Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected


  • This topic is locked This topic is locked
12 replies to this topic

#1 TylerBoland

TylerBoland

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 20 May 2009 - 04:09 PM

Ive been infected with this for about 3 weeks. I cant update my security software, windows update takes me to google and some search engines give me nothing but ads. Ive tried everything none of my security software can find anything and reformatting did nothing.

Report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:10 PM, on 5/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 1611 bytes


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:44 PM

Posted 20 May 2009 - 05:54 PM

Hi TylerBoland,

I need to see some information about what is happening in your machine.

Please download DDS by sUBs from one of the following links. Save it to your desktop.

Download 1
Download 2
  • Double click on the DDS icon, allow it to run
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results
  • Close the program window
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE
Posted Image
m0le is a proud member of UNITE

#3 TylerBoland

TylerBoland
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 20 May 2009 - 06:43 PM

Here ya go:

DDS (Ver_09-05-14.01) - NTFSx86  
Run by TylerBoland at 16:41:28.04 on Wed 05/20/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1918.1521 [GMT -7:00]

AV: COMODO Antivirus *On-access scanning enabled* (Outdated)   {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled*   {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TylerBoland\Desktop\dds.scr

============== Pseudo HJT Report ===============

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tylerb~1\applic~1\mozilla\firefox\profiles\4zweneza.default\

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-18 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-18 24096]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-5-18 692496]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2004-10-6 283904]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2004-10-4 43392]

=============== Created Last 30 ================

2009-05-19 18:36	23	a-------	c:\windows\SWFDecompiler.INI
2009-05-19 16:53	<DIR>	--d-----	c:\program files\common files\SourceTec
2009-05-19 16:53	<DIR>	--d-----	c:\program files\SourceTec
2009-05-19 16:28	162,304	a-------	c:\windows\system32\ztvunrar36.dll
2009-05-19 16:28	153,088	a-------	c:\windows\system32\UNRAR3.dll
2009-05-19 16:28	77,312	a-------	c:\windows\system32\ztvunace26.dll
2009-05-19 16:28	75,264	a-------	c:\windows\system32\unacev2.dll
2009-05-19 16:28	69,632	a-------	c:\windows\system32\ztvcabinet.dll
2009-05-19 16:28	<DIR>	--d-----	c:\program files\Trojan Remover
2009-05-19 16:28	<DIR>	--d-----	c:\docume~1\tylerb~1\applic~1\Simply Super Software
2009-05-19 16:28	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-05-19 16:15	<DIR>	--d-----	c:\windows\system32\QuickTime
2009-05-19 16:14	<DIR>	--d-----	c:\program files\Macromedia
2009-05-19 16:14	<DIR>	--d-----	c:\program files\common files\Macromedia
2009-05-19 16:14	<DIR>	--d-----	c:\windows\Downloaded Installations
2009-05-19 13:57	<DIR>	--d-----	c:\program files\Trend Micro
2009-05-18 19:59	153	a-------	c:\windows\cavscan.INI
2009-05-18 19:52	<DIR>	--d-----	c:\windows\pss
2009-05-18 19:31	<DIR>	--d-----	c:\docume~1\tylerb~1\applic~1\Antispyware
2009-05-18 19:20	<DIR>	--d-----	c:\docume~1\tylerb~1\applic~1\Malwarebytes
2009-05-18 19:20	15,504	a-------	c:\windows\system32\drivers\mbam.sys
2009-05-18 19:20	38,496	a-------	c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-18 19:20	<DIR>	--d-----	c:\program files\Malwarebytes' Anti-Malware
2009-05-18 19:20	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-18 18:44	687,201	a-------	c:\windows\system32\drivers\sfi.dat
2009-05-18 18:34	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Comodo
2009-05-18 18:34	168,208	a-------	c:\windows\system32\guard32.dll
2009-05-18 18:34	132,640	a-------	c:\windows\system32\drivers\cmdguard.sys
2009-05-18 18:34	24,096	a-------	c:\windows\system32\drivers\cmdhlp.sys
2009-05-18 18:34	<DIR>	--d-----	c:\program files\COMODO
2009-05-18 18:18	457,248	a-------	c:\windows\system32\nvudisp.exe
2009-05-18 18:18	19,207	a-------	c:\windows\system32\nvdisp.nvu
2009-05-18 18:18	457,248	a-------	c:\windows\system32\NVUNINST.EXE
2009-05-18 18:18	<DIR>	--d-----	C:\NVIDIA
2009-05-18 17:47	36,864	a-------	c:\windows\system32\ANIOApi.dll
2009-05-18 17:47	28,205	a-------	c:\windows\system32\ANIO.sys
2009-05-18 17:47	16,997	a-------	c:\windows\system32\ANIO.VXD
2009-05-18 17:47	11,904	a-------	c:\windows\system32\anio4.sys
2009-05-18 17:46	1,163,337	a-------	c:\windows\system32\odSupp_M.dll
2009-05-18 17:46	577,536	a-------	c:\windows\system32\ANIWZCS2.dll
2009-05-18 17:46	192,512	a-------	c:\windows\system32\aIPH.dll
2009-05-18 17:46	131,072	a-------	c:\windows\system32\WlanApp.dll
2009-05-18 17:46	57,407	a-------	c:\windows\system32\ANICtl.dll
2009-05-18 17:46	49,152	a-------	c:\windows\system32\AQCKGen.dll
2009-05-18 17:46	<DIR>	--d-----	c:\program files\ANI
2009-05-18 17:37	<DIR>	--d-----	c:\program files\D-Link
2009-05-18 17:32	<DIR>	--d-----	c:\windows\system32\appmgmt
2009-05-18 17:30	<DIR>	--d-----	c:\documents and settings\TylerBoland
2009-05-18 17:27	<DIR>	--ds----	c:\windows\system32\Microsoft
2009-05-18 17:10	8,192	a-------	c:\windows\REGLOCS.OLD
2009-05-18 17:08	236,544	ac------	c:\windows\system32\dllcache\smi2smir.exe
2009-05-18 17:07	20,536	ac------	c:\windows\system32\dllcache\shtml.dll
2009-05-18 17:06	<DIR>	--dsh---	c:\documents and settings\all users\DRM
2009-05-18 17:06	<DIR>	--d-h---	c:\program files\WindowsUpdate
2009-05-18 17:06	<DIR>	--d-----	c:\program files\common files\MSSoap
2009-05-18 17:04	<DIR>	--d-----	c:\program files\Online Services
2009-05-18 17:04	<DIR>	--d-----	c:\program files\Messenger
2009-05-18 17:04	<DIR>	--d-----	c:\program files\MSN Gaming Zone
2009-05-18 17:04	<DIR>	--d-----	c:\program files\Windows NT
2009-05-18 09:48	<DIR>	--d-----	c:\program files\common files\ODBC
2009-05-18 09:48	<DIR>	--d-----	c:\program files\common files\SpeechEngines
2009-05-18 09:48	<DIR>	--d--r--	c:\documents and settings\all users\Documents

==================== Find3M  ====================

2009-05-19 17:43	86,327	a-------	c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-18 17:05	21,640	a-------	c:\windows\system32\emptyregdb.dat
2009-05-01 00:31	1,657,376	a-------	c:\windows\system32\nwiz.exe
2009-05-01 00:31	449,056	a-------	c:\windows\system32\nvappbar.exe
2009-05-01 00:31	436,768	a-------	c:\windows\system32\keystone.exe
2009-05-01 00:31	1,724,416	a-------	c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31	1,507,328	a-------	c:\windows\system32\nview.dll
2009-05-01 00:31	1,101,824	a-------	c:\windows\system32\nvwimg.dll
2009-05-01 00:31	466,944	a-------	c:\windows\system32\nvshell.dll
2009-04-30 22:02	9,994,240	a-------	c:\windows\system32\nvoglnt.dll
2009-04-30 22:02	8,055,584	a-------	c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 22:02	5,896,320	a-------	c:\windows\system32\nv4_disp.dll
2009-04-30 22:02	1,720,320	a-------	c:\windows\system32\nvcuda.dll
2009-04-30 22:02	1,579,630	a-------	c:\windows\system32\nvdata.bin
2009-04-30 22:02	1,314,816	a-------	c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02	806,912	a-------	c:\windows\system32\nvapi.dll
2009-04-30 22:02	663,552	a-------	c:\windows\system32\nvcuvid.dll
2009-04-30 22:02	143,360	a-------	c:\windows\system32\nvcodins.dll
2009-04-30 22:02	143,360	a-------	c:\windows\system32\nvcod.dll

============= FINISH: 16:41:50.62 ===============


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:44 PM

Posted 23 May 2009 - 05:36 AM

Hi TylerBoland,

We need to take a better look at your computer.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

Next...

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 TylerBoland

TylerBoland
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 23 May 2009 - 04:54 PM

GMER Scan:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-23 14:41:36
Windows 6.1.7100 


---- System - GMER 1.0.15 ----

INT 0x1F		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)  8281CAF8
INT 0x37		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)  8281C104
INT 0xC1		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)  8281C3F4
INT 0xD1		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)  82804634
INT 0xD2		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)  82804898
INT 0xDF		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)  8281C1DC
INT 0xE1		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)  8281C958
INT 0xE3		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)  8281C6F8
INT 0xFD		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)  8281CF2C
INT 0xFE		\SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)  8281D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text		   ntkrnlpa.exe!ZwSaveKeyEx + 13B1														   82871549 1 Byte  [06]
.text		   ntkrnlpa.exe!KiDispatchInterrupt + 5A2													828916B2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET; MOV ECX, CR3}
.text		   peauth.sys																				93158C9D 28 Bytes  [9E, 61, 80, 09, 19, 30, 8E, ...]
.text		   peauth.sys																				93158CC1 28 Bytes  [9E, 61, 80, 09, 19, 30, 8E, ...]
PAGE			spsys.sys!?SPRevision@@3PADA + 4F90													   960FB000 667 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE			spsys.sys!?SPRevision@@3PADA + 522C													   960FB29C 74 Bytes  [01, 00, 51, 51, 8B, CC, 6A, ...]
PAGE			spsys.sys!?SPRevision@@3PADA + 5681													   960FB6F1 71 Bytes  [6A, 0C, 68, 58, 54, 0F, 96, ...]
PAGE			spsys.sys!?SPRevision@@3PADA + 56C9													   960FB739 74 Bytes  [00, 33, C9, 84, C0, 0F, 94, ...]
PAGE			spsys.sys!?SPRevision@@3PADA + 5714													   960FB784 253 Bytes  [AB, 6A, 10, AB, 58, 2B, C1, ...]
PAGE			...																					   

---- Devices - GMER 1.0.15 ----

Device		  \Driver\ACPI_HAL \Device\00000047														 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1													fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2													fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3													fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4													fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5													fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

OTViewIt:
[codeOTViewIt logfile created on: 5/23/2009 2:42:17 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Tyler\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 74.42% Memory free
3.75 Gb Paging File | 3.26 Gb Available in Paging File | 86.99% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 277.65 Gb Free Space | 93.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TYLER-PC
Current User Name: Tyler
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2009/04/21 22:19:40 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2009/04/21 22:19:08 | 00,260,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2009/04/21 22:19:20 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
[2009/04/21 22:19:43 | 01,124,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2009/04/21 22:19:26 | 00,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/04/21 22:18:59 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2009/04/21 22:19:35 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2009/04/21 22:19:26 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009/04/21 22:19:26 | 00,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/05/23 14:37:13 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2009/04/01 15:46:23 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Disabled | Stopped])
[2009/03/02 13:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Disabled | Stopped])
[2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
[2009/04/21 22:19:55 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bdesvc.dll -- (BDESVC [Unknown | Stopped])
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2009/04/04 13:05:06 | 00,067,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2009/04/21 22:20:18 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2009/04/21 22:19:00 | 00,556,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2009/04/21 22:19:00 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2009/04/04 13:04:57 | 00,043,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2009/04/21 22:20:34 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
[2009/04/21 23:17:36 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2009/04/04 13:04:35 | 00,129,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (RpcEptMapper [Unknown | Running])
[2009/04/21 22:21:47 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2009/04/21 22:19:30 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2009/04/21 22:19:20 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe -- (sppsvc [Auto | Running])
[2009/04/21 22:19:36 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2009/04/21 22:19:37 | 00,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2009/04/21 22:19:39 | 01,203,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbengine.exe -- (wbengine [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Running])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2009/04/21 22:19:43 | 01,124,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2009/04/21 22:19:26 | 00,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2009/04/21 20:50:20 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci [On_Demand | Running])
[2004/10/06 10:39:14 | 00,283,904 | ---- | M] (D-Link Corporation) -- C:\Windows\System32\drivers\A5AGU.sys -- (A5AGU [On_Demand | Running])
[2009/04/21 20:13:47 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpipmi.sys -- (AcpiPmi [On_Demand | Stopped])
[2009/04/21 22:24:35 | 00,422,992 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [On_Demand | Stopped])
[2009/04/21 22:24:29 | 00,297,552 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [On_Demand | Stopped])
[2009/04/21 22:24:21 | 00,146,512 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [On_Demand | Stopped])
[2009/04/21 22:24:08 | 00,070,736 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [On_Demand | Stopped])
[2009/04/21 22:24:04 | 00,014,416 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [On_Demand | Stopped])
[2009/04/21 22:24:11 | 00,053,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2009/04/21 22:24:04 | 00,014,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [On_Demand | Stopped])
[2009/04/21 20:08:28 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])
[2009/04/21 20:08:28 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM [On_Demand | Stopped])
[2009/04/21 22:24:13 | 00,077,904 | ---- | M] (AMD) -- C:\Windows\System32\drivers\amdsata.sys -- (amdsata [On_Demand | Stopped])
[2009/04/21 22:24:21 | 00,159,312 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\System32\drivers\amdsbs.sys -- (amdsbs [On_Demand | Stopped])
[2009/04/21 22:24:04 | 00,023,120 | ---- | M] (AMD) -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata [Boot | Running])
[2004/07/27 11:20:46 | 00,028,205 | ---- | M] (Alpha Networks Inc.) -- C:\Windows\System32\ANIO.sys -- (ANIO [Auto | Running])
[2009/04/21 20:35:06 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\appid.sys -- (AppID [On_Demand | Stopped])
[2009/04/21 22:24:12 | 00,076,368 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [On_Demand | Stopped])
[2009/04/21 22:24:19 | 00,086,608 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [On_Demand | Stopped])
[2004/10/04 06:28:38 | 00,043,392 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\drivers\Athfmwdl.sys -- (ATHFMWDL [On_Demand | Stopped])
[2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
[2009/03/24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt [Auto | Running])
[2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb [System | Running])
[2009/04/21 19:01:07 | 00,430,080 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\bxvbdx.sys -- (b06bdrv [On_Demand | Stopped])
[2009/04/21 19:01:07 | 00,229,888 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x [On_Demand | Stopped])
[2009/04/21 20:20:31 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive [System | Running])
[2009/04/21 20:11:39 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2009/04/21 19:51:15 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2009/04/21 19:51:15 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2009/04/21 21:53:34 | 00,272,128 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [On_Demand | Stopped])
[2009/04/21 19:51:16 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [On_Demand | Stopped])
[2009/04/21 19:51:17 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [On_Demand | Stopped])
[2009/04/21 19:51:17 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2009/04/21 20:50:00 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [On_Demand | Stopped])
[2009/04/21 20:49:41 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [On_Demand | Stopped])
[2009/04/21 22:24:27 | 00,249,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2009/04/21 22:24:04 | 00,015,952 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [On_Demand | Stopped])
[2009/04/21 22:23:29 | 00,369,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cng.sys -- (CNG [Boot | Running])
[2009/04/21 20:43:54 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus [On_Demand | Running])
[2009/04/21 22:23:56 | 00,022,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Disabled | Stopped])
[2009/04/21 20:12:26 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.sys -- (CSC [System | Running])
[2009/04/21 20:11:34 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2009/04/21 20:21:35 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\discache.sys -- (discache [System | Running])
[2009/04/21 20:23:55 | 00,720,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2009/04/21 19:01:07 | 03,100,160 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\evbdx.sys -- (ebdrv [On_Demand | Stopped])
[2009/04/21 22:24:23 | 00,453,712 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [On_Demand | Stopped])
[2009/04/21 20:16:42 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev [On_Demand | Stopped])
[2009/04/21 20:11:23 | 00,141,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2009/04/21 22:24:06 | 00,058,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2009/04/21 20:12:44 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2009/04/21 22:24:05 | 00,045,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends [On_Demand | Stopped])
[2009/04/21 22:23:28 | 00,194,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol [Boot | Running])
[2009/04/21 22:24:07 | 00,057,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2009/04/21 19:52:05 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\drivers\hcw85cir.sys -- (hcw85cir [On_Demand | Stopped])
[2009/04/21 20:50:11 | 00,304,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
[2009/04/21 20:49:20 | 00,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2009/04/21 20:16:45 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbatt.sys -- (HidBatt [On_Demand | Stopped])
[2009/04/21 20:49:57 | 00,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [On_Demand | Stopped])
[2009/04/21 20:49:28 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [On_Demand | Stopped])
[2009/04/21 22:24:08 | 00,067,152 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpSAMD.sys -- (HpSAMD [On_Demand | Stopped])
[2009/04/21 22:23:53 | 00,013,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy [Boot | Running])
[2009/04/21 22:24:21 | 00,332,368 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [On_Demand | Stopped])
[2009/04/21 22:24:02 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [On_Demand | Stopped])
[2009/04/21 20:28:59 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [On_Demand | Stopped])
[2009/04/21 22:24:19 | 00,186,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Stopped])
[2009/04/21 20:43:35 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [On_Demand | Stopped])
[2009/04/21 22:24:16 | 00,133,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg [Boot | Running])
[2009/04/21 20:51:50 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2009/04/21 22:24:14 | 00,095,824 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [On_Demand | Stopped])
[2009/04/21 22:24:12 | 00,089,168 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [On_Demand | Stopped])
[2009/04/21 22:24:06 | 00,054,864 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_sas2.sys -- (LSI_SAS2 [On_Demand | Stopped])
[2009/04/21 22:24:13 | 00,096,848 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [On_Demand | Stopped])
[2009/04/21 20:13:03 | 00,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2009/04/21 22:23:59 | 00,030,800 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [On_Demand | Stopped])
[2009/04/21 22:24:20 | 00,236,112 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR [On_Demand | Stopped])
[2009/04/21 20:23:21 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2009/04/21 22:24:15 | 00,130,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [On_Demand | Stopped])
[2009/04/21 20:51:22 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2009/04/21 20:11:57 | 00,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2009/04/21 20:11:49 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2009/04/21 22:23:59 | 00,027,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [On_Demand | Stopped])
[2009/04/21 22:24:14 | 00,115,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [On_Demand | Stopped])
[2009/04/21 20:49:31 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf [On_Demand | Stopped])
[2009/04/21 22:23:53 | 00,013,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2009/04/21 22:24:19 | 00,162,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2009/04/21 20:45:25 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MTConfig.sys -- (MTConfig [On_Demand | Stopped])
[2009/04/21 20:50:30 | 00,267,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2009/04/21 20:51:14 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap [On_Demand | Stopped])
[2009/04/21 22:24:05 | 00,044,624 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [On_Demand | Stopped])
[2009/04/21 20:09:25 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2009/04/21 19:01:11 | 00,347,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD [On_Demand | Running])
[2009/03/20 08:23:16 | 07,678,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2009/04/21 22:24:14 | 00,117,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [On_Demand | Stopped])
[2009/04/21 22:24:17 | 00,142,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Boot | Running])
[2009/04/21 22:24:13 | 00,105,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2009/04/21 22:24:04 | 00,042,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcw.sys -- (pcw [Boot | Running])
[2009/04/21 21:44:34 | 00,586,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2009/04/21 20:52:33 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (Psched [System | Running])
[2009/04/21 22:23:56 | 01,383,504 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [On_Demand | Stopped])
[2009/04/21 22:23:49 | 00,105,552 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [On_Demand | Stopped])
[2009/04/21 20:52:46 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2009/04/21 20:53:30 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn [On_Demand | Running])
[2009/04/21 20:53:31 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2009/04/21 21:01:13 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus [On_Demand | Running])
[2009/04/21 21:00:12 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2009/04/21 21:00:12 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP [System | Running])
[2009/04/21 22:23:55 | 00,173,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost [Boot | Running])
[2009/04/21 20:52:15 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST [Auto | Running])
[2009/04/21 20:51:51 | 00,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2009/04/21 20:26:30 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap [On_Demand | Stopped])
[2009/04/21 22:23:49 | 00,085,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [On_Demand | Stopped])
[2009/04/21 20:32:05 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter [Unknown | Stopped])
[2009/04/21 17:51:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2009/04/21 20:43:35 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [On_Demand | Stopped])
[2009/04/21 20:44:21 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [On_Demand | Stopped])
[2009/04/21 20:44:21 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2009/04/21 20:44:21 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2009/04/21 22:23:48 | 00,052,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2009/04/21 22:23:45 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [On_Demand | Stopped])
[2009/04/21 22:23:49 | 00,077,904 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [On_Demand | Stopped])
[2009/04/21 20:52:13 | 00,071,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [On_Demand | Stopped])
[2009/04/21 22:23:42 | 00,017,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2009/04/21 20:12:18 | 00,306,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2009/04/21 20:12:07 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2009/02/13 12:50:02 | 00,028,376 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2009/04/21 22:23:43 | 00,021,072 | ---- | M] (Promise Technology) -- C:\Windows\System32\drivers\stexstor.sys -- (stexstor [On_Demand | Stopped])
[2009/04/21 22:23:47 | 00,040,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt [Boot | Running])
[2009/04/21 22:23:44 | 00,028,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc [On_Demand | Stopped])
[2009/04/21 20:52:46 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2009/04/21 20:09:30 | 00,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2009/04/21 21:00:23 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2009/04/21 20:52:38 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2009/04/21 22:23:48 | 00,055,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2009/04/21 22:23:48 | 00,057,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2009/04/21 20:50:03 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2009/04/21 20:50:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys -- (UmPass [On_Demand | Stopped])
[2009/03/26 15:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Running])
[2009/04/21 20:49:43 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [On_Demand | Stopped])
[2009/04/21 22:23:44 | 00,032,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot [Boot | Running])
[2009/04/21 20:23:17 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2009/04/21 22:23:52 | 00,158,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vhdmp.sys -- (vhdmp [On_Demand | Stopped])
[2009/04/21 20:08:28 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [On_Demand | Stopped])
[2009/04/21 22:23:42 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [On_Demand | Stopped])
[2009/04/21 22:23:55 | 00,175,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus [On_Demand | Stopped])
[2009/04/21 20:26:29 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID [On_Demand | Stopped])
[2009/04/21 22:23:48 | 00,052,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2009/04/21 22:23:56 | 00,297,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2009/04/21 22:23:52 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [On_Demand | Stopped])
[2009/04/21 19:11:53 | 00,266,752 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2 [On_Demand | Running])
[2009/04/21 19:11:52 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV [On_Demand | Running])
[2009/04/21 20:50:28 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus [On_Demand | Stopped])
[2009/04/21 20:45:25 | 00,021,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [On_Demand | Stopped])
[2009/04/21 22:23:43 | 00,019,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [On_Demand | Stopped])
[2009/04/21 22:23:56 | 00,445,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2009/04/21 20:52:25 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf [System | Running])
[2009/04/21 22:23:43 | 00,019,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount [On_Demand | Stopped])
[2009/04/21 19:11:52 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf [On_Demand | Running])
[2009/04/21 20:16:41 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Stopped])
[2009/04/21 20:53:36 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
"Start Page Redirect Cache"=http://www.msn.com/
"Start Page Redirect Cache AcceptLangs"=en-us
"Start Page Redirect Cache_TIMESTAMP"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3021467143-2133358024-829551286-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/
"Start Page Redirect Cache"=http://www.msn.com/
"Start Page Redirect Cache AcceptLangs"=en-us
"Start Page Redirect Cache_TIMESTAMP"=

[HKEY_USERS\S-1-5-21-3021467143-2133358024-829551286-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3021467143-2133358024-829551286-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (824 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"=C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"=C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Sothink SWF Catcher: C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm [2008/08/06 15:30:00 | 00,000,191 | ---- | M] ()

[HKEY_USERS\S-1-5-21-3021467143-2133358024-829551286-1000\Software\Microsoft\Internet Explorer\MenuExt\]
Sothink SWF Catcher: C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm [2008/08/06 15:30:00 | 00,000,191 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{E19ADC6E-3909-43E4-9A89-B7B676377EE3}: Button: Sothink SWF Catcher -- %CommonProgramFiles%\SourceTec\SWF Catcher\InternetExplorer.htm [2008/08/06 15:30:00 | 00,000,191 | ---- | M] ()
{E19ADC6E-3909-43E4-9A89-B7B676377EE3}: Menu: Sothink SWF Catcher -- %CommonProgramFiles%\SourceTec\SWF Catcher\InternetExplorer.htm [2008/08/06 15:30:00 | 00,000,191 | ---- | M] ()

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{27714C47-D549-45C4-828B-6798E68B61DC} (Servers: | Description: D-Link AirPlus Xtreme G DWL-G132 Wireless USB Adapter(rev.A))
{59FF563C-9E6B-47DF-89CF-8906CE424D24} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"VMApplet"=SystemPropertiesPerformance.exe /pagefile
>[2009/04/21 22:19:35 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesPerformance.exe
>File not found --


========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2009/04/21 22:20:07 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,pku2u,
>[2009/04/21 22:22:08 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll
>[2009/04/21 22:21:41 | 00,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pku2u.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2009/03/20 08:42:25 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/23 14:37:12 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTViewIt.exe
[2009/05/23 14:36:59 | 00,286,208 | ---- | C] () -- C:\Users\Tyler\Desktop\kbdk0bu6.exe
[2009/05/23 07:27:26 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\ICSharpCode
[2009/05/23 07:24:47 | 00,002,073 | ---- | C] () -- C:\Users\Public\Desktop\SharpDevelop 3.1.lnk
[2009/05/23 07:24:36 | 00,000,000 | ---D | C] -- C:\Program Files\SharpDevelop
[2009/05/22 19:02:26 | 00,000,000 | ---D | C] -- C:\Users\Tyler\Documents\Any Video Converter
[2009/05/22 19:02:19 | 00,057,560 | ---- | C] () -- C:\Users\Tyler\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/05/22 19:02:14 | 00,000,998 | ---- | C] () -- C:\Users\Tyler\Desktop\Any Video Converter.lnk
[2009/05/22 19:02:10 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\Any Video Converter
[2009/05/22 19:02:08 | 00,000,000 | ---D | C] -- C:\Program Files\Any Video Converter
[2009/05/22 18:58:20 | 00,000,000 | ---D | C] -- C:\Users\Tyler\Documents\Video Converter
[2009/05/22 18:58:20 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Local\Video Converter
[2009/05/22 18:57:31 | 00,000,000 | ---D | C] -- C:\ProgramData\VideoConverter
[2009/05/22 16:14:53 | 00,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2009/05/21 21:03:11 | 00,000,000 | ---D | C] -- C:\Program Files\JavaFX
[2009/05/21 21:02:11 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2009/05/21 21:01:06 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/05/21 20:20:16 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\WinRAR
[2009/05/21 20:19:27 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/05/21 18:42:12 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\Adobe
[2009/05/20 21:12:54 | 01,416,628 | -H-- | C] () -- C:\Users\Tyler\AppData\Local\IconCache.db
[2009/05/20 21:12:35 | 01,163,337 | ---- | C] (Funk Software, Inc.) -- C:\Windows\System32\odSupp_M.dll
[2009/05/20 21:12:35 | 00,577,536 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANIWZCS2.dll
[2009/05/20 21:12:35 | 00,192,512 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\aIPH.dll
[2009/05/20 21:12:35 | 00,131,072 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\WlanApp.dll
[2009/05/20 21:12:35 | 00,057,407 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANICtl.dll
[2009/05/20 21:12:35 | 00,049,152 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\AQCKGen.dll
[2009/05/20 21:12:26 | 00,036,864 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANIOApi.dll
[2009/05/20 21:12:26 | 00,028,205 | ---- | C] (Alpha Networks Inc.) -- C:\Windows\System32\ANIO.sys
[2009/05/20 21:12:26 | 00,016,997 | ---- | C] () -- C:\Windows\System32\ANIO.VXD
[2009/05/20 21:12:26 | 00,011,904 | ---- | C] (ANI ) -- C:\Windows\System32\anio4.sys
[2009/05/20 21:12:26 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/05/20 21:12:26 | 00,000,000 | ---D | C] -- C:\Program Files\ANI
[2009/05/20 21:12:25 | 00,001,975 | ---- | C] () -- C:\Users\Public\Desktop\D-Link AirPlus Utility.lnk
[2009/05/20 21:12:24 | 00,000,000 | ---D | C] -- C:\Program Files\D-Link
[2009/05/20 21:06:33 | 00,000,623 | ---- | C] () -- C:\Users\Tyler\Desktop\Tyler - Shortcut.lnk
[2009/05/20 21:05:44 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/05/20 21:05:31 | 00,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Sothink SWF Decompiler.lnk
[2009/05/20 21:05:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2009/05/20 21:05:30 | 00,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2009/05/20 21:04:53 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\Macromedia
[2009/05/20 21:04:53 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Local\Macromedia
[2009/05/20 21:03:35 | 00,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Macromedia Flash 8.lnk
[2009/05/20 21:02:43 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/05/20 21:02:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2009/05/20 21:02:36 | 00,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2009/05/20 21:02:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2009/05/20 21:02:17 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/05/20 21:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/05/20 21:02:13 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2009/05/20 21:01:29 | 12,358,7496 | ---- | C] () -- C:\Users\Tyler\Documents\Docs.zip
[2009/05/20 21:01:23 | 00,000,355 | ---- | C] () -- C:\Users\Tyler\Desktop\Computer - Shortcut.lnk
[2009/05/20 20:24:02 | 00,713,888 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/20 20:21:39 | 00,000,174 | -HS- | C] () -- C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/05/20 20:21:38 | 00,000,402 | -HS- | C] () -- C:\Users\Tyler\Documents\desktop.ini
[2009/05/20 20:21:38 | 00,000,282 | -HS- | C] () -- C:\Users\Tyler\Desktop\desktop.ini
[2009/05/20 20:21:29 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\Identities
[2009/05/20 20:21:22 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Local\VirtualStore
[2009/05/20 20:21:16 | 00,000,000 | -HSD | C] -- C:\Users\Tyler\Documents\My Videos
[2009/05/20 20:21:16 | 00,000,000 | -HSD | C] -- C:\Users\Tyler\Documents\My Pictures
[2009/05/20 20:21:16 | 00,000,000 | -HSD | C] -- C:\Users\Tyler\Documents\My Music
[2009/05/20 20:21:16 | 00,000,000 | -HSD | C] -- C:\Users\Tyler\AppData\Local\Temporary Internet Files
[2009/05/20 20:21:16 | 00,000,000 | -HSD | C] -- C:\Users\Tyler\AppData\Local\History
[2009/05/20 20:21:16 | 00,000,000 | -HSD | C] -- C:\Users\Tyler\AppData\Local\Application Data
[2009/05/20 20:21:15 | 00,000,000 | --SD | C] -- C:\Users\Tyler\AppData\Roaming\Microsoft
[2009/05/20 20:21:15 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\Media Center Programs
[2009/05/20 20:21:15 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Local\Temp
[2009/05/20 20:21:15 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Local\Microsoft
[2009/05/20 20:21:07 | 00,000,000 | -HSD | C] -- C:\Recovery
[2009/05/20 20:01:27 | 00,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/05/20 20:01:21 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/05/20 20:01:21 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/05/20 20:01:21 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/05/20 20:01:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/05/20 20:01:20 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/05/20 19:41:00 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Local\Apple Computer
[2009/05/20 19:40:59 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Roaming\Apple Computer
[2009/05/20 19:40:55 | 00,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/05/20 19:40:54 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/05/20 19:40:47 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/05/20 19:40:46 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/20 19:40:46 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/05/20 19:40:16 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/05/20 19:40:02 | 00,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/05/20 19:39:54 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/05/20 19:39:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/05/20 19:39:45 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Local\Apple
[2009/05/20 19:39:43 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/05/20 19:39:24 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/05/20 19:39:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/05/20 19:22:46 | 00,002,039 | ---- | C] () -- C:\Users\Tyler\Desktop\HijackThis.lnk
[2009/05/20 19:22:46 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/20 19:19:49 | 00,000,000 | ---D | C] -- C:\Users\Tyler\AppData\Local\Diagnostics
[2009/05/20 19:05:41 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/05/20 19:05:29 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2009/05/20 19:05:28 | 00,000,211 | -H-- | C] () -- C:\Boot.BAK
[2009/05/20 19:05:27 | 00,383,200 | RHS- | C] () -- C:\bootmgr
[2009/05/20 19:05:27 | 00,000,000 | -HSD | C] -- C:\Boot
[2009/05/20 18:09:45 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/05/20 18:08:33 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/05/20 18:07:26 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/05/20 18:06:45 | 15,088,10752 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/19 19:21:18 | 24,986,762 | ---- | C] () -- C:\Users\Tyler\Documents\Picts.zip
[2009/05/18 19:47:30 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/18 18:18:12 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009/05/18 17:07:36 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/05/18 17:07:36 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/05/18 09:47:49 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/05/18 09:46:50 | 00,000,355 | RHS- | C] () -- C:\Boot.ini.saved

========== Files - Modified Within 30 Days ==========

[2009/05/23 14:37:13 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTViewIt.exe
[2009/05/23 14:37:03 | 00,286,208 | ---- | M] () -- C:\Users\Tyler\Desktop\kbdk0bu6.exe
[2009/05/23 14:27:44 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/23 14:27:44 | 00,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/23 14:27:44 | 00,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/23 14:23:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/23 14:23:35 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/23 14:23:23 | 15,088,10752 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/23 14:22:43 | 00,012,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/23 14:22:43 | 00,012,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/23 14:22:35 | 01,416,628 | -H-- | M] () -- C:\Users\Tyler\AppData\Local\IconCache.db
[2009/05/23 07:24:47 | 00,002,073 | ---- | M] () -- C:\Users\Public\Desktop\SharpDevelop 3.1.lnk
[2009/05/22 19:02:19 | 00,057,560 | ---- | M] () -- C:\Users\Tyler\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/05/22 19:02:14 | 00,000,998 | ---- | M] () -- C:\Users\Tyler\Desktop\Any Video Converter.lnk
[2009/05/21 20:20:37 | 12,358,7496 | ---- | M] () -- C:\Users\Tyler\Documents\Docs.zip
[2009/05/20 21:12:25 | 00,001,975 | ---- | M] () -- C:\Users\Public\Desktop\D-Link AirPlus Utility.lnk
[2009/05/20 21:06:33 | 00,000,623 | ---- | M] () -- C:\Users\Tyler\Desktop\Tyler - Shortcut.lnk
[2009/05/20 21:05:31 | 00,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Sothink SWF Decompiler.lnk
[2009/05/20 21:03:35 | 00,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Macromedia Flash 8.lnk
[2009/05/20 21:01:23 | 00,000,355 | ---- | M] () -- C:\Users\Tyler\Desktop\Computer - Shortcut.lnk
[2009/05/20 20:21:39 | 00,000,402 | -HS- | M] () -- C:\Users\Tyler\Documents\desktop.ini
[2009/05/20 20:21:39 | 00,000,174 | -HS- | M] () -- C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/05/20 20:21:38 | 00,000,282 | -HS- | M] () -- C:\Users\Tyler\Desktop\desktop.ini
[2009/05/20 20:01:27 | 00,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/05/20 19:40:55 | 00,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/05/20 19:40:02 | 00,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/05/20 19:22:46 | 00,002,039 | ---- | M] () -- C:\Users\Tyler\Desktop\HijackThis.lnk
[2009/05/20 19:05:29 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/05/20 19:05:28 | 00,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2009/05/20 18:12:17 | 00,265,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/05/20 18:09:49 | 00,028,965 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/05/20 18:08:33 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/05/19 19:21:18 | 24,986,762 | ---- | M] () -- C:\Users\Tyler\Documents\Picts.zip
[2009/05/19 16:42:13 | 00,000,211 | -H-- | M] () -- C:\Boot.BAK
[2009/05/18 17:07:36 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/05/18 17:07:36 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
< End of report >
][/code]

Extras:
OTViewIt Extras logfile created on: 5/23/2009 2:42:17 PM - Run 
OTViewIt by OldTimer - Version 1.0.21.0	 Folder = C:\Users\Tyler\Desktop
 Ultimate Edition  (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 74.42% Memory free
3.75 Gb Paging File | 3.26 Gb Available in Paging File | 86.99% Paging File free
Paging file location(s): ?:\pagefile.sys;
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 277.65 Gb Free Space | 93.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TYLER-PC
Current User Name: Tyler
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

[color=orange]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[color=orange]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1"=
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

[color=orange]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[color=orange]========== (O10) Winsock2 Catalogs ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

[color=orange]========== HKEY_LOCAL_MACHINE Protocol Defaults ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

[color=orange]========== HKEY_USERS Protocol Defaults ==========[/color]


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols 
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

[color=orange]========== HKEY_USERS Protocol Defaults ==========[/color]


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols 
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

[color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}"=QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}"=Java(TM) 6 Update 13
"{2AFD2CEF-AAD8-47E5-9AC3-0848A89A3157}"=SharpDevelop 3.1 Beta 1
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}"=Macromedia Flash 8
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}"=Java(TM) SE Development Kit 6 Update 13
"{4C590030-7469-453E-8589-D15DA9D03F52}"=ANIWZCS2 Service
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}"=Macromedia Extension Manager
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}"=iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{70C592EC-AE9B-4734-928B-676E824FB41E}"=MFC RunTime files
"{7396F7C8-EDD8-4473-BF6A-2CE4996716E1}"=JavaFX(TM) 1.1 SDK
"{79B92240-9C65-4DD7-B1AD-59910D2C1353}"=AirPlus XtremeG
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}"=ANIO Service
"{885A63EA-382B-4DD4-A755-14809B8557D6}"=Macromedia Flash Player 8
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}"=Macromedia Flash 8 Video Encoder
"{91057632-CA70-413C-B628-2D3CDBBB906B}"=Macromedia Flash Player 8 Plugin
"{998D6972-F58E-479D-9248-8F179E55AE38}"=Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}"=Apple Mobile Device Support
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1"=Sothink SWF Decompiler
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Any Video Converter_is1"=Any Video Converter 2.7.3
"Avira AntiVir Desktop"=Avira AntiVir Personal - Free Antivirus
"HijackThis"=HijackThis 2.0.2
"InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353}"=AirPlus XtremeG
"WinRAR archiver"=WinRAR archiver

[color=orange]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 5/22/2009 9:58:00 PM | Computer Name = Tyler-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
 Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.

Error - 5/22/2009 9:58:00 PM | Computer Name = Tyler-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
 Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.

Error - 5/22/2009 9:58:00 PM | Computer Name = Tyler-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
 Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.

Error - 5/22/2009 9:58:00 PM | Computer Name = Tyler-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
 Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.

Error - 5/22/2009 9:58:00 PM | Computer Name = Tyler-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
 Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.

Error - 5/22/2009 9:58:19 PM | Computer Name = Tyler-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
 Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.

Error - 5/22/2009 9:58:19 PM | Computer Name = Tyler-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
 Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.

Error - 5/22/2009 9:58:19 PM | Computer Name = Tyler-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
 Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.

Error - 5/22/2009 9:58:19 PM | Computer Name = Tyler-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
 Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.

Error - 5/22/2009 9:58:19 PM | Computer Name = Tyler-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
 Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 5/21/2009 12:01:04 AM | Computer Name = Tyler-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 5/21/2009 12:01:04 AM | Computer Name = Tyler-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 5/21/2009 12:01:05 AM | Computer Name = Tyler-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 5/21/2009 12:12:00 AM | Computer Name = Tyler-PC | Source = DCOM | ID = 10001
Description = 

Error - 5/20/2009 10:25:05 PM | Computer Name = Tyler-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 5/21/2009 4:39:48 PM | Computer Name = Tyler-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
 power transition.  Please check for updated firmware for your system.

Error - 5/22/2009 4:55:53 PM | Computer Name = Tyler-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
 power transition.  Please check for updated firmware for your system.

Error - 5/23/2009 10:06:04 AM | Computer Name = Tyler-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
 power transition.  Please check for updated firmware for your system.


< End of report >


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:44 PM

Posted 24 May 2009 - 04:50 AM

Hi TylerBoland,

First, we need to scan this file,

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Go to Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Users\Tyler\Desktop\kbdk0bu6.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at VirusTotal

Next,

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 TylerBoland

TylerBoland
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 24 May 2009 - 12:02 PM

Jotti:
VBA32-"Win32 Shadow Driver Installed"

Goored:
GooredFix v1.92 by jpshortstuff
Log created at 10:00 on 24/05/2009 running Option #1 (Tyler)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:44 PM

Posted 24 May 2009 - 04:26 PM

Hi TylerBoland,

Can you please post the entire Jotti scan result for me to see.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 TylerBoland

TylerBoland
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 25 May 2009 - 10:18 AM

File size:  286208 bytes  
Filetype:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit  
MD5:  0e62eb795ce9210a550b45a220c4ab80  
SHA1:  970aab2e68a36c1d5cae557dc92b14402ddfd97d  
Packer (Avast):  UPX 
Packer (Drweb):  UPX 
Packer (Kaspersky):  PE_Patch.UPX, UPX

2009-05-10 Found nothing   2009-05-10 Found nothing 
  2009-05-11 Found nothing   2009-05-10 Found nothing 
  2009-05-10 Found nothing   No result available 
  2009-05-10 Found nothing   2009-05-08 Found nothing 
  2009-05-10 Found nothing   2009-05-08 Found nothing 
  2009-05-10 Found nothing   2009-05-10 Found nothing 
  2009-05-10 Found nothing   2009-05-08 Found nothing 
  2009-05-10 Found nothing   2009-05-10 Found nothing 
  2009-05-10 Found nothing   2009-05-09 Win32 Shadow Driver Install 
  2009-05-10 Found nothing   2009-05-10 Found nothing 
  2009-05-10 Found nothing


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:44 PM

Posted 25 May 2009 - 03:57 PM

Hi TylerBoland,

There's nothing worrying there either.

This doesn't seem to be a malware issue.

Can you just tell me if you are still getting redirection? If so can you tell me the names of any of these websites that your browser is taking you to.

Do not paste any links to them in case they are malicious.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 TylerBoland

TylerBoland
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 25 May 2009 - 09:27 PM

Im not being redirected in my searches anymore. But I still cant update windows or download anything from microsoft. I also cant dowload security software or update the security software that was on my machine before this started.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:44 PM

Posted 26 May 2009 - 03:12 PM

Hi TylerBoland,

This is not a malware issue.

It may be that you have a compromised router. Please use a web proxy, such as the one below, to access the security sites.

http:\\www.myproxy.ca

It may be possible to reset the router using the end of a paperclip but this would only work if all the other infected routers were also reset.

Please read this which explains it in more detail and tells you what you should be explaining to the ISP should you decide to tell them.

In the meantime...

Let's clean up a bit

Please download OTCleanIt and save it to Desktop.

Make sure you have internet connection.
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes
Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Here's a few things you can avoid problems in the future:


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Let me know if you need any further advice.

m0le
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:44 PM

Posted 31 May 2009 - 04:18 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users