop\Amusement.2008.DVDRiP.XviD-WaLMaRT.avi
[2009/02/17 17:51:10 | 73,578,0864 | ---- | C] () -- C:\Users\El Mongo\Desktop\vmt-grudge3-xvid.avi
[2009/02/17 17:49:39 | 73,417,7280 | ---- | C] () -- C:\Users\El Mongo\Desktop\p-hsm3-cd2.avi
[2009/02/17 17:48:39 | 73,386,5984 | ---- | C] () -- C:\Users\El Mongo\Desktop\p-hsm3-cd1.avi
[2009/02/17 17:45:11 | 73,384,9600 | ---- | C] () -- C:\Users\El Mongo\Desktop\coa-friday13-xvid.avi
[2009/02/15 15:55:27 | 04,053,162 | ---- | C] () -- C:\Users\El Mongo\Documents\Juice Newton - Heart of The Night.mp3
[2009/02/15 10:37:06 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/02/15 10:37:04 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/02/15 10:37:00 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/02/15 10:37:00 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/02/15 10:36:59 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/02/14 20:53:42 | 07,815,703 | ---- | C] () -- C:\Users\El Mongo\Documents\My Morning Jacket - Off The Record.mp3
[2009/02/14 12:21:31 | 04,697,751 | ---- | C] () -- C:\Users\El Mongo\Documents\Does It Offend You, Yeah - Dawn Of The Dead(2).mp3
[2009/02/14 12:20:58 | 06,101,788 | ---- | C] () -- C:\Users\El Mongo\Documents\The Asteroids Galaxy Tour - Around The Bend.mp3
[2009/02/14 12:16:18 | 06,708,596 | ---- | C] () -- C:\Users\El Mongo\Documents\Shinedown - Second Chance.mp3
[2009/02/12 21:06:52 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\Documents\USI Material
[2009/02/12 16:04:52 | 73,518,2208 | ---- | C] () -- C:\Users\El Mongo\Desktop\His Name Was Jason.avi
[2009/02/10 21:58:36 | 00,244,351 | ---- | C] () -- C:\Users\El Mongo\Documents\2008 Income Tax (Federal).pdf
[2009/02/10 14:06:02 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/02/10 14:06:01 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/02/10 14:05:59 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/02/10 14:05:59 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/02/10 14:05:58 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/02/10 14:05:58 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/02/10 14:05:57 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/02/10 14:05:57 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/02/10 14:05:57 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/02/09 18:13:47 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/02/09 18:13:43 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/02/09 18:13:38 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/02/09 18:13:38 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/02/09 18:13:37 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/02/09 18:13:37 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/02/09 18:13:33 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/02/09 18:13:24 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/02/09 18:05:13 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/02/09 18:05:04 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/02/09 18:05:01 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/02/09 18:04:33 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/02/09 18:03:14 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/02/07 17:23:36 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/02/06 16:57:35 | 04,892,212 | ---- | C] () -- C:\Users\El Mongo\Documents\Phill Collins - I Don't Care Anymore.mp3
[2009/02/04 16:20:10 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\AppData\Roaming\Lexmark Imaging Studio
[2009/02/03 20:00:58 | 06,427,882 | ---- | C] () -- C:\Users\El Mongo\Documents\Corrosion of Conformity- Congratulations Song.mp3
[2009/02/01 10:48:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2009/01/31 09:46:27 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\Documents\SimCity 4
[2009/01/31 09:42:19 | 00,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2009/01/31 09:42:15 | 00,000,000 | ---D | C] -- C:\Program Files\Maxis
[2009/01/30 23:47:25 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009/01/30 23:47:00 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/01/30 23:43:29 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\Documents\Norton AntiVirus 2009 v16.0.0.125 [Final]
[2009/01/29 21:14:17 | 00,189,180 | ---- | C] () -- C:\Users\El Mongo\Documents\return2007.pdf
[2009/01/25 10:21:02 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2009/01/25 10:21:02 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\Documents\EA Games
[2009/01/22 16:21:58 | 03,825,719 | ---- | C] () -- C:\Users\El Mongo\Documents\George Michael + Aretha Franklin - I Knew You Were Waiting .mp3
[2009/01/22 16:21:44 | 04,895,228 | ---- | C] () -- C:\Users\El Mongo\Documents\Peabo Bryson -Can You Stop the Rain.mp3
[2009/01/22 16:17:14 | 04,128,768 | ---- | C] () -- C:\Users\El Mongo\Documents\Walter Egan - Magnet And Steel.mp3

========== Files - Modified Within 30 Days ==========

[5 C:\ProgramData\*.tmp files]
[2009/02/20 16:20:54 | 00,004,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/02/20 16:20:53 | 00,004,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/02/20 16:20:41 | 00,747,873 | ---- | M] () -- C:\Users\El Mongo\Desktop\gmer.zip
[2009/02/20 16:18:56 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/02/20 16:18:50 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/20 16:18:46 | 32,206,27456 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/20 16:17:46 | 06,291,456 | -H-- | M] () -- C:\Users\El Mongo\AppData\Local\IconCache.db
[2009/02/20 16:14:09 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\El Mongo\Desktop\OTViewIt.exe
[2009/02/19 18:28:14 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/02/19 18:28:14 | 00,597,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/02/19 18:28:14 | 00,101,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/02/17 19:22:51 | 01,642,039 | ---- | M] () -- C:\Users\El Mongo\Desktop\Dickpurtan.WKNR.May.1965.mp3
[2009/02/17 17:53:05 | 00,057,856 | ---- | M] () -- C:\Users\El Mongo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/15 23:34:11 | 73,384,9600 | ---- | M] () -- C:\Users\El Mongo\Desktop\coa-friday13-xvid.avi
[2009/02/15 15:59:02 | 04,053,162 | ---- | M] () -- C:\Users\El Mongo\Documents\Juice Newton - Heart of The Night.mp3
[2009/02/14 21:07:18 | 03,307,105 | ---- | M] () -- C:\Users\El Mongo\Documents\Carolina Liar- I'm Not Over.mp3
[2009/02/14 20:57:31 | 07,815,703 | ---- | M] () -- C:\Users\El Mongo\Documents\My Morning Jacket - Off The Record.mp3
[2009/02/14 12:22:29 | 06,101,788 | ---- | M] () -- C:\Users\El Mongo\Documents\The Asteroids Galaxy Tour - Around The Bend.mp3
[2009/02/14 12:22:20 | 04,697,751 | ---- | M] () -- C:\Users\El Mongo\Documents\Does It Offend You, Yeah - Dawn Of The Dead(2).mp3
[2009/02/14 12:17:48 | 06,708,596 | ---- | M] () -- C:\Users\El Mongo\Documents\Shinedown - Second Chance.mp3
[2009/02/13 12:06:06 | 73,518,2208 | ---- | M] () -- C:\Users\El Mongo\Desktop\His Name Was Jason.avi
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/02/10 21:58:37 | 00,244,351 | ---- | M] () -- C:\Users\El Mongo\Documents\2008 Income Tax (Federal).pdf
[2009/02/06 16:58:06 | 04,892,212 | ---- | M] () -- C:\Users\El Mongo\Documents\Phill Collins - I Don't Care Anymore.mp3
[2009/02/03 20:22:12 | 06,427,882 | ---- | M] () -- C:\Users\El Mongo\Documents\Corrosion of Conformity- Congratulations Song.mp3
[2009/02/03 17:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/02/01 00:00:46 | 00,000,352 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2009/01/31 09:42:19 | 00,000,534 | ---- | M] () -- C:\Windows\eReg.dat
[2009/01/29 21:14:26 | 00,189,180 | ---- | M] () -- C:\Users\El Mongo\Documents\return2007.pdf
[2009/01/29 15:57:56 | 73,578,0864 | ---- | M] () -- C:\Users\El Mongo\Desktop\vmt-grudge3-xvid.avi
[2009/01/28 21:57:54 | 73,417,7280 | ---- | M] () -- C:\Users\El Mongo\Desktop\p-hsm3-cd2.avi
[2009/01/28 21:56:29 | 73,386,5984 | ---- | M] () -- C:\Users\El Mongo\Desktop\p-hsm3-cd1.avi
[2009/01/22 16:24:34 | 03,825,719 | ---- | M] () -- C:\Users\El Mongo\Documents\George Michael + Aretha Franklin - I Knew You Were Waiting .mp3
[2009/01/22 16:22:08 | 04,895,228 | ---- | M] () -- C:\Users\El Mongo\Documents\Peabo Bryson -Can You Stop the Rain.mp3
[2009/01/22 16:17:35 | 04,128,768 | ---- | M] () -- C:\Users\El Mongo\Documents\Walter Egan - Magnet And Steel.mp3
< End of report >


Can't run new log. I get an error "Access violation at address 773D5973 in module 'ntdll.dll'. Read of address 00000022.
People do dumb things. And I'm not talking about paying too much for car insurance either.

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 21 February 2009 - 12:20 PM

Hello.

Were you able to run OTMoveIt?

Just take a new DDS log in that case.

With Regards,
The Panda

#10 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:07 PM

Posted 21 February 2009 - 01:07 PM

OTViewIt logfile created on: 2/21/2009 12:05:15 PM - Run 4
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\El Mongo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMXUSV2H
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 84.26% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 446.23 Gb Total Space | 185.71 Gb Free Space | 41.62% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 13.72 Gb Free Space | 9.20% Space Free | Partition Type: NTFS
Drive E: | 19.53 Gb Total Space | 7.70 Gb Free Space | 39.44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-0FF9C7D57B
Current User Name: El Mongo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/01/18 22:33:38 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/18 22:33:16 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/09/17 22:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2008/01/18 22:33:24 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/11/02 03:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/01/18 22:33:34 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/01/18 22:33:10 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/01/18 22:33:10 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2008/01/18 22:33:10 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
[2008/10/09 19:45:35 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2007/02/12 17:59:16 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
[2007/09/04 18:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
[2008/10/05 18:44:59 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2008/07/30 09:36:54 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
[2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
[2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
[2008/07/30 09:36:56 | 01,361,192 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
[2008/08/25 12:36:36 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
[2008/05/26 23:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/01/18 22:33:42 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2007/08/09 12:56:26 | 00,388,936 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
[2008/07/30 09:36:54 | 01,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
[2008/01/18 22:33:16 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2008/01/18 22:33:34 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/06/19 19:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[2008/01/18 22:33:14 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
[2008/01/18 22:33:14 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/01/18 22:33:32 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2008/01/18 22:33:32 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2008/01/18 22:33:34 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/02/21 12:05:07 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\El Mongo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMXUSV2H\OTViewIt[1].exe

========== (O23) Win32 Services ==========

[2009/01/30 23:50:38 | 00,280,833 | R--- | M] () -- C:\ProgramData\Norton\Norton2009Reset.exe -- (.norton2009Reset [Auto | Stopped])
[2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/07/27 12:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/01/18 22:33:08 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/18 22:34:08 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/18 22:33:10 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 06:34:14 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/06/19 19:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
[2008/10/09 19:45:35 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2007/02/12 17:59:16 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device [Auto | Running])
[2008/10/09 17:54:20 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/06/19 19:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/09/04 18:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
[2008/09/17 22:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/10/05 18:44:59 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2008/07/30 09:36:54 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher [Auto | Running])
[2008/01/18 22:36:20 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
[2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
[2008/01/18 22:33:24 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 03:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008/07/30 09:36:56 | 01,361,192 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4 [Auto | Running])
[2008/12/13 17:23:02 | 00,104,944 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
[2008/01/18 22:33:34 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2008/01/18 22:33:34 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2008/01/18 22:33:36 | 00,917,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbengine.exe -- (wbengine [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/01/18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/05/26 23:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2007/08/09 12:56:26 | 00,388,936 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc [Auto | Running])
[2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])

========== Driver Services ==========

[2006/11/02 03:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 03:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 03:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 03:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 03:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 03:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 02:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2008/01/18 20:27:22 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])
[2006/11/02 03:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 03:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2004/08/04 13:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\Windows\System32\drivers\asc.sys -- (asc [Boot | Running])
[2004/08/04 13:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\Windows\System32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2006/11/02 01:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV [On_Demand | Running])
[2008/01/18 20:28:28 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 02:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 02:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/18 22:43:00 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 03:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 03:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 02:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/18 20:28:58 | 00,350,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.sys -- (CSC [System | Running])
[2004/08/04 13:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\Windows\System32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2008/01/18 20:28:22 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/08/01 19:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 01:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/18 22:42:12 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 03:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/18 20:28:02 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/18 22:42:32 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/18 20:30:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2008/01/18 22:42:14 | 00,145,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol [Boot | Running])
[2006/11/02 03:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[1996/04/03 13:33:26 | 00,005,248 | ---- | M] () -- C:\Windows\System32\giveio.sys -- (giveio [Boot | Running])
[2008/04/17 21:13:02 | 00,811,008 | ---- | M] () -- C:\Windows\gmer.exe -- (gmer [On_Demand | Stopped])
[2002/02/28 23:35:00 | 00,280,644 | ---- | M] (Hauppauge Computer Works) -- C:\Windows\System32\drivers\HCWBT8XX.sys -- (HCWBT8xx [On_Demand | Stopped])
[2006/11/02 01:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
[2008/01/18 19:30:50 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 02:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 02:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 03:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2008/08/25 12:36:28 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
[2008/08/25 12:36:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
[2008/08/25 12:36:30 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
[2006/11/02 02:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/18 22:42:36 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 02:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2008/01/18 20:55:04 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 03:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 03:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 03:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/18 20:30:38 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 03:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/18 20:52:20 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 03:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/18 20:54:48 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/08/26 19:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/18 20:28:38 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 03:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 03:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/18 22:41:16 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/18 22:42:30 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/05/19 20:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/18 20:55:52 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2007/11/18 02:39:50 | 01,040,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])
[2008/09/17 22:55:00 | 07,379,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2007/09/04 18:26:32 | 00,029,696 | ---- | M] (NVidia Corp.) -- C:\Windows\nvoclock.sys -- (NVR0Dev [On_Demand | Running])
[2006/11/02 03:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2007/01/05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Boot | Running])
[2007/08/09 17:12:30 | 00,110,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32 [Boot | Running])
[2006/11/02 03:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 03:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008/04/04 19:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006/08/24 21:47:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 13:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2004/08/04 13:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2004/08/04 13:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2006/11/02 03:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/18 20:56:08 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008/01/18 20:56:44 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/18 21:01:10 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/18 20:55:04 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2008/07/16 08:57:40 | 00,269,736 | R--- | M] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw [System | Running])
[2008/06/21 03:54:54 | 00,065,576 | ---- | M] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL [On_Demand | Running])
[2008/06/21 03:54:54 | 00,066,600 | R--- | M] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips [System | Running])
[2006/11/02 03:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2007/08/06 18:15:07 | 00,033,052 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/18 20:49:18 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 02:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 02:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 02:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 03:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 03:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 03:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/18 20:55:28 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2004/08/04 13:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2006/09/24 07:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\speedfan.sys -- (speedfan [Boot | Running])
[2008/01/18 22:41:32 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/01/18 20:29:16 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/18 20:29:14 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2004/08/04 13:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\Windows\System32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008/01/18 20:56:08 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008/01/18 20:56:00 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008/01/18 21:01:16 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/18 20:55:42 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/18 20:55:52 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 03:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 03:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 03:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 03:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2004/08/04 13:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ultra.sys -- (ultra [Boot | Running])
[2008/01/18 20:53:42 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2005/05/26 09:01:18 | 00,021,344 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
[2006/11/02 02:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2005/05/26 09:01:36 | 00,038,144 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
[2005/06/24 16:36:16 | 00,039,036 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
[2006/11/02 02:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 02:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 03:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/02/12 03:42:38 | 00,232,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMM.sys -- (vmm [System | Running])
[2008/01/18 22:42:20 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/18 22:43:04 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2008/02/05 01:50:44 | 00,059,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2 [On_Demand | Running])
[2006/11/02 03:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 02:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 03:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/18 22:43:28 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 02:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2008/01/18 20:56:50 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb [System | Running])
[2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv [System | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (290304 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
9999 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{ED0E8CA5-42FB-4B18-997B-769E0408E79D}" (HKLM) -- C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
"LXDDCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16 (Lexmark International, Inc.)
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" ()
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe -silent (MediaCodec.Org)
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent (Take-Two Interactive Software, Inc.)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"legalnoticecaption"=
"legalnoticetext"=
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"MemCheckBoxInRunDlg"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{7F35E3A0-C4D1-47B7-AFC9-2A198295883F}: Button: FreshDownload -- %ProgramFiles%\FreshDevices\FreshDownload\fd.exe File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 09:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{4871A87A-BFDD-4106-8153-FFDE2BAC2967}: http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab -- DLM Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{BC18E6DF-BE57-4580-93E8-F228F9A133AA}: http://simcity.ea.com/exchange/lots/telepo...ty4LotTeleX.cab -- MaxisSimCity4LotTeleX Control
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{60136C82-3EC0-4D3E-8060-8EC3DC1B0E08} (Servers: | Description: Broadcom 802.11g Network Adapter)
{C707925B-F5DF-4B38-8BFB-27EFE162C115} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E31004D1-A431-41B8-826F-E902F9D95C81}" (HKLM) = Windows DreamScene -- C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/18 22:34:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/18 22:36:44 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/06/01 12:49:08 | 00,000,000 | ---- | M] () -- D:\AUTOEXEC.BAT -- [ NTFS ]

autoexec.bat [REM Dummy file for NTVDM | ]
[2008/10/15 10:11:14 | 00,000,024 | ---- | M] () -- E:\autoexec.bat -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7e06186-9336-11dd-990e-0016171b32cd}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7e06186-9336-11dd-990e-0016171b32cd}\Shell\AutoRun\command]
""=L:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command]
""=G:\Autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell\AutoRun\command]
""=K:\Autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\Shell\AutoRun\command]
""=L:\RunGame.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\ProgramData\*.tmp files]
[2009/02/21 10:31:02 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/02/21 10:31:02 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/02/21 10:31:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/02/21 10:31:00 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/02/21 10:15:32 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/02/21 10:15:20 | 00,000,913 | ---- | C] () -- C:\Users\El Mongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/02/21 10:15:10 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/02/20 16:28:12 | 00,000,250 | ---- | C] () -- C:\Windows\gmer.ini
[2009/02/20 16:28:11 | 00,811,008 | ---- | C] () -- C:\Windows\gmer.exe
[2009/02/20 16:19:12 | 00,000,000 | ---D | C] -- C:\00000082
[2009/02/17 17:52:25 | 73,602,2528 | ---- | C] () -- C:\Users\El Mongo\Desktop\Amusement.2008.DVDRiP.XviD-WaLMaRT.avi
[2009/02/17 17:51:10 | 73,578,0864 | ---- | C] () -- C:\Users\El Mongo\Desktop\vmt-grudge3-xvid.avi
[2009/02/17 17:49:39 | 73,417,7280 | ---- | C] () -- C:\Users\El Mongo\Desktop\p-hsm3-cd2.avi
[2009/02/17 17:48:39 | 73,386,5984 | ---- | C] () -- C:\Users\El Mongo\Desktop\p-hsm3-cd1.avi
[2009/02/15 15:55:27 | 04,053,162 | ---- | C] () -- C:\Users\El Mongo\Documents\Juice Newton - Heart of The Night.mp3
[2009/02/15 10:37:06 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/02/15 10:37:04 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/02/15 10:37:00 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/02/15 10:37:00 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/02/15 10:36:59 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/02/14 20:53:42 | 07,815,703 | ---- | C] () -- C:\Users\El Mongo\Documents\My Morning Jacket - Off The Record.mp3
[2009/02/14 12:21:31 | 04,697,751 | ---- | C] () -- C:\Users\El Mongo\Documents\Does It Offend You, Yeah - Dawn Of The Dead(2).mp3
[2009/02/14 12:20:58 | 06,101,788 | ---- | C] () -- C:\Users\El Mongo\Documents\The Asteroids Galaxy Tour - Around The Bend.mp3
[2009/02/14 12:16:18 | 06,708,596 | ---- | C] () -- C:\Users\El Mongo\Documents\Shinedown - Second Chance.mp3
[2009/02/12 21:06:52 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\Documents\USI Material
[2009/02/12 16:04:52 | 73,518,2208 | ---- | C] () -- C:\Users\El Mongo\Desktop\His Name Was Jason.avi
[2009/02/10 21:58:36 | 00,244,351 | ---- | C] () -- C:\Users\El Mongo\Documents\2008 Income Tax (Federal).pdf
[2009/02/10 14:06:02 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/02/10 14:06:01 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/02/10 14:05:59 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/02/10 14:05:59 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/02/10 14:05:58 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/02/10 14:05:58 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/02/10 14:05:57 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/02/10 14:05:57 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/02/10 14:05:57 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/02/09 18:13:47 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/02/09 18:13:43 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/02/09 18:13:38 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/02/09 18:13:38 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/02/09 18:13:37 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/02/09 18:13:37 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/02/09 18:13:33 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/02/09 18:13:24 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/02/09 18:05:13 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/02/09 18:05:04 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/02/09 18:05:01 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/02/09 18:04:33 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/02/09 18:03:14 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/02/07 17:23:36 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/02/06 16:57:35 | 04,892,212 | ---- | C] () -- C:\Users\El Mongo\Documents\Phill Collins - I Don't Care Anymore.mp3
[2009/02/04 16:20:10 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\AppData\Roaming\Lexmark Imaging Studio
[2009/02/03 20:00:58 | 06,427,882 | ---- | C] () -- C:\Users\El Mongo\Documents\Corrosion of Conformity- Congratulations Song.mp3
[2009/02/01 10:48:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2009/01/31 09:46:27 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\Documents\SimCity 4
[2009/01/31 09:42:19 | 00,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2009/01/31 09:42:15 | 00,000,000 | ---D | C] -- C:\Program Files\Maxis
[2009/01/30 23:47:25 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009/01/30 23:47:00 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/01/30 23:43:29 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\Documents\Norton AntiVirus 2009 v16.0.0.125 [Final]
[2009/01/29 21:14:17 | 00,189,180 | ---- | C] () -- C:\Users\El Mongo\Documents\return2007.pdf
[2009/01/25 10:21:02 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2009/01/25 10:21:02 | 00,000,000 | ---D | C] -- C:\Users\El Mongo\Documents\EA Games
[2009/01/22 16:21:58 | 03,825,719 | ---- | C] () -- C:\Users\El Mongo\Documents\George Michael + Aretha Franklin - I Knew You Were Waiting .mp3
[2009/01/22 16:21:44 | 04,895,228 | ---- | C] () -- C:\Users\El Mongo\Documents\Peabo Bryson -Can You Stop the Rain.mp3
[2009/01/22 16:17:14 | 04,128,768 | ---- | C] () -- C:\Users\El Mongo\Documents\Walter Egan - Magnet And Steel.mp3

========== Files - Modified Within 30 Days ==========

[5 C:\ProgramData\*.tmp files]
[2009/02/21 11:16:38 | 00,004,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/02/21 11:16:38 | 00,004,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/02/21 10:18:12 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/02/21 10:18:07 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/21 10:18:02 | 32,185,50784 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/21 10:17:04 | 02,097,254 | -H-- | M] () -- C:\Users\El Mongo\AppData\Local\IconCache.db
[2009/02/21 10:15:20 | 00,000,913 | ---- | M] () -- C:\Users\El Mongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/02/20 20:55:46 | 00,059,392 | ---- | M] () -- C:\Users\El Mongo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/20 17:11:25 | 00,000,250 | ---- | M] () -- C:\Windows\gmer.ini
[2009/02/19 18:28:14 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/02/19 18:28:14 | 00,597,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/02/19 18:28:14 | 00,101,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/02/15 15:59:02 | 04,053,162 | ---- | M] () -- C:\Users\El Mongo\Documents\Juice Newton - Heart of The Night.mp3
[2009/02/14 21:07:18 | 03,307,105 | ---- | M] () -- C:\Users\El Mongo\Documents\Carolina Liar- I'm Not Over.mp3
[2009/02/14 20:57:31 | 07,815,703 | ---- | M] () -- C:\Users\El Mongo\Documents\My Morning Jacket - Off The Record.mp3
[2009/02/14 12:22:29 | 06,101,788 | ---- | M] () -- C:\Users\El Mongo\Documents\The Asteroids Galaxy Tour - Around The Bend.mp3
[2009/02/14 12:22:20 | 04,697,751 | ---- | M] () -- C:\Users\El Mongo\Documents\Does It Offend You, Yeah - Dawn Of The Dead(2).mp3
[2009/02/14 12:17:48 | 06,708,596 | ---- | M] () -- C:\Users\El Mongo\Documents\Shinedown - Second Chance.mp3
[2009/02/13 12:06:06 | 73,518,2208 | ---- | M] () -- C:\Users\El Mongo\Desktop\His Name Was Jason.avi
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/02/10 21:58:37 | 00,244,351 | ---- | M] () -- C:\Users\El Mongo\Documents\2008 Income Tax (Federal).pdf
[2009/02/06 16:58:06 | 04,892,212 | ---- | M] () -- C:\Users\El Mongo\Documents\Phill Collins - I Don't Care Anymore.mp3
[2009/02/03 20:22:12 | 06,427,882 | ---- | M] () -- C:\Users\El Mongo\Documents\Corrosion of Conformity- Congratulations Song.mp3
[2009/02/03 17:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/02/01 00:00:46 | 00,000,352 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2009/01/31 09:42:19 | 00,000,534 | ---- | M] () -- C:\Windows\eReg.dat
[2009/01/29 21:14:26 | 00,189,180 | ---- | M] () -- C:\Users\El Mongo\Documents\return2007.pdf
[2009/01/29 15:57:56 | 73,578,0864 | ---- | M] () -- C:\Users\El Mongo\Desktop\vmt-grudge3-xvid.avi
[2009/01/28 21:57:54 | 73,417,7280 | ---- | M] () -- C:\Users\El Mongo\Desktop\p-hsm3-cd2.avi
[2009/01/28 21:56:29 | 73,386,5984 | ---- | M] () -- C:\Users\El Mongo\Desktop\p-hsm3-cd1.avi
[2009/01/22 16:24:34 | 03,825,719 | ---- | M] () -- C:\Users\El Mongo\Documents\George Michael + Aretha Franklin - I Knew You Were Waiting .mp3
[2009/01/22 16:22:08 | 04,895,228 | ---- | M] () -- C:\Users\El Mongo\Documents\Peabo Bryson -Can You Stop the Rain.mp3
[2009/01/22 16:17:35 | 04,128,768 | ---- | M] () -- C:\Users\El Mongo\Documents\Walter Egan - Magnet And Steel.mp3
< End of report >
People do dumb things. And I'm not talking about paying too much for car insurance either.

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 21 February 2009 - 01:20 PM

Hello.

Please follow the directions in this post for running OTMoveIt and installing a new antivirus.

Take a new DDS log after.

With Regards,
The Panda

#12 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:07 PM

Posted 21 February 2009 - 05:26 PM

That last post I made is the new log. I got it going. The new antivirus program was blocking from running, but I took care of it.
People do dumb things. And I'm not talking about paying too much for car insurance either.

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 21 February 2009 - 06:01 PM

Hello elmongo2.

What antivirus do you have installed at the moment?

Are there any problems?

With Regards,
The Panda

#14 elmongo2

elmongo2
  • Topic Starter

  • Members
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:07 PM

Posted 22 February 2009 - 02:37 PM

I'm now using the Avira. So far everything seems to be running pretty smoothly, except the internet browser is slow at loading stuff at times.
People do dumb things. And I'm not talking about paying too much for car insurance either.

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 23 February 2009 - 08:22 AM

Hello.

Tell me if Avira finds anything.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users