Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot run antimalware and redirect to


  • This topic is locked This topic is locked
52 replies to this topic

#1 John_2009

John_2009

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 17 August 2009 - 09:29 AM

Referred from here: http://www.bleepingcomputer.com/forums/t/249827/cannot-run-antimalware-and-redirect-to/ ~ OB

NOTE: Not able to run DDS, RSIT, or Runscanner

Pasting in some additional context from another post. ~ OB

My name is John. I cannot run any antimalware softwares, such as combofix, malwarebytes and spybot, even in safe mode. I am also blocked getting on website for malwarbytes and was redirected to stopzilla website. When I downloaded combofix, malwarebytes or spybot from my labtop and renames the executive files. They could be started, but shut down and diappeared within 5 seconds.

I cannot run McAfee scanner on demand. Both AVIRA and McAfee detected the following malware. However, after it was deleted, it would recur. The following is the log from AVIRA:

"Virus or unwanted program 'ADSPY/Generic.43418.1 [adware]'
detected in file 'C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP952\A0135321.exe.
Action performed: Delete file"

I installed the rootrepeal successfully. I started the scan, but it shut down within 15 seconds, similar to what happened to spybot and walwarebytes on my computer. So, I cannot post the report.

I completed the ATF-cleaner successfully. Unfortunately, when I ran Dr Web cureit scan, the window shut down "A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. ..."

I restarted the computer, the same thing happened. The following is the technical information.

*** Stop: 0x0000007E (0xc0000005, 0xF7628DFA, 0xF7BCBBB0, 0xF7BCB8AC)

*** iaStor.sys - Address F7628DFA base at F761A000, DateStamp 40608c73

Beginning dump of physical memory
Physical memory dump complete.

Contact your system administrator or ..."

Hope someone could help me,

Thanks in advance,

John

End of added information. ~ OB

Hi, Elise

It works this time. Thank you so much. The following are two reports:

OTL.TXT

OTL logfile created on: 8/17/2009 9:04:04 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\John\Desktop\John
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 478.65 Mb Available Physical Memory | 46.83% Memory free
2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.84 Gb Total Space | 46.75 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 7.09 Gb Free Space | 95.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL8400
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2004/12/06 17:18:18 | 01,437,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\VUMC\VUMC VPN Client\cvpnd.exe
PRC - [2008/06/05 04:09:18 | 00,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
PRC - [2004/03/23 13:15:40 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
PRC - [2006/12/19 11:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/01/27 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2004/09/20 16:09:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2003/12/10 22:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe
PRC - [2006/12/19 11:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/10/13 03:04:00 | 00,184,320 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
PRC - [2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2004/03/23 13:16:16 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
PRC - [2004/10/12 17:54:30 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2003/09/17 11:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2005/01/31 23:14:56 | 00,331,776 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\System32\WDBtnMgr.exe
PRC - [2005/06/07 00:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2006/12/19 11:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/12/19 15:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/27 20:50:00 | 00,111,952 | ---- | M] (McAfee, Inc.) -- F:\Shaomiao\VirusScan Enterprise\shstat.exe
PRC - [2009/01/27 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/01/27 20:50:00 | 00,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2008/04/13 19:12:15 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2009/05/11 10:16:40 | 00,470,273 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/08/17 09:01:38 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\John\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2004/12/06 17:18:18 | 01,437,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\VUMC\VUMC VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/06/05 04:09:18 | 00,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [Auto | Running])
SRV - [2009/05/18 22:17:49 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/03/23 13:15:40 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/02/08 15:03:38 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Stopped])
SRV - [2006/12/19 11:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2009/01/27 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield [Auto | Paused])
SRV - [2009/01/27 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2004/09/20 16:09:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Sourc

Edited by Orange Blossom, 17 August 2009 - 02:07 PM.


BC AdBot (Login to Remove)

 


#2 John_2009

John_2009
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 17 August 2009 - 09:29 AM

Hi, Elise

It works this time. Thank you so much. The following are two reports:

OTL.TXT

OTL logfile created on: 8/17/2009 9:04:04 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\John\Desktop\John
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 478.65 Mb Available Physical Memory | 46.83% Memory free
2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.69% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.84 Gb Total Space | 46.75 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 7.09 Gb Free Space | 95.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL8400
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2004/12/06 17:18:18 | 01,437,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\VUMC\VUMC VPN Client\cvpnd.exe
PRC - [2008/06/05 04:09:18 | 00,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
PRC - [2004/03/23 13:15:40 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
PRC - [2006/12/19 11:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/01/27 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2004/09/20 16:09:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2003/12/10 22:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe
PRC - [2006/12/19 11:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/10/13 03:04:00 | 00,184,320 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
PRC - [2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2004/03/23 13:16:16 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
PRC - [2004/10/12 17:54:30 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2003/09/17 11:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2005/01/31 23:14:56 | 00,331,776 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\System32\WDBtnMgr.exe
PRC - [2005/06/07 00:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2006/12/19 11:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/12/19 15:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/27 20:50:00 | 00,111,952 | ---- | M] (McAfee, Inc.) -- F:\Shaomiao\VirusScan Enterprise\shstat.exe
PRC - [2009/01/27 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/01/27 20:50:00 | 00,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2008/04/13 19:12:15 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2009/05/11 10:16:40 | 00,470,273 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/08/17 09:01:38 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\John\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2004/12/06 17:18:18 | 01,437,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\VUMC\VUMC VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/06/05 04:09:18 | 00,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [Auto | Running])
SRV - [2009/05/18 22:17:49 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/03/23 13:15:40 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/02/08 15:03:38 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Stopped])
SRV - [2006/12/19 11:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2009/01/27 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield [Auto | Paused])
SRV - [2009/01/27 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2004/09/20 16:09:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/12/10 22:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe -- (RetroWDSvc [Auto | Running])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/08/25 22:00:20 | 00,004,608 | ---- | M] () -- C:\WINDOWS\system32\drivers\0000_sys.sys -- ( [Boot | Stopped])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2004/05/29 18:41:54 | 00,186,112 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2000/11/22 06:36:12 | 00,021,824 | ---- | M] (Shining Technology) -- C:\WINDOWS\System32\DRIVERS\bot2k.sys -- (bot [On_Demand | Stopped])
DRV - [2000/11/22 06:39:10 | 00,015,640 | ---- | M] (Shining Technology) -- C:\WINDOWS\System32\DRIVERS\botscsi2k.sys -- (botscsi [On_Demand | Stopped])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2003/09/22 09:48:00 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2003/05/01 14:26:34 | 00,005,220 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2004/12/06 17:17:18 | 00,268,872 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2003/07/24 19:55:50 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2008/06/05 03:50:08 | 00,023,552 | ---- | M] (Juniper Networks) -- C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt [On_Demand | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
DRV - [2004/08/04 06:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2005/02/02 02:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/03/23 13:13:58 | 00,467,200 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2003/12/08 01:53:06 | 00,009,728 | R--- | M] (Western Digital) -- C:\WINDOWS\System32\DRIVERS\inibtmgr.sys -- (inibtmgr [On_Demand | Stopped])
DRV - [2004/03/05 23:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/05 23:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/06/15 23:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2009/01/27 20:50:00 | 00,065,000 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV - [2009/01/27 20:50:00 | 00,073,512 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2009/01/27 20:50:00 | 00,034,408 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2009/01/27 20:50:00 | 00,177,864 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV - [2009/01/27 20:50:00 | 00,031,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
DRV - [2009/01/27 20:50:00 | 00,052,168 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys -- (mfetdik [System | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/05 23:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2006/02/07 22:46:14 | 00,020,386 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Tencent\qq\npkcrypt.sys -- (npkcrypt [Auto | Running])
DRV - [2006/02/07 22:46:14 | 00,037,009 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Tencent\qq\npkcusb.sys -- (npkcusb [On_Demand | Running])
DRV - [2004/09/20 16:09:00 | 02,738,592 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2003/09/22 09:47:00 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2004/01/12 16:51:44 | 01,252,474 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\P1120Vid.sys -- (P1120VID [On_Demand | Stopped])
DRV - [2004/06/09 13:16:00 | 00,840,960 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/10/18 04:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2004/11/16 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,086,554 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2003/08/28 22:40:26 | 00,189,792 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
DRV - [2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\S-1-5-21-603982993-1017363278-2204760330-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 21:29:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.4\Extensions\\Components: C:\PROGRA~1\MOZILL~1\components\ [2009/05/06 20:42:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.4\Extensions\\Plugins: C:\PROGRA~1\MOZILL~1\plugins\ [2009/05/06 20:42:01 | 00,000,000 | ---D | M]

[2007/12/21 23:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\e7rztp3m.default\extensions
[2007/12/21 23:23:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\e7rztp3m.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2006/03/01 23:45:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/06/08 22:23:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2006/06/08 22:23:42 | 00,060,526 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/06/08 22:23:42 | 00,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/06/08 22:23:43 | 00,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2007/03/01 18:08:58 | 00,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/05/06 20:42:01 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2006/06/08 22:23:44 | 00,017,032 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/12/23 01:56:00 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/12/23 01:56:00 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/12/23 01:56:00 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/12/23 01:56:00 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/12/23 01:56:00 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2006/04/19 01:36:53 | 01,312,392 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2006/03/01 23:46:51 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2006/03/01 23:46:26 | 00,000,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2006/03/01 23:46:26 | 00,001,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png
[2006/03/01 23:46:09 | 00,000,539 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src
[2006/03/01 23:46:34 | 00,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2006/03/01 23:46:17 | 00,001,007 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2006/03/01 23:46:17 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2006/03/01 23:46:09 | 00,001,056 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2006/03/01 23:46:42 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2006/03/01 23:46:17 | 00,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2006/03/01 23:46:09 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2006/03/01 23:46:34 | 00,001,122 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: (685 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Download by easyMule - C:\Program Files\easyMule\IE2EM.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - File not found
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm ()
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm ()
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent1\qq\AddEmotion.htm ()
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\Bin\SetMSNDP.htm ()
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe File not found
O9 - Extra 'Tools' menuitem : 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: StumbleUpon - {75C9223A-409A-4795-A3CA-08DE6B075B4B} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (BitComet)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-603982993-1017363278-2204760330-1006\..Trusted Domains: 5 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://qidaiunitedstates.spaces.live.com//...ad/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1129005725656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://vpn.mc.vanderbilt.edu/dana-cached/s...perSetupSP1.cab (JuniperSetupControlXP Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop Components:1 (Aqua Real) - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
O28 - HKLM ShellExecuteHooks: {0103E2D0-91A1-4D79-9110-8300233B74BE} - C:\WINDOWS\System32\Yzolnv.dll File not found
O28 - HKLM ShellExecuteHooks: {01641A44-1C98-43B4-9534-97D339BB7CDE} - C:\WINDOWS\System32\Ewtbia.dll File not found
O28 - HKLM ShellExecuteHooks: {0246951D-A808-4F83-ADE2-8834F683A9CE} - C:\WINDOWS\System32\Ehqhjy.dll File not found
O28 - HKLM ShellExecuteHooks: {05057743-9A10-43F6-B3D2-36EF7C5CE898} - C:\WINDOWS\System32\Ojrfv.dll File not found
O28 - HKLM ShellExecuteHooks: {08CE731B-8A86-4039-9FB1-B133C5EC75CF} - C:\WINDOWS\System32\Nvmnbn.dll File not found
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {0997C943-01BE-4116-BAF9-AFC73A955315} - C:\WINDOWS\System32\Vedjhq.dll File not found
O28 - HKLM ShellExecuteHooks: {0AC1B0BB-9FFC-44EB-B018-5FA9F81FB29A} - C:\WINDOWS\System32\Ymfkhs.dll File not found
O28 - HKLM ShellExecuteHooks: {0E14176C-346D-47A6-B576-CB012830D187} - C:\WINDOWS\System32\Bubnhv.dll File not found
O28 - HKLM ShellExecuteHooks: {0E84C2E4-C3AC-4639-A37E-919C3E8DE5E6} - C:\WINDOWS\System32\Oougmh.dll File not found
O28 - HKLM ShellExecuteHooks: {0F9CF8B2-CC33-4236-8E1C-B92005CEA1D9} - C:\WINDOWS\System32\Uncibl.dll File not found
O28 - HKLM ShellExecuteHooks: {13821998-D7A0-4C7B-8FDF-6206B19AEB04} - C:\WINDOWS\System32\Hjee.dll File not found
O28 - HKLM ShellExecuteHooks: {1582CC5D-EE18-494B-9020-D068E43DE4B8} - C:\WINDOWS\System32\Vzxae.dll File not found
O28 - HKLM ShellExecuteHooks: {15E20763-0272-4C71-9924-E3921080A5ED} - C:\WINDOWS\System32\Kxzroj.dll File not found
O28 - HKLM ShellExecuteHooks: {17425469-1D0D-4882-BA8A-1C9054A9BB46} - C:\WINDOWS\System32\Yavhww.dll File not found
O28 - HKLM ShellExecuteHooks: {1830FB0C-BAB8-4921-95DF-0248C91C1524} - C:\WINDOWS\System32\Hnsr.dll File not found
O28 - HKLM ShellExecuteHooks: {1919DD21-B7CD-4EF7-BB78-0A04B49D6D39} - C:\WINDOWS\System32\Wknn.dll File not found
O28 - HKLM ShellExecuteHooks: {19444FF8-9C32-4FDB-8D85-B20236E571C6} - C:\WINDOWS\System32\Uaalw.dll File not found
O28 - HKLM ShellExecuteHooks: {19D7FDC4-A1FA-4B79-A422-C8E66572F124} - C:\WINDOWS\System32\Wplkil.dll File not found
O28 - HKLM ShellExecuteHooks: {19EE4793-251A-45AC-A9C4-097DD25776E0} - C:\WINDOWS\System32\Wozvdw.dll File not found
O28 - HKLM ShellExecuteHooks: {1CE41EDF-F8E0-47CC-913A-027DA46E0BF0} - C:\WINDOWS\System32\Sxpv.dll File not found
O28 - HKLM ShellExecuteHooks: {1D5A785A-FCD2-4952-AAEF-A00BA1D26AB0} - C:\WINDOWS\System32\Dfxon.dll File not found
O28 - HKLM ShellExecuteHooks: {1DBF2052-C6B9-4C9C-B70F-2615433E6FF9} - C:\WINDOWS\System32\Twrf.dll File not found
O28 - HKLM ShellExecuteHooks: {1E192DDF-2E29-4E75-809B-C9DCEB11123B} - C:\WINDOWS\System32\Tbcvdl.dll File not found
O28 - HKLM ShellExecuteHooks: {1EA684C4-D7C1-4A4E-88B9-628D26066124} - C:\WINDOWS\System32\Bhgqnu.dll File not found
O28 - HKLM ShellExecuteHooks: {1EB4CAF3-3B9E-4A30-B642-D846457E1185} - C:\WINDOWS\System32\Wvquj.dll File not found
O28 - HKLM ShellExecuteHooks: {1F6F3FE9-714E-4CD2-B8A7-C835052386DB} - C:\WINDOWS\System32\Ihei.dll File not found
O28 - HKLM ShellExecuteHooks: {200B3450-ED8B-4104-86F5-F9D98A4F9DDE} - C:\WINDOWS\System32\Uvtmz.dll File not found
O28 - HKLM ShellExecuteHooks: {20932591-2E2C-4491-A536-E022730D57F7} - C:\WINDOWS\System32\Gxitq.dll File not found
O28 - HKLM ShellExecuteHooks: {215B110B-ECD5-4D34-87B8-1F3A9229872D} - C:\WINDOWS\System32\Xwky.dll File not found
O28 - HKLM ShellExecuteHooks: {2BEDB255-F977-41E0-9146-AFCCD507844B} - C:\WINDOWS\System32\Xeeo.dll File not found
O28 - HKLM ShellExecuteHooks: {2D1E2BF2-5801-4C14-A050-54D22E7FFBCB} - C:\WINDOWS\System32\Auzq.dll ()
O28 - HKLM ShellExecuteHooks: {2D7B2AF6-7F7A-4563-8A96-765F50986A34} - C:\WINDOWS\System32\Xrct.dll ()
O28 - HKLM ShellExecuteHooks: {2EE455A4-5D83-4BAA-B422-A9703E367130} - C:\WINDOWS\System32\Dpnih.dll File not found
O28 - HKLM ShellExecuteHooks: {2EF92FEF-97C1-43C3-8406-5F4105D8BD47} - C:\WINDOWS\System32\Ylekhh.dll File not found
O28 - HKLM ShellExecuteHooks: {32BCF0C1-D18E-4048-BDDD-21A3F0A254B3} - C:\WINDOWS\System32\Ncxwe.dll File not found
O28 - HKLM ShellExecuteHooks: {33EA038D-4093-4EE6-845A-2A698AD47A51} - C:\WINDOWS\System32\Wtojz.dll File not found
O28 - HKLM ShellExecuteHooks: {354556FD-0A48-40AC-AC7B-F2132CE566DF} - C:\WINDOWS\System32\Mwae.dll File not found
O28 - HKLM ShellExecuteHooks: {3598771A-FE7A-44AC-8334-82E78365FB59} - C:\WINDOWS\System32\Irpfkt.dll File not found
O28 - HKLM ShellExecuteHooks: {37840440-2637-4946-863D-EDB23414B5C1} - C:\WINDOWS\System32\Qsykif.dll File not found
O28 - HKLM ShellExecuteHooks: {397B6315-295D-4C8D-8B27-446C94D11926} - C:\WINDOWS\System32\Tmiicr.dll File not found
O28 - HKLM ShellExecuteHooks: {397D18A3-4E5D-4FB3-A27B-072E3DAEC2D7} - C:\WINDOWS\System32\Arqgq.dll File not found
O28 - HKLM ShellExecuteHooks: {3A2F453C-CD7E-41D6-BC40-8158EFA2A813} - C:\WINDOWS\System32\Jmzul.dll File not found
O28 - HKLM ShellExecuteHooks: {3C47806D-1381-4088-A542-CE85613473FF} - C:\WINDOWS\System32\Kjxzjk.dll File not found
O28 - HKLM ShellExecuteHooks: {3C4EACF8-38F8-4DB6-8798-6968A0C9D7D9} - C:\WINDOWS\System32\Ghdf.dll File not found
O28 - HKLM ShellExecuteHooks: {3CABD70A-FE07-46E0-BAEA-17941550C126} - C:\WINDOWS\System32\Lpllgo.dll File not found
O28 - HKLM ShellExecuteHooks: {3D94DD02-DFAF-4FD8-AC44-206620CDA028} - C:\WINDOWS\System32\Vqat.dll File not found
O28 - HKLM ShellExecuteHooks: {3DCCEEA9-9F68-4A1D-823D-9F5A769F3A6C} - C:\WINDOWS\System32\Lnifb.dll File not found
O28 - HKLM ShellExecuteHooks: {3E4C8E91-67D9-46BA-852E-4816A031D746} - C:\WINDOWS\System32\Rgops.dll File not found
O28 - HKLM ShellExecuteHooks: {3FE44E3A-B607-4A47-BE7F-1E07463264DE} - C:\WINDOWS\System32\Eclc.dll File not found
O28 - HKLM ShellExecuteHooks: {40093970-3724-44D6-924A-BF7DC1E4DA26} - C:\WINDOWS\System32\Bhcq.dll ()
O28 - HKLM ShellExecuteHooks: {40BABA97-8B45-4412-909C-AA4980D78BF7} - C:\WINDOWS\System32\Hhfdm.dll File not found
O28 - HKLM ShellExecuteHooks: {4790C31F-A108-449B-9104-F92598D1FA35} - C:\WINDOWS\System32\Vrsrbn.dll File not found
O28 - HKLM ShellExecuteHooks: {49334ED8-2493-4D91-B15B-EA32AE9E7D89} - C:\WINDOWS\System32\Kqpbvy.dll File not found
O28 - HKLM ShellExecuteHooks: {4F2777A0-AE90-4651-B0FF-BC75CBEC333C} - C:\WINDOWS\System32\Laeg.dll File not found
O28 - HKLM ShellExecuteHooks: {4F5612FF-71BC-4F7D-852E-9EE7878C9930} - C:\WINDOWS\System32\Nxnrle.dll File not found
O28 - HKLM ShellExecuteHooks: {5088CCDE-CCBC-49D6-8E7D-00A6E51E3455} - C:\WINDOWS\System32\Fwirw.dll File not found
O28 - HKLM ShellExecuteHooks: {54675C7E-1A4D-46DA-B7C7-1ABC9039FF58} - C:\WINDOWS\System32\Cvvhr.dll File not found
O28 - HKLM ShellExecuteHooks: {54B0E4DA-0476-4FF7-9BB7-B27A77985E4D} - C:\WINDOWS\System32\Ojnnlr.dll File not found
O28 - HKLM ShellExecuteHooks: {563C2D99-01B4-4B33-AB4C-C0C1B5047C1C} - C:\WINDOWS\System32\Czih.dll File not found
O28 - HKLM ShellExecuteHooks: {57735E86-6CF9-48FC-825E-299774296223} - C:\WINDOWS\System32\Bzgc.dll File not found
O28 - HKLM ShellExecuteHooks: {579CFB54-4195-4D4D-B755-C7FDEA676836} - C:\WINDOWS\System32\Gmbe.dll File not found
O28 - HKLM ShellExecuteHooks: {57C33D99-0ECB-4310-A17F-1E2AC8987FEC} - C:\WINDOWS\System32\Pqnvfa.dll File not found
O28 - HKLM ShellExecuteHooks: {5B914E7A-A26A-4459-BC12-66386E78771D} - C:\WINDOWS\System32\Xncz.dll File not found
O28 - HKLM ShellExecuteHooks: {5D7E20B4-2427-482A-BD81-62DE872CEB91} - C:\WINDOWS\System32\Rxwg.dll File not found
O28 - HKLM ShellExecuteHooks: {5E0E7923-CE6B-4B20-9A61-990272BB6527} - C:\WINDOWS\System32\Hgcojv.dll File not found
O28 - HKLM ShellExecuteHooks: {61089A6B-EF6C-45D3-AB09-4EF0781C3543} - C:\WINDOWS\System32\Swmnv.dll ()
O28 - HKLM ShellExecuteHooks: {61772CEC-1DC2-4FDB-B220-433D97F708BB} - C:\WINDOWS\System32\Idgb.dll File not found
O28 - HKLM ShellExecuteHooks: {62F6C195-C088-469C-8580-8B1E46E65DF9} - C:\WINDOWS\System32\Espcfo.dll File not found
O28 - HKLM ShellExecuteHooks: {63CCA302-800D-46F6-82A4-C6C387D72B95} - C:\WINDOWS\System32\Dbgmi.dll File not found
O28 - HKLM ShellExecuteHooks: {6929A002-1D32-48D9-87BF-A852B5950DCA} - C:\WINDOWS\System32\Kiwij.dll File not found
O28 - HKLM ShellExecuteHooks: {69E61800-E601-4627-A883-ECB6764C0232} - C:\WINDOWS\System32\Lktm.dll ()
O28 - HKLM ShellExecuteHooks: {69FBDCF6-F14F-4DEB-83BB-E687C52BEEFA} - C:\WINDOWS\System32\Lajmpc.dll File not found
O28 - HKLM ShellExecuteHooks: {6A2D3285-1007-40E5-9C9F-82677C1C8114} - C:\WINDOWS\System32\Nxkbo.dll File not found
O28 - HKLM ShellExecuteHooks: {6CC7B591-7B75-4051-AA94-1C634D63B686} - C:\WINDOWS\System32\Hczu.dll File not found
O28 - HKLM ShellExecuteHooks: {6CDD239C-6624-48CA-BAD3-C9883E4D453E} - C:\WINDOWS\System32\Vfygsz.dll File not found
O28 - HKLM ShellExecuteHooks: {6FAFDA3C-6B12-4C68-BCDE-CC7D4E7E0AB9} - C:\WINDOWS\System32\Mxatd.dll File not found
O28 - HKLM ShellExecuteHooks: {6FE217B0-CF1C-4C19-97B7-7EC01F544B7C} - C:\WINDOWS\System32\Ysswcr.dll File not found
O28 - HKLM ShellExecuteHooks: {718CDB6C-B4AB-41E4-9D19-0D41A67F02A6} - C:\WINDOWS\System32\Oiplxl.dll File not found
O28 - HKLM ShellExecuteHooks: {72441ED8-BF0D-4EA1-9923-9D0095580448} - C:\WINDOWS\System32\Shpo.dll File not found
O28 - HKLM ShellExecuteHooks: {73C5FE29-F51B-4DB8-B0F0-C66699CD264B} - C:\WINDOWS\System32\Xmys.dll File not found
O28 - HKLM ShellExecuteHooks: {7420D130-293B-49B9-92BD-766D88BAAA57} - C:\WINDOWS\System32\Hkxg.dll File not found
O28 - HKLM ShellExecuteHooks: {76C945A7-CFC0-436C-B946-A84A9A8494B6} - C:\WINDOWS\System32\Jgwhfn.dll ()
O28 - HKLM ShellExecuteHooks: {77E62C14-03EE-4B1D-BC07-7B13FCBB2B47} - C:\WINDOWS\System32\Bduih.dll File not found
O28 - HKLM ShellExecuteHooks: {787F3998-0187-4482-B265-BA1950A38B12} - C:\WINDOWS\System32\Ihudb.dll File not found
O28 - HKLM ShellExecuteHooks: {795D4D51-774E-40B4-ACDE-9E35D452967A} - C:\WINDOWS\System32\Xuhh.dll File not found
O28 - HKLM ShellExecuteHooks: {7961D273-6BA1-4BDE-8DC2-4BAA07747B72} - C:\WINDOWS\System32\Zfzuwh.dll File not found
O28 - HKLM ShellExecuteHooks: {7A9BC48E-95D5-4110-A7F5-86266BC7D2CF} - C:\WINDOWS\System32\Metkq.dll File not found
O28 - HKLM ShellExecuteHooks: {7AE4F465-F7C3-4F41-864B-A70A990CD971} - C:\WINDOWS\System32\Gcpq.dll File not found
O28 - HKLM ShellExecuteHooks: {7CB79EE4-B221-44F2-BD25-ED61DEC5FA0C} - C:\WINDOWS\System32\Afaai.dll File not found
O28 - HKLM ShellExecuteHooks: {7F5A6736-049F-4A74-872F-944286530B10} - C:\WINDOWS\System32\Fweijh.dll File not found
O28 - HKLM ShellExecuteHooks: {8109468B-3EA8-49F8-8D4A-51B67C7644E8} - C:\WINDOWS\System32\Goawxv.dll File not found
O28 - HKLM ShellExecuteHooks: {842B8CDB-10A2-4851-BB31-9741A3F229FC} - C:\WINDOWS\System32\Kjeo.dll File not found
O28 - HKLM ShellExecuteHooks: {8457A3E2-5618-4203-9623-20136597FE8C} - C:\WINDOWS\System32\Ptzwio.dll File not found
O28 - HKLM ShellExecuteHooks: {862CCB51-77AB-483A-AE41-A5907CC28CAA} - C:\WINDOWS\System32\Yicfgf.dll File not found
O28 - HKLM ShellExecuteHooks: {889CF40E-AD13-4F32-8BBD-0F5530E3A023} - C:\WINDOWS\System32\Kpphzt.dll File not found
O28 - HKLM ShellExecuteHooks: {8B95F977-3A85-479E-9E3F-F5568BC3CD4D} - C:\WINDOWS\System32\Tknop.dll File not found
O28 - HKLM ShellExecuteHooks: {8D1848EF-BC99-4303-8902-C8CE123693CF} - C:\WINDOWS\System32\Bgluq.dll File not found
O28 - HKLM ShellExecuteHooks: {90F1A33D-EDBD-4635-B3CA-C6D08C6CDDA4} - C:\WINDOWS\System32\Hqffam.dll File not found
O28 - HKLM ShellExecuteHooks: {91B453BF-7AD6-43F7-B9C1-5BDDDB526069} - C:\WINDOWS\System32\Yxntp.dll File not found
O28 - HKLM ShellExecuteHooks: {933FA22D-E849-4833-8197-5A2E2FF1B0A1} - C:\WINDOWS\System32\Pzgj.dll File not found
O28 - HKLM ShellExecuteHooks: {9AA67FF5-DCE9-4B28-A392-ECFCA202AAC7} - C:\WINDOWS\System32\Bakjn.dll File not found
O28 - HKLM ShellExecuteHooks: {9AAEFF29-B6A7-4404-8F4A-E39DEB2B2475} - C:\WINDOWS\System32\Qvrj.dll File not found
O28 - HKLM ShellExecuteHooks: {9C0CB27B-06CD-44D5-8AD0-501549E9710B} - C:\WINDOWS\System32\Zouuzh.dll File not found
O28 - HKLM ShellExecuteHooks: {9C2E11A0-020E-4A94-AF04-3DCF4C65EE01} - C:\WINDOWS\System32\Nuap.dll File not found
O28 - HKLM ShellExecuteHooks: {9DA2A94C-AFA5-42BD-900F-FCE1385287E8} - C:\WINDOWS\System32\Lflm.dll File not found
O28 - HKLM ShellExecuteHooks: {9E62C24E-E0E4-4CC5-BFF2-3B002683D940} - C:\WINDOWS\System32\Lhwg.dll File not found
O28 - HKLM ShellExecuteHooks: {A0620F64-DCE6-44A8-8805-F5201A5A2EAB} - C:\WINDOWS\System32\Zzgjr.dll File not found
O28 - HKLM ShellExecuteHooks: {A18B5352-E5C1-419A-88E9-265C1F7E983F} - C:\WINDOWS\System32\Erpmxd.dll File not found
O28 - HKLM ShellExecuteHooks: {A1D5A59C-C1B6-475C-833B-AE72EB2955D6} - C:\WINDOWS\System32\Ikrfp.dll File not found
O28 - HKLM ShellExecuteHooks: {A200AC6E-BB3B-4A24-9FB9-2A389C77D1D5} - C:\WINDOWS\System32\Fyraxx.dll File not found
O28 - HKLM ShellExecuteHooks: {A9A26D8E-F3B6-4C43-AD7F-40E62FAE0FED} - C:\WINDOWS\System32\Cknl.dll File not found
O28 - HKLM ShellExecuteHooks: {AD83FC08-A6DF-44DD-855E-7CBAC4E72820} - C:\WINDOWS\System32\Nrspp.dll File not found
O28 - HKLM ShellExecuteHooks: {AD9688CE-5236-454F-8D68-3D51BFB0FE8F} - C:\WINDOWS\System32\Zlco.dll File not found
O28 - HKLM ShellExecuteHooks: {ADCC2EFE-BBD7-4A2B-8952-EE61C4C5B226} - C:\WINDOWS\System32\Ehkm.dll File not found
O28 - HKLM ShellExecuteHooks: {AF2E6EEC-AAFD-44DE-B231-8D88F515098C} - C:\WINDOWS\System32\Dgea.dll File not found
O28 - HKLM ShellExecuteHooks: {B1768154-2B69-429B-AFB6-262574DAE272} - C:\WINDOWS\System32\Wiwd.dll File not found
O28 - HKLM ShellExecuteHooks: {B30751DF-19DD-4833-825E-0CA451EB881A} - C:\WINDOWS\System32\Gxdz.dll File not found
O28 - HKLM ShellExecuteHooks: {B36F464B-8000-41D2-9362-1B9C5E457111} - C:\WINDOWS\System32\Xtwcm.dll File not found
O28 - HKLM ShellExecuteHooks: {B3A76541-C5FB-4B8C-AD04-86793E5CD684} - C:\WINDOWS\System32\Xseir.dll File not found
O28 - HKLM ShellExecuteHooks: {B676C807-7EB2-453C-99FE-D5D2EAD4F803} - C:\WINDOWS\System32\Dotizs.dll File not found
O28 - HKLM ShellExecuteHooks: {B730E3EA-0270-4856-9050-72BD4958BD51} - C:\WINDOWS\System32\Bgwa.dll File not found
O28 - HKLM ShellExecuteHooks: {BCF190DE-CB8E-4ED6-9A62-5106AD5A66DC} - C:\WINDOWS\System32\Qouv.dll File not found
O28 - HKLM ShellExecuteHooks: {BD21883B-19B6-4559-BBB5-BD23BBB34F3C} - C:\WINDOWS\System32\Muftnn.dll File not found
O28 - HKLM ShellExecuteHooks: {BEE8C517-08AA-4844-B9E7-30AF54752847} - C:\WINDOWS\System32\Ioyc.dll File not found
O28 - HKLM ShellExecuteHooks: {C00AB6E5-2CCB-4EF5-B3FA-01A363F99830} - C:\WINDOWS\System32\Eanv.dll File not found
O28 - HKLM ShellExecuteHooks: {C4368D2A-53F2-4727-A7E8-F4ED54178B21} - C:\WINDOWS\System32\Dowoc.dll File not found
O28 - HKLM ShellExecuteHooks: {C65B6179-B534-46E5-9E09-AB811F384EFF} - C:\WINDOWS\System32\Tqyv.dll File not found
O28 - HKLM ShellExecuteHooks: {C85F2CDB-297F-4364-A561-A489D3C91003} - C:\WINDOWS\System32\Vdzq.dll File not found
O28 - HKLM ShellExecuteHooks: {C8B7D7C6-A0EE-40AA-BD67-0098F03C40AC} - C:\WINDOWS\System32\Igiof.dll File not found
O28 - HKLM ShellExecuteHooks: {CBF82635-91DA-42C4-832C-92073876BC9E} - C:\WINDOWS\System32\Kfigiz.dll File not found
O28 - HKLM ShellExecuteHooks: {CE0DE6F4-5EF8-47F5-8EEB-DD90F05AF953} - C:\WINDOWS\System32\Zlac.dll ()
O28 - HKLM ShellExecuteHooks: {CE771032-D9EB-4196-B53B-C8427F245335} - C:\WINDOWS\System32\Wfvgld.dll File not found
O28 - HKLM ShellExecuteHooks: {CED0390F-B4B3-46F0-BD43-F04236508454} - C:\WINDOWS\System32\Gzvjpl.dll File not found
O28 - HKLM ShellExecuteHooks: {CF5999ED-D07E-4925-A1B0-2791D1A5773E} - C:\WINDOWS\System32\Mskqsf.dll File not found
O28 - HKLM ShellExecuteHooks: {D0A77C56-1796-4132-93A3-2042CB863E99} - C:\WINDOWS\System32\Njcln.dll File not found
O28 - HKLM ShellExecuteHooks: {D32E43A6-79CE-4BD7-A05C-358C2BC7A815} - C:\WINDOWS\System32\Gkkkmx.dll File not found
O28 - HKLM ShellExecuteHooks: {D3B3A173-D5AA-439B-8F45-508F9967A518} - C:\WINDOWS\System32\Rquglx.dll File not found
O28 - HKLM ShellExecuteHooks: {D4700314-37FD-48AE-A0D2-3DCDEACCD929} - C:\WINDOWS\System32\Mkxiyn.dll File not found
O28 - HKLM ShellExecuteHooks: {D82197E8-D9DB-4E7D-B2B0-632F4F228FF8} - C:\WINDOWS\System32\Syod.dll File not found
O28 - HKLM ShellExecuteHooks: {D9489367-CD3E-4E9A-A6E5-BF9CDFDCDC74} - C:\WINDOWS\System32\Dyqoln.dll File not found
O28 - HKLM ShellExecuteHooks: {D97B2027-E1F9-4D28-A9C5-1AF683E747D9} - C:\WINDOWS\System32\Hwns.dll File not found
O28 - HKLM ShellExecuteHooks: {D9E78D42-2D2E-49D1-BF53-7DB3F2818CA0} - C:\WINDOWS\System32\Ijtvk.dll File not found
O28 - HKLM ShellExecuteHooks: {DA67DEAF-7688-4FAA-AF70-36877C0EFA6C} - C:\WINDOWS\System32\Itxmob.dll File not found
O28 - HKLM ShellExecuteHooks: {DACB5C66-7D38-4121-94B2-E7DCF075E5E9} - C:\WINDOWS\System32\Ggtgy.dll File not found
O28 - HKLM ShellExecuteHooks: {DC7F3842-BC5B-4109-A11B-3C0902A5EC02} - C:\WINDOWS\System32\Ffzcm.dll File not found
O28 - HKLM ShellExecuteHooks: {DCA8F56D-73B8-40F2-966A-97446469A3ED} - C:\WINDOWS\System32\Dbiv.dll File not found
O28 - HKLM ShellExecuteHooks: {DD90D74A-AC42-4054-9533-161DE454116A} - C:\WINDOWS\System32\Msxtr.dll File not found
O28 - HKLM ShellExecuteHooks: {DEA636BF-4F5B-438B-AAC6-E57F3D0110E0} - C:\WINDOWS\System32\Eide.dll File not found
O28 - HKLM ShellExecuteHooks: {DF6B7DB1-32AE-4819-869B-C9643C2BD6A3} - C:\WINDOWS\System32\Rvsli.dll File not found
O28 - HKLM ShellExecuteHooks: {DF6B9239-97B6-4AF1-8431-3A97CEC92B4C} - C:\WINDOWS\System32\Bgghpx.dll File not found
O28 - HKLM ShellExecuteHooks: {E1989F84-BF01-4960-B423-6232CEE6B398} - C:\WINDOWS\System32\Cwuxd.dll File not found
O28 - HKLM ShellExecuteHooks: {E1B0BC24-9FAC-451B-AEE6-78D15B1B7EB4} - C:\WINDOWS\System32\Jwehk.dll File not found
O28 - HKLM ShellExecuteHooks: {E1BAB224-9C2E-4AC0-9EF5-80354D52E6DC} - C:\WINDOWS\System32\Obxy.dll File not found
O28 - HKLM ShellExecuteHooks: {E2A3FE48-2E8B-40DE-AFDB-48DC6637444F} - C:\WINDOWS\System32\Gbgk.dll File not found
O28 - HKLM ShellExecuteHooks: {E3537A44-9119-4C88-A632-34EFE1B5ADEF} - C:\WINDOWS\System32\Ikbrq.dll File not found
O28 - HKLM ShellExecuteHooks: {E50348DB-8AF1-4863-A29B-51C75396EA6F} - C:\WINDOWS\System32\Yjplf.dll File not found
O28 - HKLM ShellExecuteHooks: {E66F87A8-BDE8-41D1-834B-3DCC69D477CF} - C:\WINDOWS\System32\Ihlj.dll File not found
O28 - HKLM ShellExecuteHooks: {E7B3FAC3-3A12-4A8F-9988-950E1CFC20D7} - C:\WINDOWS\System32\Nvagem.dll File not found
O28 - HKLM ShellExecuteHooks: {E7E811C7-2DDA-422D-962C-3B42C95155F9} - C:\WINDOWS\System32\Xvdkh.dll File not found
O28 - HKLM ShellExecuteHooks: {E912DDEB-3BCF-401D-9852-4CF02DC1D749} - C:\WINDOWS\System32\Zzfh.dll File not found
O28 - HKLM ShellExecuteHooks: {EA01A161-93F0-4B5A-918C-CEC9AC96F7A6} - C:\WINDOWS\System32\Cbdu.dll File not found
O28 - HKLM ShellExecuteHooks: {EAADED0E-0012-4E6B-8450-9E043DDA596D} - C:\WINDOWS\System32\Vqfrn.dll File not found
O28 - HKLM ShellExecuteHooks: {EBA1F4EA-CC8E-4C5E-909B-32BCD98A324D} - C:\WINDOWS\System32\Ddjv.dll File not found
O28 - HKLM ShellExecuteHooks: {EC66667C-606C-4847-9973-B52ECECE2E18} - C:\WINDOWS\System32\Zaeb.dll File not found
O28 - HKLM ShellExecuteHooks: {EF90BEC9-9C83-4FB4-AE11-C727D781234B} - C:\WINDOWS\System32\Wmlfw.dll File not found
O28 - HKLM ShellExecuteHooks: {F06BF7CD-ABB2-468C-9C7A-54AF27108A17} - C:\WINDOWS\System32\Ccuqd.dll File not found
O28 - HKLM ShellExecuteHooks: {F14B6818-65C3-4DA0-93C5-D33F73F5FBB1} - C:\WINDOWS\System32\Twmfad.dll File not found
O28 - HKLM ShellExecuteHooks: {F37A4232-78E6-450F-A646-56DDEA371EDC} - C:\WINDOWS\System32\Qtvre.dll File not found
O28 - HKLM ShellExecuteHooks: {F3F6AC7B-C3A4-4937-8466-5AC115EE6AB6} - C:\WINDOWS\System32\Wplxg.dll File not found
O28 - HKLM ShellExecuteHooks: {F62BEDDA-42DD-4ACD-97EB-C78FF05B33D6} - C:\WINDOWS\System32\Fywvcx.dll File not found
O28 - HKLM ShellExecuteHooks: {F7037716-52FD-4BA4-A2E0-D70A0A29DDE4} - C:\WINDOWS\System32\Ktypu.dll File not found
O28 - HKLM ShellExecuteHooks: {F88796B8-BFB1-4C81-BE74-859C3C9DA156} - C:\WINDOWS\System32\Mrjto.dll File not found
O28 - HKLM ShellExecuteHooks: {F947E829-7E89-4AD2-82F4-94B9D3110892} - C:\WINDOWS\System32\Bcjfwf.dll File not found
O28 - HKLM ShellExecuteHooks: {F9F1CB87-0B64-4588-9CA2-3F92C4FEBCBA} - C:\WINDOWS\System32\Gjcy.dll File not found
O28 - HKLM ShellExecuteHooks: {FA6CD028-69FF-4C3F-AB06-62066514C852} - C:\WINDOWS\System32\Amnep.dll File not found
O28 - HKLM ShellExecuteHooks: {FAB00860-C74A-452B-BECB-D374DF0C2CC7} - C:\WINDOWS\System32\Ujtbmk.dll File not found
O28 - HKLM ShellExecuteHooks: {FB1F204E-E14C-4B8C-ACE4-1D55F2400BEA} - C:\WINDOWS\System32\Bzaa.dll File not found
O28 - HKLM ShellExecuteHooks: {FBE8A2DC-6828-426F-BCE0-C40A1F631EE5} - C:\WINDOWS\System32\Qerrc.dll File not found
O28 - HKLM ShellExecuteHooks: {FE00E7BC-3B05-4526-ADA9-BC3E341B3867} - C:\WINDOWS\System32\Ckferv.dll File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[9 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/08/17 00:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Runscanner.net
[2009/08/17 00:25:17 | 00,000,000 | ---D | C] -- C:\runscanner
[2009/08/17 00:23:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\John
[2009/08/16 21:33:43 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/08/16 21:33:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/08/16 21:33:25 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/08/16 21:33:25 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/08/16 21:33:25 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/08/16 21:33:25 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/08/16 21:33:23 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/08/16 21:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/08/16 21:29:12 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/16 19:08:57 | 00,000,000 | ---D | C] -- C:\rsit
[2009/08/16 19:08:57 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/08/15 11:09:40 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/08/15 11:08:50 | 00,019,286 | ---- | C] () -- C:\cleanup.exe
[2009/08/14 23:57:55 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/08/13 23:11:54 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/08/13 19:43:43 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/11 23:52:53 | 00,000,000 | ---D | C] -- C:\sb
[2009/08/11 21:55:30 | 00,000,000 | ---D | C] -- C:\SDFIX
[2009/08/11 19:10:03 | 00,000,000 | ---D | C] -- C:\john
[2009/08/09 23:34:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\32788R22FWJFW
[2009/08/09 21:35:10 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/09 21:35:08 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/09 16:45:41 | 00,000,000 | ---D | C] -- C:\New virus
[2009/08/06 19:27:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/08/06 03:04:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/06 03:04:09 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/06 03:03:39 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/06 03:03:39 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/06 03:03:39 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/06 03:03:39 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/06 03:03:39 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/06 03:03:39 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/06 03:03:39 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/06 03:03:38 | 00,000,000 | ---D | C] -- C:\e8345f09ee23ae7997
[2009/08/03 23:12:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\working memory
[2009/08/03 00:33:55 | 00,792,525 | ---- | C] () -- C:\Documents and Settings\John\Desktop\偷拍动物睡觉,太可爱了 - 灌水閒聊 - Sina BBS - Powered by Discuz!.mht
[2009/07/18 22:03:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\My new company
[2009/06/20 22:05:16 | 00,068,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\SKYNETfrfbpjpi.sys
[2008/10/28 20:22:58 | 00,000,223 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2008/10/28 20:18:23 | 00,548,864 | ---- | C] () -- C:\WINDOWS\System32\dlbjusb1.dll
[2008/10/28 20:18:23 | 00,544,768 | ---- | C] () -- C:\WINDOWS\System32\dlbjserv.dll
[2008/10/28 20:18:23 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlbjjswr.dll
[2008/10/28 20:18:23 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\dlbjcomc.dll
[2008/10/28 20:18:23 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\dlbjcomm.dll
[2008/10/28 20:18:23 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\dlbjlmpm.dll
[2008/10/28 20:18:23 | 00,352,256 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjutil.dll
[2008/10/28 20:18:23 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbjpplc.dll
[2008/10/28 20:18:23 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dlbjprox.dll
[2008/10/28 20:18:23 | 00,090,112 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjcur.dll
[2008/10/28 20:18:23 | 00,073,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjcu.dll
[2008/10/28 20:18:23 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbjvs.dll
[2008/10/14 22:53:36 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/10/14 21:18:30 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/20 23:56:37 | 00,166,216 | ---- | C] () -- C:\WINDOWS\System32\contmenu.dll.del
[2008/02/20 23:56:37 | 00,166,216 | ---- | C] () -- C:\WINDOWS\System32\contmenu.dll
[2007/01/05 22:38:54 | 00,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/08/19 12:46:39 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\0000_sys.sys
[2006/08/12 18:14:24 | 00,000,435 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2006/07/25 00:57:22 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/07/16 19:18:58 | 00,000,098 | ---- | C] () -- C:\WINDOWS\DMI.INI
[2006/07/05 10:01:48 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2006/06/20 10:33:10 | 00,000,477 | ---- | C] () -- C:\WINDOWS\chsmtreg.ini
[2006/06/20 10:25:31 | 00,000,062 | ---- | C] () -- C:\WINDOWS\chsmts16.ini
[2006/06/06 01:12:56 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Lktm.dll
[2006/05/27 22:19:20 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Auzq.dll
[2006/05/27 01:41:42 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Zlac.dll
[2006/05/26 10:45:43 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Jgwhfn.dll
[2006/05/25 23:51:41 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Swmnv.dll
[2006/05/25 09:42:53 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Bhcq.dll
[2006/05/24 23:59:06 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Xrct.dll
[2006/05/06 01:49:39 | 00,000,071 | ---- | C] () -- C:\WINDOWS\SCRCFG.ini
[2005/09/10 00:01:23 | 00,000,086 | ---- | C] () -- C:\WINDOWS\BMate.INI
[2005/03/12 20:25:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/02/01 16:16:31 | 00,000,201 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2005/02/01 15:48:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/01/31 22:59:00 | 00,000,098 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/31 22:55:02 | 00,131,072 | ---- | C] () -- C:\WINDOWS\SNVerifyDLL.dll
[2005/01/12 20:03:00 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/09 14:15:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 14:10:33 | 00,000,344 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/09 14:06:36 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/09 14:06:28 | 00,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/01/09 14:06:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/01/09 14:06:23 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/01/09 13:39:12 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/12/21 17:47:17 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/09/15 23:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:04:08 | 00,000,582 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 13:57:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 06:00:00 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\scecli.dll
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/04/14 10:40:32 | 00,001,417 | ---- | C] () -- C:\WINDOWS\System32\WD.ini
[2003/12/15 15:42:52 | 00,000,232 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP3.ini
[2003/12/15 15:42:36 | 00,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP2.ini
[1980/01/01 01:00:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1980/01/01 01:00:00 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 01:00:00 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[9 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/08/16 21:33:43 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/08/16 21:25:02 | 00,007,275 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/16 21:24:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/08/16 21:23:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/16 21:23:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/08/16 17:58:13 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/16 17:51:51 | 00,000,582 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/08/16 17:51:51 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/16 17:51:51 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/08/15 11:08:50 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
[2009/08/13 22:53:25 | 01,600,656 | -H-- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\IconCache.db
[2009/08/11 22:03:24 | 00,000,685 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/08/09 16:43:36 | 00,527,650 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/09 16:43:36 | 00,445,684 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/08/09 16:43:36 | 00,072,890 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/08/09 15:21:15 | 00,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/06 21:27:37 | 00,107,984 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/06 03:14:55 | 00,383,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/04 11:25:41 | 00,000,223 | ---- | M] () -- C:\WINDOWS\DELLSTAT.INI
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/03 00:33:56 | 00,792,525 | ---- | M] () -- C:\Documents and Settings\John\Desktop\偷拍动物睡觉,太可爱了 - 灌水閒聊 - Sina BBS - Powered by Discuz!.mht
[2009/08/01 22:55:57 | 00,001,852 | -H-- | M] () -- C:\Documents and Settings\John\My Documents\Default.rdp
[2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 08:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 08:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

========== Files - Unicode (All) ==========
[2006/01/01 12:21:21 | 00,000,000 | ---D | C](C:\Documents and Settings\John\My Documents\北美生活网 ? World Biz City Archive_files) -- C:\Documents and Settings\John\My Documents\北美生活网 World Biz City Archive_files
[2006/01/01 12:21:21 | 00,026,076 | ---- | C] ()(C:\Documents and Settings\John\My Documents\北美生活网 ? World Biz City Archive.htm) -- C:\Documents and Settings\John\My Documents\北美生活网 World Biz City Archive.htm
[2006/01/01 12:21:22 | 00,000,000 | ---D | M](C:\Documents and Settings\John\My Documents\北美生活网 ? World Biz City Archive_files) -- C:\Documents and Settings\John\My Documents\北美生活网 World Biz City Archive_files
[2006/01/01 12:21:22 | 00,026,076 | ---- | M] ()(C:\Documents and Settings\John\My Documents\北美生活网 ? World Biz City Archive.htm) -- C:\Documents and Settings\John\My Documents\北美生活网 World Biz City Archive.htm
[2007/01/19 11:31:38 | 00,000,000 | ---D | C](C:\Documents and Settings\John\My Documents\国力面临大转折? (??-1)_files) -- C:\Documents and Settings\John\My Documents\国力面临大转折? (续1)_files
[2007/01/19 11:31:38 | 00,061,412 | ---- | C] ()(C:\Documents and Settings\John\My Documents\国力面临大转折? (??-1).htm) -- C:\Documents and Settings\John\My Documents\国力面临大转折? (续1).htm
[2007/01/19 11:31:39 | 00,000,000 | ---D | M](C:\Documents and Settings\John\My Documents\国力面临大转折? (??-1)_files) -- C:\Documents and Settings\John\My Documents\国力面临大转折? (续1)_files
[2007/01/19 11:31:39 | 00,061,412 | ---- | M] ()(C:\Documents and Settings\John\My Documents\国力面临大转折? (??-1).htm) -- C:\Documents and Settings\John\My Documents\国力面临大转折? (续1).htm
< End of report >

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 17 August 2009 - 07:28 PM

Hello.. You are probably get infected from a Chinese website/program.. Please don't visit any Chinese website for the time being.. Well, at least until the computer is clean..


Since you mentioned have Avira and McAfee, please uninstall McAfee first and keep Avira..


Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..




OTL Fix step

Open OTL then do below..

Copy/paste the following into the Costum Scans/Fixes box and then click on Run Fix button.

:processes
explorer.exe

:services

:OTL
DRV - [2006/08/25 22:00:20 | 00,004,608 | ---- | M] () -- C:\WINDOWS\system32\drivers\0000_sys.sys -- ( [Boot | Stopped])
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {0103E2D0-91A1-4D79-9110-8300233B74BE} - C:\WINDOWS\System32\Yzolnv.dll File not found
O28 - HKLM ShellExecuteHooks: {01641A44-1C98-43B4-9534-97D339BB7CDE} - C:\WINDOWS\System32\Ewtbia.dll File not found
O28 - HKLM ShellExecuteHooks: {0246951D-A808-4F83-ADE2-8834F683A9CE} - C:\WINDOWS\System32\Ehqhjy.dll File not found
O28 - HKLM ShellExecuteHooks: {05057743-9A10-43F6-B3D2-36EF7C5CE898} - C:\WINDOWS\System32\Ojrfv.dll File not found
O28 - HKLM ShellExecuteHooks: {08CE731B-8A86-4039-9FB1-B133C5EC75CF} - C:\WINDOWS\System32\Nvmnbn.dll File not found
O28 - HKLM ShellExecuteHooks: {0997C943-01BE-4116-BAF9-AFC73A955315} - C:\WINDOWS\System32\Vedjhq.dll File not found
O28 - HKLM ShellExecuteHooks: {0AC1B0BB-9FFC-44EB-B018-5FA9F81FB29A} - C:\WINDOWS\System32\Ymfkhs.dll File not found
O28 - HKLM ShellExecuteHooks: {0E14176C-346D-47A6-B576-CB012830D187} - C:\WINDOWS\System32\Bubnhv.dll File not found
O28 - HKLM ShellExecuteHooks: {0E84C2E4-C3AC-4639-A37E-919C3E8DE5E6} - C:\WINDOWS\System32\Oougmh.dll File not found
O28 - HKLM ShellExecuteHooks: {0F9CF8B2-CC33-4236-8E1C-B92005CEA1D9} - C:\WINDOWS\System32\Uncibl.dll File not found
O28 - HKLM ShellExecuteHooks: {13821998-D7A0-4C7B-8FDF-6206B19AEB04} - C:\WINDOWS\System32\Hjee.dll File not found
O28 - HKLM ShellExecuteHooks: {1582CC5D-EE18-494B-9020-D068E43DE4B8} - C:\WINDOWS\System32\Vzxae.dll File not found
O28 - HKLM ShellExecuteHooks: {15E20763-0272-4C71-9924-E3921080A5ED} - C:\WINDOWS\System32\Kxzroj.dll File not found
O28 - HKLM ShellExecuteHooks: {17425469-1D0D-4882-BA8A-1C9054A9BB46} - C:\WINDOWS\System32\Yavhww.dll File not found
O28 - HKLM ShellExecuteHooks: {1830FB0C-BAB8-4921-95DF-0248C91C1524} - C:\WINDOWS\System32\Hnsr.dll File not found
O28 - HKLM ShellExecuteHooks: {1919DD21-B7CD-4EF7-BB78-0A04B49D6D39} - C:\WINDOWS\System32\Wknn.dll File not found
O28 - HKLM ShellExecuteHooks: {19444FF8-9C32-4FDB-8D85-B20236E571C6} - C:\WINDOWS\System32\Uaalw.dll File not found
O28 - HKLM ShellExecuteHooks: {19D7FDC4-A1FA-4B79-A422-C8E66572F124} - C:\WINDOWS\System32\Wplkil.dll File not found
O28 - HKLM ShellExecuteHooks: {19EE4793-251A-45AC-A9C4-097DD25776E0} - C:\WINDOWS\System32\Wozvdw.dll File not found
O28 - HKLM ShellExecuteHooks: {1CE41EDF-F8E0-47CC-913A-027DA46E0BF0} - C:\WINDOWS\System32\Sxpv.dll File not found
O28 - HKLM ShellExecuteHooks: {1D5A785A-FCD2-4952-AAEF-A00BA1D26AB0} - C:\WINDOWS\System32\Dfxon.dll File not found
O28 - HKLM ShellExecuteHooks: {1DBF2052-C6B9-4C9C-B70F-2615433E6FF9} - C:\WINDOWS\System32\Twrf.dll File not found
O28 - HKLM ShellExecuteHooks: {1E192DDF-2E29-4E75-809B-C9DCEB11123B} - C:\WINDOWS\System32\Tbcvdl.dll File not found
O28 - HKLM ShellExecuteHooks: {1EA684C4-D7C1-4A4E-88B9-628D26066124} - C:\WINDOWS\System32\Bhgqnu.dll File not found
O28 - HKLM ShellExecuteHooks: {1EB4CAF3-3B9E-4A30-B642-D846457E1185} - C:\WINDOWS\System32\Wvquj.dll File not found
O28 - HKLM ShellExecuteHooks: {1F6F3FE9-714E-4CD2-B8A7-C835052386DB} - C:\WINDOWS\System32\Ihei.dll File not found
O28 - HKLM ShellExecuteHooks: {200B3450-ED8B-4104-86F5-F9D98A4F9DDE} - C:\WINDOWS\System32\Uvtmz.dll File not found
O28 - HKLM ShellExecuteHooks: {20932591-2E2C-4491-A536-E022730D57F7} - C:\WINDOWS\System32\Gxitq.dll File not found
O28 - HKLM ShellExecuteHooks: {215B110B-ECD5-4D34-87B8-1F3A9229872D} - C:\WINDOWS\System32\Xwky.dll File not found
O28 - HKLM ShellExecuteHooks: {2BEDB255-F977-41E0-9146-AFCCD507844B} - C:\WINDOWS\System32\Xeeo.dll File not found
O28 - HKLM ShellExecuteHooks: {2D1E2BF2-5801-4C14-A050-54D22E7FFBCB} - C:\WINDOWS\System32\Auzq.dll ()
O28 - HKLM ShellExecuteHooks: {2D7B2AF6-7F7A-4563-8A96-765F50986A34} - C:\WINDOWS\System32\Xrct.dll ()
O28 - HKLM ShellExecuteHooks: {2EE455A4-5D83-4BAA-B422-A9703E367130} - C:\WINDOWS\System32\Dpnih.dll File not found
O28 - HKLM ShellExecuteHooks: {2EF92FEF-97C1-43C3-8406-5F4105D8BD47} - C:\WINDOWS\System32\Ylekhh.dll File not found
O28 - HKLM ShellExecuteHooks: {32BCF0C1-D18E-4048-BDDD-21A3F0A254B3} - C:\WINDOWS\System32\Ncxwe.dll File not found
O28 - HKLM ShellExecuteHooks: {33EA038D-4093-4EE6-845A-2A698AD47A51} - C:\WINDOWS\System32\Wtojz.dll File not found
O28 - HKLM ShellExecuteHooks: {354556FD-0A48-40AC-AC7B-F2132CE566DF} - C:\WINDOWS\System32\Mwae.dll File not found
O28 - HKLM ShellExecuteHooks: {3598771A-FE7A-44AC-8334-82E78365FB59} - C:\WINDOWS\System32\Irpfkt.dll File not found
O28 - HKLM ShellExecuteHooks: {37840440-2637-4946-863D-EDB23414B5C1} - C:\WINDOWS\System32\Qsykif.dll File not found
O28 - HKLM ShellExecuteHooks: {397B6315-295D-4C8D-8B27-446C94D11926} - C:\WINDOWS\System32\Tmiicr.dll File not found
O28 - HKLM ShellExecuteHooks: {397D18A3-4E5D-4FB3-A27B-072E3DAEC2D7} - C:\WINDOWS\System32\Arqgq.dll File not found
O28 - HKLM ShellExecuteHooks: {3A2F453C-CD7E-41D6-BC40-8158EFA2A813} - C:\WINDOWS\System32\Jmzul.dll File not found
O28 - HKLM ShellExecuteHooks: {3C47806D-1381-4088-A542-CE85613473FF} - C:\WINDOWS\System32\Kjxzjk.dll File not found
O28 - HKLM ShellExecuteHooks: {3C4EACF8-38F8-4DB6-8798-6968A0C9D7D9} - C:\WINDOWS\System32\Ghdf.dll File not found
O28 - HKLM ShellExecuteHooks: {3CABD70A-FE07-46E0-BAEA-17941550C126} - C:\WINDOWS\System32\Lpllgo.dll File not found
O28 - HKLM ShellExecuteHooks: {3D94DD02-DFAF-4FD8-AC44-206620CDA028} - C:\WINDOWS\System32\Vqat.dll File not found
O28 - HKLM ShellExecuteHooks: {3DCCEEA9-9F68-4A1D-823D-9F5A769F3A6C} - C:\WINDOWS\System32\Lnifb.dll File not found
O28 - HKLM ShellExecuteHooks: {3E4C8E91-67D9-46BA-852E-4816A031D746} - C:\WINDOWS\System32\Rgops.dll File not found
O28 - HKLM ShellExecuteHooks: {3FE44E3A-B607-4A47-BE7F-1E07463264DE} - C:\WINDOWS\System32\Eclc.dll File not found
O28 - HKLM ShellExecuteHooks: {40093970-3724-44D6-924A-BF7DC1E4DA26} - C:\WINDOWS\System32\Bhcq.dll ()
O28 - HKLM ShellExecuteHooks: {40BABA97-8B45-4412-909C-AA4980D78BF7} - C:\WINDOWS\System32\Hhfdm.dll File not found
O28 - HKLM ShellExecuteHooks: {4790C31F-A108-449B-9104-F92598D1FA35} - C:\WINDOWS\System32\Vrsrbn.dll File not found
O28 - HKLM ShellExecuteHooks: {49334ED8-2493-4D91-B15B-EA32AE9E7D89} - C:\WINDOWS\System32\Kqpbvy.dll File not found
O28 - HKLM ShellExecuteHooks: {4F2777A0-AE90-4651-B0FF-BC75CBEC333C} - C:\WINDOWS\System32\Laeg.dll File not found
O28 - HKLM ShellExecuteHooks: {4F5612FF-71BC-4F7D-852E-9EE7878C9930} - C:\WINDOWS\System32\Nxnrle.dll File not found
O28 - HKLM ShellExecuteHooks: {5088CCDE-CCBC-49D6-8E7D-00A6E51E3455} - C:\WINDOWS\System32\Fwirw.dll File not found
O28 - HKLM ShellExecuteHooks: {54675C7E-1A4D-46DA-B7C7-1ABC9039FF58} - C:\WINDOWS\System32\Cvvhr.dll File not found
O28 - HKLM ShellExecuteHooks: {54B0E4DA-0476-4FF7-9BB7-B27A77985E4D} - C:\WINDOWS\System32\Ojnnlr.dll File not found
O28 - HKLM ShellExecuteHooks: {563C2D99-01B4-4B33-AB4C-C0C1B5047C1C} - C:\WINDOWS\System32\Czih.dll File not found
O28 - HKLM ShellExecuteHooks: {57735E86-6CF9-48FC-825E-299774296223} - C:\WINDOWS\System32\Bzgc.dll File not found
O28 - HKLM ShellExecuteHooks: {579CFB54-4195-4D4D-B755-C7FDEA676836} - C:\WINDOWS\System32\Gmbe.dll File not found
O28 - HKLM ShellExecuteHooks: {57C33D99-0ECB-4310-A17F-1E2AC8987FEC} - C:\WINDOWS\System32\Pqnvfa.dll File not found
O28 - HKLM ShellExecuteHooks: {5B914E7A-A26A-4459-BC12-66386E78771D} - C:\WINDOWS\System32\Xncz.dll File not found
O28 - HKLM ShellExecuteHooks: {5D7E20B4-2427-482A-BD81-62DE872CEB91} - C:\WINDOWS\System32\Rxwg.dll File not found
O28 - HKLM ShellExecuteHooks: {5E0E7923-CE6B-4B20-9A61-990272BB6527} - C:\WINDOWS\System32\Hgcojv.dll File not found
O28 - HKLM ShellExecuteHooks: {61089A6B-EF6C-45D3-AB09-4EF0781C3543} - C:\WINDOWS\System32\Swmnv.dll ()
O28 - HKLM ShellExecuteHooks: {61772CEC-1DC2-4FDB-B220-433D97F708BB} - C:\WINDOWS\System32\Idgb.dll File not found
O28 - HKLM ShellExecuteHooks: {62F6C195-C088-469C-8580-8B1E46E65DF9} - C:\WINDOWS\System32\Espcfo.dll File not found
O28 - HKLM ShellExecuteHooks: {63CCA302-800D-46F6-82A4-C6C387D72B95} - C:\WINDOWS\System32\Dbgmi.dll File not found
O28 - HKLM ShellExecuteHooks: {6929A002-1D32-48D9-87BF-A852B5950DCA} - C:\WINDOWS\System32\Kiwij.dll File not found
O28 - HKLM ShellExecuteHooks: {69E61800-E601-4627-A883-ECB6764C0232} - C:\WINDOWS\System32\Lktm.dll ()
O28 - HKLM ShellExecuteHooks: {69FBDCF6-F14F-4DEB-83BB-E687C52BEEFA} - C:\WINDOWS\System32\Lajmpc.dll File not found
O28 - HKLM ShellExecuteHooks: {6A2D3285-1007-40E5-9C9F-82677C1C8114} - C:\WINDOWS\System32\Nxkbo.dll File not found
O28 - HKLM ShellExecuteHooks: {6CC7B591-7B75-4051-AA94-1C634D63B686} - C:\WINDOWS\System32\Hczu.dll File not found
O28 - HKLM ShellExecuteHooks: {6CDD239C-6624-48CA-BAD3-C9883E4D453E} - C:\WINDOWS\System32\Vfygsz.dll File not found
O28 - HKLM ShellExecuteHooks: {6FAFDA3C-6B12-4C68-BCDE-CC7D4E7E0AB9} - C:\WINDOWS\System32\Mxatd.dll File not found
O28 - HKLM ShellExecuteHooks: {6FE217B0-CF1C-4C19-97B7-7EC01F544B7C} - C:\WINDOWS\System32\Ysswcr.dll File not found
O28 - HKLM ShellExecuteHooks: {718CDB6C-B4AB-41E4-9D19-0D41A67F02A6} - C:\WINDOWS\System32\Oiplxl.dll File not found
O28 - HKLM ShellExecuteHooks: {72441ED8-BF0D-4EA1-9923-9D0095580448} - C:\WINDOWS\System32\Shpo.dll File not found
O28 - HKLM ShellExecuteHooks: {73C5FE29-F51B-4DB8-B0F0-C66699CD264B} - C:\WINDOWS\System32\Xmys.dll File not found
O28 - HKLM ShellExecuteHooks: {7420D130-293B-49B9-92BD-766D88BAAA57} - C:\WINDOWS\System32\Hkxg.dll File not found
O28 - HKLM ShellExecuteHooks: {76C945A7-CFC0-436C-B946-A84A9A8494B6} - C:\WINDOWS\System32\Jgwhfn.dll ()
O28 - HKLM ShellExecuteHooks: {77E62C14-03EE-4B1D-BC07-7B13FCBB2B47} - C:\WINDOWS\System32\Bduih.dll File not found
O28 - HKLM ShellExecuteHooks: {787F3998-0187-4482-B265-BA1950A38B12} - C:\WINDOWS\System32\Ihudb.dll File not found
O28 - HKLM ShellExecuteHooks: {795D4D51-774E-40B4-ACDE-9E35D452967A} - C:\WINDOWS\System32\Xuhh.dll File not found
O28 - HKLM ShellExecuteHooks: {7961D273-6BA1-4BDE-8DC2-4BAA07747B72} - C:\WINDOWS\System32\Zfzuwh.dll File not found
O28 - HKLM ShellExecuteHooks: {7A9BC48E-95D5-4110-A7F5-86266BC7D2CF} - C:\WINDOWS\System32\Metkq.dll File not found
O28 - HKLM ShellExecuteHooks: {7AE4F465-F7C3-4F41-864B-A70A990CD971} - C:\WINDOWS\System32\Gcpq.dll File not found
O28 - HKLM ShellExecuteHooks: {7CB79EE4-B221-44F2-BD25-ED61DEC5FA0C} - C:\WINDOWS\System32\Afaai.dll File not found
O28 - HKLM ShellExecuteHooks: {7F5A6736-049F-4A74-872F-944286530B10} - C:\WINDOWS\System32\Fweijh.dll File not found
O28 - HKLM ShellExecuteHooks: {8109468B-3EA8-49F8-8D4A-51B67C7644E8} - C:\WINDOWS\System32\Goawxv.dll File not found
O28 - HKLM ShellExecuteHooks: {842B8CDB-10A2-4851-BB31-9741A3F229FC} - C:\WINDOWS\System32\Kjeo.dll File not found
O28 - HKLM ShellExecuteHooks: {8457A3E2-5618-4203-9623-20136597FE8C} - C:\WINDOWS\System32\Ptzwio.dll File not found
O28 - HKLM ShellExecuteHooks: {862CCB51-77AB-483A-AE41-A5907CC28CAA} - C:\WINDOWS\System32\Yicfgf.dll File not found
O28 - HKLM ShellExecuteHooks: {889CF40E-AD13-4F32-8BBD-0F5530E3A023} - C:\WINDOWS\System32\Kpphzt.dll File not found
O28 - HKLM ShellExecuteHooks: {8B95F977-3A85-479E-9E3F-F5568BC3CD4D} - C:\WINDOWS\System32\Tknop.dll File not found
O28 - HKLM ShellExecuteHooks: {8D1848EF-BC99-4303-8902-C8CE123693CF} - C:\WINDOWS\System32\Bgluq.dll File not found
O28 - HKLM ShellExecuteHooks: {90F1A33D-EDBD-4635-B3CA-C6D08C6CDDA4} - C:\WINDOWS\System32\Hqffam.dll File not found
O28 - HKLM ShellExecuteHooks: {91B453BF-7AD6-43F7-B9C1-5BDDDB526069} - C:\WINDOWS\System32\Yxntp.dll File not found
O28 - HKLM ShellExecuteHooks: {933FA22D-E849-4833-8197-5A2E2FF1B0A1} - C:\WINDOWS\System32\Pzgj.dll File not found
O28 - HKLM ShellExecuteHooks: {9AA67FF5-DCE9-4B28-A392-ECFCA202AAC7} - C:\WINDOWS\System32\Bakjn.dll File not found
O28 - HKLM ShellExecuteHooks: {9AAEFF29-B6A7-4404-8F4A-E39DEB2B2475} - C:\WINDOWS\System32\Qvrj.dll File not found
O28 - HKLM ShellExecuteHooks: {9C0CB27B-06CD-44D5-8AD0-501549E9710B} - C:\WINDOWS\System32\Zouuzh.dll File not found
O28 - HKLM ShellExecuteHooks: {9C2E11A0-020E-4A94-AF04-3DCF4C65EE01} - C:\WINDOWS\System32\Nuap.dll File not found
O28 - HKLM ShellExecuteHooks: {9DA2A94C-AFA5-42BD-900F-FCE1385287E8} - C:\WINDOWS\System32\Lflm.dll File not found
O28 - HKLM ShellExecuteHooks: {9E62C24E-E0E4-4CC5-BFF2-3B002683D940} - C:\WINDOWS\System32\Lhwg.dll File not found
O28 - HKLM ShellExecuteHooks: {A0620F64-DCE6-44A8-8805-F5201A5A2EAB} - C:\WINDOWS\System32\Zzgjr.dll File not found
O28 - HKLM ShellExecuteHooks: {A18B5352-E5C1-419A-88E9-265C1F7E983F} - C:\WINDOWS\System32\Erpmxd.dll File not found
O28 - HKLM ShellExecuteHooks: {A1D5A59C-C1B6-475C-833B-AE72EB2955D6} - C:\WINDOWS\System32\Ikrfp.dll File not found
O28 - HKLM ShellExecuteHooks: {A200AC6E-BB3B-4A24-9FB9-2A389C77D1D5} - C:\WINDOWS\System32\Fyraxx.dll File not found
O28 - HKLM ShellExecuteHooks: {A9A26D8E-F3B6-4C43-AD7F-40E62FAE0FED} - C:\WINDOWS\System32\Cknl.dll File not found
O28 - HKLM ShellExecuteHooks: {AD83FC08-A6DF-44DD-855E-7CBAC4E72820} - C:\WINDOWS\System32\Nrspp.dll File not found
O28 - HKLM ShellExecuteHooks: {AD9688CE-5236-454F-8D68-3D51BFB0FE8F} - C:\WINDOWS\System32\Zlco.dll File not found
O28 - HKLM ShellExecuteHooks: {ADCC2EFE-BBD7-4A2B-8952-EE61C4C5B226} - C:\WINDOWS\System32\Ehkm.dll File not found
O28 - HKLM ShellExecuteHooks: {AF2E6EEC-AAFD-44DE-B231-8D88F515098C} - C:\WINDOWS\System32\Dgea.dll File not found
O28 - HKLM ShellExecuteHooks: {B1768154-2B69-429B-AFB6-262574DAE272} - C:\WINDOWS\System32\Wiwd.dll File not found
O28 - HKLM ShellExecuteHooks: {B30751DF-19DD-4833-825E-0CA451EB881A} - C:\WINDOWS\System32\Gxdz.dll File not found
O28 - HKLM ShellExecuteHooks: {B36F464B-8000-41D2-9362-1B9C5E457111} - C:\WINDOWS\System32\Xtwcm.dll File not found
O28 - HKLM ShellExecuteHooks: {B3A76541-C5FB-4B8C-AD04-86793E5CD684} - C:\WINDOWS\System32\Xseir.dll File not found
O28 - HKLM ShellExecuteHooks: {B676C807-7EB2-453C-99FE-D5D2EAD4F803} - C:\WINDOWS\System32\Dotizs.dll File not found
O28 - HKLM ShellExecuteHooks: {B730E3EA-0270-4856-9050-72BD4958BD51} - C:\WINDOWS\System32\Bgwa.dll File not found
O28 - HKLM ShellExecuteHooks: {BCF190DE-CB8E-4ED6-9A62-5106AD5A66DC} - C:\WINDOWS\System32\Qouv.dll File not found
O28 - HKLM ShellExecuteHooks: {BD21883B-19B6-4559-BBB5-BD23BBB34F3C} - C:\WINDOWS\System32\Muftnn.dll File not found
O28 - HKLM ShellExecuteHooks: {BEE8C517-08AA-4844-B9E7-30AF54752847} - C:\WINDOWS\System32\Ioyc.dll File not found
O28 - HKLM ShellExecuteHooks: {C00AB6E5-2CCB-4EF5-B3FA-01A363F99830} - C:\WINDOWS\System32\Eanv.dll File not found
O28 - HKLM ShellExecuteHooks: {C4368D2A-53F2-4727-A7E8-F4ED54178B21} - C:\WINDOWS\System32\Dowoc.dll File not found
O28 - HKLM ShellExecuteHooks: {C65B6179-B534-46E5-9E09-AB811F384EFF} - C:\WINDOWS\System32\Tqyv.dll File not found
O28 - HKLM ShellExecuteHooks: {C85F2CDB-297F-4364-A561-A489D3C91003} - C:\WINDOWS\System32\Vdzq.dll File not found
O28 - HKLM ShellExecuteHooks: {C8B7D7C6-A0EE-40AA-BD67-0098F03C40AC} - C:\WINDOWS\System32\Igiof.dll File not found
O28 - HKLM ShellExecuteHooks: {CBF82635-91DA-42C4-832C-92073876BC9E} - C:\WINDOWS\System32\Kfigiz.dll File not found
O28 - HKLM ShellExecuteHooks: {CE0DE6F4-5EF8-47F5-8EEB-DD90F05AF953} - C:\WINDOWS\System32\Zlac.dll ()
O28 - HKLM ShellExecuteHooks: {CE771032-D9EB-4196-B53B-C8427F245335} - C:\WINDOWS\System32\Wfvgld.dll File not found
O28 - HKLM ShellExecuteHooks: {CED0390F-B4B3-46F0-BD43-F04236508454} - C:\WINDOWS\System32\Gzvjpl.dll File not found
O28 - HKLM ShellExecuteHooks: {CF5999ED-D07E-4925-A1B0-2791D1A5773E} - C:\WINDOWS\System32\Mskqsf.dll File not found
O28 - HKLM ShellExecuteHooks: {D0A77C56-1796-4132-93A3-2042CB863E99} - C:\WINDOWS\System32\Njcln.dll File not found
O28 - HKLM ShellExecuteHooks: {D32E43A6-79CE-4BD7-A05C-358C2BC7A815} - C:\WINDOWS\System32\Gkkkmx.dll File not found
O28 - HKLM ShellExecuteHooks: {D3B3A173-D5AA-439B-8F45-508F9967A518} - C:\WINDOWS\System32\Rquglx.dll File not found
O28 - HKLM ShellExecuteHooks: {D4700314-37FD-48AE-A0D2-3DCDEACCD929} - C:\WINDOWS\System32\Mkxiyn.dll File not found
O28 - HKLM ShellExecuteHooks: {D82197E8-D9DB-4E7D-B2B0-632F4F228FF8} - C:\WINDOWS\System32\Syod.dll File not found
O28 - HKLM ShellExecuteHooks: {D9489367-CD3E-4E9A-A6E5-BF9CDFDCDC74} - C:\WINDOWS\System32\Dyqoln.dll File not found
O28 - HKLM ShellExecuteHooks: {D97B2027-E1F9-4D28-A9C5-1AF683E747D9} - C:\WINDOWS\System32\Hwns.dll File not found
O28 - HKLM ShellExecuteHooks: {D9E78D42-2D2E-49D1-BF53-7DB3F2818CA0} - C:\WINDOWS\System32\Ijtvk.dll File not found
O28 - HKLM ShellExecuteHooks: {DA67DEAF-7688-4FAA-AF70-36877C0EFA6C} - C:\WINDOWS\System32\Itxmob.dll File not found
O28 - HKLM ShellExecuteHooks: {DACB5C66-7D38-4121-94B2-E7DCF075E5E9} - C:\WINDOWS\System32\Ggtgy.dll File not found
O28 - HKLM ShellExecuteHooks: {DC7F3842-BC5B-4109-A11B-3C0902A5EC02} - C:\WINDOWS\System32\Ffzcm.dll File not found
O28 - HKLM ShellExecuteHooks: {DCA8F56D-73B8-40F2-966A-97446469A3ED} - C:\WINDOWS\System32\Dbiv.dll File not found
O28 - HKLM ShellExecuteHooks: {DD90D74A-AC42-4054-9533-161DE454116A} - C:\WINDOWS\System32\Msxtr.dll File not found
O28 - HKLM ShellExecuteHooks: {DEA636BF-4F5B-438B-AAC6-E57F3D0110E0} - C:\WINDOWS\System32\Eide.dll File not found
O28 - HKLM ShellExecuteHooks: {DF6B7DB1-32AE-4819-869B-C9643C2BD6A3} - C:\WINDOWS\System32\Rvsli.dll File not found
O28 - HKLM ShellExecuteHooks: {DF6B9239-97B6-4AF1-8431-3A97CEC92B4C} - C:\WINDOWS\System32\Bgghpx.dll File not found
O28 - HKLM ShellExecuteHooks: {E1989F84-BF01-4960-B423-6232CEE6B398} - C:\WINDOWS\System32\Cwuxd.dll File not found
O28 - HKLM ShellExecuteHooks: {E1B0BC24-9FAC-451B-AEE6-78D15B1B7EB4} - C:\WINDOWS\System32\Jwehk.dll File not found
O28 - HKLM ShellExecuteHooks: {E1BAB224-9C2E-4AC0-9EF5-80354D52E6DC} - C:\WINDOWS\System32\Obxy.dll File not found
O28 - HKLM ShellExecuteHooks: {E2A3FE48-2E8B-40DE-AFDB-48DC6637444F} - C:\WINDOWS\System32\Gbgk.dll File not found
O28 - HKLM ShellExecuteHooks: {E3537A44-9119-4C88-A632-34EFE1B5ADEF} - C:\WINDOWS\System32\Ikbrq.dll File not found
O28 - HKLM ShellExecuteHooks: {E50348DB-8AF1-4863-A29B-51C75396EA6F} - C:\WINDOWS\System32\Yjplf.dll File not found
O28 - HKLM ShellExecuteHooks: {E66F87A8-BDE8-41D1-834B-3DCC69D477CF} - C:\WINDOWS\System32\Ihlj.dll File not found
O28 - HKLM ShellExecuteHooks: {E7B3FAC3-3A12-4A8F-9988-950E1CFC20D7} - C:\WINDOWS\System32\Nvagem.dll File not found
O28 - HKLM ShellExecuteHooks: {E7E811C7-2DDA-422D-962C-3B42C95155F9} - C:\WINDOWS\System32\Xvdkh.dll File not found
O28 - HKLM ShellExecuteHooks: {E912DDEB-3BCF-401D-9852-4CF02DC1D749} - C:\WINDOWS\System32\Zzfh.dll File not found
O28 - HKLM ShellExecuteHooks: {EA01A161-93F0-4B5A-918C-CEC9AC96F7A6} - C:\WINDOWS\System32\Cbdu.dll File not found
O28 - HKLM ShellExecuteHooks: {EAADED0E-0012-4E6B-8450-9E043DDA596D} - C:\WINDOWS\System32\Vqfrn.dll File not found
O28 - HKLM ShellExecuteHooks: {EBA1F4EA-CC8E-4C5E-909B-32BCD98A324D} - C:\WINDOWS\System32\Ddjv.dll File not found
O28 - HKLM ShellExecuteHooks: {EC66667C-606C-4847-9973-B52ECECE2E18} - C:\WINDOWS\System32\Zaeb.dll File not found
O28 - HKLM ShellExecuteHooks: {EF90BEC9-9C83-4FB4-AE11-C727D781234B} - C:\WINDOWS\System32\Wmlfw.dll File not found
O28 - HKLM ShellExecuteHooks: {F06BF7CD-ABB2-468C-9C7A-54AF27108A17} - C:\WINDOWS\System32\Ccuqd.dll File not found
O28 - HKLM ShellExecuteHooks: {F14B6818-65C3-4DA0-93C5-D33F73F5FBB1} - C:\WINDOWS\System32\Twmfad.dll File not found
O28 - HKLM ShellExecuteHooks: {F37A4232-78E6-450F-A646-56DDEA371EDC} - C:\WINDOWS\System32\Qtvre.dll File not found
O28 - HKLM ShellExecuteHooks: {F3F6AC7B-C3A4-4937-8466-5AC115EE6AB6} - C:\WINDOWS\System32\Wplxg.dll File not found
O28 - HKLM ShellExecuteHooks: {F62BEDDA-42DD-4ACD-97EB-C78FF05B33D6} - C:\WINDOWS\System32\Fywvcx.dll File not found
O28 - HKLM ShellExecuteHooks: {F7037716-52FD-4BA4-A2E0-D70A0A29DDE4} - C:\WINDOWS\System32\Ktypu.dll File not found
O28 - HKLM ShellExecuteHooks: {F88796B8-BFB1-4C81-BE74-859C3C9DA156} - C:\WINDOWS\System32\Mrjto.dll File not found
O28 - HKLM ShellExecuteHooks: {F947E829-7E89-4AD2-82F4-94B9D3110892} - C:\WINDOWS\System32\Bcjfwf.dll File not found
O28 - HKLM ShellExecuteHooks: {F9F1CB87-0B64-4588-9CA2-3F92C4FEBCBA} - C:\WINDOWS\System32\Gjcy.dll File not found
O28 - HKLM ShellExecuteHooks: {FA6CD028-69FF-4C3F-AB06-62066514C852} - C:\WINDOWS\System32\Amnep.dll File not found
O28 - HKLM ShellExecuteHooks: {FAB00860-C74A-452B-BECB-D374DF0C2CC7} - C:\WINDOWS\System32\Ujtbmk.dll File not found
O28 - HKLM ShellExecuteHooks: {FB1F204E-E14C-4B8C-ACE4-1D55F2400BEA} - C:\WINDOWS\System32\Bzaa.dll File not found
O28 - HKLM ShellExecuteHooks: {FBE8A2DC-6828-426F-BCE0-C40A1F631EE5} - C:\WINDOWS\System32\Qerrc.dll File not found
O28 - HKLM ShellExecuteHooks: {FE00E7BC-3B05-4526-ADA9-BC3E341B3867} - C:\WINDOWS\System32\Ckferv.dll File not found
[2006/06/06 01:12:56 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Lktm.dll
[2006/05/27 22:19:20 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Auzq.dll
[2006/05/27 01:41:42 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Zlac.dll
[2006/05/26 10:45:43 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Jgwhfn.dll
[2006/05/25 23:51:41 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Swmnv.dll
[2006/05/25 09:42:53 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Bhcq.dll
[2006/05/24 23:59:06 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Xrct.dll
[2006/08/19 12:46:39 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\0000_sys.sys
[2006/08/12 18:14:24 | 00,000,435 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2006/07/25 00:57:22 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/07/16 19:18:58 | 00,000,098 | ---- | C] () -- C:\WINDOWS\DMI.INI
[2006/07/05 10:01:48 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2006/06/20 10:33:10 | 00,000,477 | ---- | C] () -- C:\WINDOWS\chsmtreg.ini
[2006/06/20 10:25:31 | 00,000,062 | ---- | C] () -- C:\WINDOWS\chsmts16.ini

:files

:reg

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Let it run the fix. A log will then pop-up to your screen after the fix finish.. If it needs a reboot, just let it.. Post that log in your next reply...



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results

Edited by fenzodahl512, 17 August 2009 - 07:31 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 John_2009

John_2009
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 18 August 2009 - 08:55 AM

fenzodahl512,

Thanks. I believe my computer was infected by a Chinese news website located in Canada.

The Comedian went throught successfully. When I ran OTL, it seemed working well before it showed the error sign "OTL: OTL.exe-bad image
The application or DLL C:\windows\system32\lktm.dll is not a valid window image. Please check this against your installation diskette."

I clicked ok and it stuck for a little while and then it started working again, reboot and the following is the log. Unfortunately, when ran GAMERs's scan. It seemed it would take a while. When I return, everything is gone. I tried to reran it. I would not be able to do so.

Thanks,

John



All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== OTL ==========

Service\Driver  deleted successfully.
C:\WINDOWS\System32\drivers\0000_sys.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{0103E2D0-91A1-4D79-9110-8300233B74BE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0103E2D0-91A1-4D79-9110-8300233B74BE}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{01641A44-1C98-43B4-9534-97D339BB7CDE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01641A44-1C98-43B4-9534-97D339BB7CDE}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{0246951D-A808-4F83-ADE2-8834F683A9CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0246951D-A808-4F83-ADE2-8834F683A9CE}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{05057743-9A10-43F6-B3D2-36EF7C5CE898} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05057743-9A10-43F6-B3D2-36EF7C5CE898}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{08CE731B-8A86-4039-9FB1-B133C5EC75CF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08CE731B-8A86-4039-9FB1-B133C5EC75CF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{0997C943-01BE-4116-BAF9-AFC73A955315} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0997C943-01BE-4116-BAF9-AFC73A955315}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{0AC1B0BB-9FFC-44EB-B018-5FA9F81FB29A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC1B0BB-9FFC-44EB-B018-5FA9F81FB29A}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{0E14176C-346D-47A6-B576-CB012830D187} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E14176C-346D-47A6-B576-CB012830D187}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{0E84C2E4-C3AC-4639-A37E-919C3E8DE5E6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E84C2E4-C3AC-4639-A37E-919C3E8DE5E6}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{0F9CF8B2-CC33-4236-8E1C-B92005CEA1D9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F9CF8B2-CC33-4236-8E1C-B92005CEA1D9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{13821998-D7A0-4C7B-8FDF-6206B19AEB04} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13821998-D7A0-4C7B-8FDF-6206B19AEB04}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1582CC5D-EE18-494B-9020-D068E43DE4B8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1582CC5D-EE18-494B-9020-D068E43DE4B8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{15E20763-0272-4C71-9924-E3921080A5ED} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15E20763-0272-4C71-9924-E3921080A5ED}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{17425469-1D0D-4882-BA8A-1C9054A9BB46} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17425469-1D0D-4882-BA8A-1C9054A9BB46}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1830FB0C-BAB8-4921-95DF-0248C91C1524} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1830FB0C-BAB8-4921-95DF-0248C91C1524}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1919DD21-B7CD-4EF7-BB78-0A04B49D6D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1919DD21-B7CD-4EF7-BB78-0A04B49D6D39}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{19444FF8-9C32-4FDB-8D85-B20236E571C6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19444FF8-9C32-4FDB-8D85-B20236E571C6}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{19D7FDC4-A1FA-4B79-A422-C8E66572F124} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19D7FDC4-A1FA-4B79-A422-C8E66572F124}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{19EE4793-251A-45AC-A9C4-097DD25776E0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19EE4793-251A-45AC-A9C4-097DD25776E0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1CE41EDF-F8E0-47CC-913A-027DA46E0BF0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CE41EDF-F8E0-47CC-913A-027DA46E0BF0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1D5A785A-FCD2-4952-AAEF-A00BA1D26AB0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D5A785A-FCD2-4952-AAEF-A00BA1D26AB0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1DBF2052-C6B9-4C9C-B70F-2615433E6FF9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DBF2052-C6B9-4C9C-B70F-2615433E6FF9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1E192DDF-2E29-4E75-809B-C9DCEB11123B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E192DDF-2E29-4E75-809B-C9DCEB11123B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1EA684C4-D7C1-4A4E-88B9-628D26066124} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1EA684C4-D7C1-4A4E-88B9-628D26066124}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1EB4CAF3-3B9E-4A30-B642-D846457E1185} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1EB4CAF3-3B9E-4A30-B642-D846457E1185}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1F6F3FE9-714E-4CD2-B8A7-C835052386DB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F6F3FE9-714E-4CD2-B8A7-C835052386DB}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{200B3450-ED8B-4104-86F5-F9D98A4F9DDE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{200B3450-ED8B-4104-86F5-F9D98A4F9DDE}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{20932591-2E2C-4491-A536-E022730D57F7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20932591-2E2C-4491-A536-E022730D57F7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{215B110B-ECD5-4D34-87B8-1F3A9229872D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{215B110B-ECD5-4D34-87B8-1F3A9229872D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{2BEDB255-F977-41E0-9146-AFCCD507844B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BEDB255-F977-41E0-9146-AFCCD507844B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{2D1E2BF2-5801-4C14-A050-54D22E7FFBCB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D1E2BF2-5801-4C14-A050-54D22E7FFBCB}\ deleted successfully.
C:\WINDOWS\System32\Auzq.dll NOT unregistered.
C:\WINDOWS\System32\Auzq.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{2D7B2AF6-7F7A-4563-8A96-765F50986A34} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D7B2AF6-7F7A-4563-8A96-765F50986A34}\ deleted successfully.
C:\WINDOWS\System32\Xrct.dll NOT unregistered.
C:\WINDOWS\System32\Xrct.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{2EE455A4-5D83-4BAA-B422-A9703E367130} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EE455A4-5D83-4BAA-B422-A9703E367130}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{2EF92FEF-97C1-43C3-8406-5F4105D8BD47} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EF92FEF-97C1-43C3-8406-5F4105D8BD47}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{32BCF0C1-D18E-4048-BDDD-21A3F0A254B3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32BCF0C1-D18E-4048-BDDD-21A3F0A254B3}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{33EA038D-4093-4EE6-845A-2A698AD47A51} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33EA038D-4093-4EE6-845A-2A698AD47A51}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{354556FD-0A48-40AC-AC7B-F2132CE566DF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{354556FD-0A48-40AC-AC7B-F2132CE566DF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3598771A-FE7A-44AC-8334-82E78365FB59} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3598771A-FE7A-44AC-8334-82E78365FB59}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{37840440-2637-4946-863D-EDB23414B5C1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37840440-2637-4946-863D-EDB23414B5C1}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{397B6315-295D-4C8D-8B27-446C94D11926} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{397B6315-295D-4C8D-8B27-446C94D11926}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{397D18A3-4E5D-4FB3-A27B-072E3DAEC2D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{397D18A3-4E5D-4FB3-A27B-072E3DAEC2D7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3A2F453C-CD7E-41D6-BC40-8158EFA2A813} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A2F453C-CD7E-41D6-BC40-8158EFA2A813}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3C47806D-1381-4088-A542-CE85613473FF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C47806D-1381-4088-A542-CE85613473FF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3C4EACF8-38F8-4DB6-8798-6968A0C9D7D9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C4EACF8-38F8-4DB6-8798-6968A0C9D7D9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3CABD70A-FE07-46E0-BAEA-17941550C126} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CABD70A-FE07-46E0-BAEA-17941550C126}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3D94DD02-DFAF-4FD8-AC44-206620CDA028} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D94DD02-DFAF-4FD8-AC44-206620CDA028}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3DCCEEA9-9F68-4A1D-823D-9F5A769F3A6C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DCCEEA9-9F68-4A1D-823D-9F5A769F3A6C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3E4C8E91-67D9-46BA-852E-4816A031D746} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E4C8E91-67D9-46BA-852E-4816A031D746}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3FE44E3A-B607-4A47-BE7F-1E07463264DE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3FE44E3A-B607-4A47-BE7F-1E07463264DE}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{40093970-3724-44D6-924A-BF7DC1E4DA26} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40093970-3724-44D6-924A-BF7DC1E4DA26}\ deleted successfully.
C:\WINDOWS\System32\Bhcq.dll NOT unregistered.
C:\WINDOWS\System32\Bhcq.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{40BABA97-8B45-4412-909C-AA4980D78BF7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40BABA97-8B45-4412-909C-AA4980D78BF7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4790C31F-A108-449B-9104-F92598D1FA35} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4790C31F-A108-449B-9104-F92598D1FA35}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{49334ED8-2493-4D91-B15B-EA32AE9E7D89} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49334ED8-2493-4D91-B15B-EA32AE9E7D89}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4F2777A0-AE90-4651-B0FF-BC75CBEC333C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F2777A0-AE90-4651-B0FF-BC75CBEC333C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4F5612FF-71BC-4F7D-852E-9EE7878C9930} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F5612FF-71BC-4F7D-852E-9EE7878C9930}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5088CCDE-CCBC-49D6-8E7D-00A6E51E3455} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5088CCDE-CCBC-49D6-8E7D-00A6E51E3455}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{54675C7E-1A4D-46DA-B7C7-1ABC9039FF58} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54675C7E-1A4D-46DA-B7C7-1ABC9039FF58}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{54B0E4DA-0476-4FF7-9BB7-B27A77985E4D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54B0E4DA-0476-4FF7-9BB7-B27A77985E4D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{563C2D99-01B4-4B33-AB4C-C0C1B5047C1C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{563C2D99-01B4-4B33-AB4C-C0C1B5047C1C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{57735E86-6CF9-48FC-825E-299774296223} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57735E86-6CF9-48FC-825E-299774296223}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{579CFB54-4195-4D4D-B755-C7FDEA676836} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{579CFB54-4195-4D4D-B755-C7FDEA676836}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{57C33D99-0ECB-4310-A17F-1E2AC8987FEC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57C33D99-0ECB-4310-A17F-1E2AC8987FEC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5B914E7A-A26A-4459-BC12-66386E78771D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B914E7A-A26A-4459-BC12-66386E78771D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5D7E20B4-2427-482A-BD81-62DE872CEB91} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D7E20B4-2427-482A-BD81-62DE872CEB91}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5E0E7923-CE6B-4B20-9A61-990272BB6527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E0E7923-CE6B-4B20-9A61-990272BB6527}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{61089A6B-EF6C-45D3-AB09-4EF0781C3543} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61089A6B-EF6C-45D3-AB09-4EF0781C3543}\ deleted successfully.
C:\WINDOWS\System32\Swmnv.dll NOT unregistered.
C:\WINDOWS\System32\Swmnv.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{61772CEC-1DC2-4FDB-B220-433D97F708BB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61772CEC-1DC2-4FDB-B220-433D97F708BB}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{62F6C195-C088-469C-8580-8B1E46E65DF9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62F6C195-C088-469C-8580-8B1E46E65DF9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{63CCA302-800D-46F6-82A4-C6C387D72B95} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63CCA302-800D-46F6-82A4-C6C387D72B95}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6929A002-1D32-48D9-87BF-A852B5950DCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6929A002-1D32-48D9-87BF-A852B5950DCA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{69E61800-E601-4627-A883-ECB6764C0232} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69E61800-E601-4627-A883-ECB6764C0232}\ deleted successfully.
LoadLibrary failed for C:\WINDOWS\System32\Lktm.dll
C:\WINDOWS\System32\Lktm.dll NOT unregistered.
C:\WINDOWS\System32\Lktm.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{69FBDCF6-F14F-4DEB-83BB-E687C52BEEFA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69FBDCF6-F14F-4DEB-83BB-E687C52BEEFA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6A2D3285-1007-40E5-9C9F-82677C1C8114} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A2D3285-1007-40E5-9C9F-82677C1C8114}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6CC7B591-7B75-4051-AA94-1C634D63B686} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CC7B591-7B75-4051-AA94-1C634D63B686}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6CDD239C-6624-48CA-BAD3-C9883E4D453E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CDD239C-6624-48CA-BAD3-C9883E4D453E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6FAFDA3C-6B12-4C68-BCDE-CC7D4E7E0AB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FAFDA3C-6B12-4C68-BCDE-CC7D4E7E0AB9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6FE217B0-CF1C-4C19-97B7-7EC01F544B7C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FE217B0-CF1C-4C19-97B7-7EC01F544B7C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{718CDB6C-B4AB-41E4-9D19-0D41A67F02A6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{718CDB6C-B4AB-41E4-9D19-0D41A67F02A6}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{72441ED8-BF0D-4EA1-9923-9D0095580448} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72441ED8-BF0D-4EA1-9923-9D0095580448}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{73C5FE29-F51B-4DB8-B0F0-C66699CD264B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C5FE29-F51B-4DB8-B0F0-C66699CD264B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{7420D130-293B-49B9-92BD-766D88BAAA57} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7420D130-293B-49B9-92BD-766D88BAAA57}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{76C945A7-CFC0-436C-B946-A84A9A8494B6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76C945A7-CFC0-436C-B946-A84A9A8494B6}\ deleted successfully.
C:\WINDOWS\System32\Jgwhfn.dll NOT unregistered.
C:\WINDOWS\System32\Jgwhfn.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{77E62C14-03EE-4B1D-BC07-7B13FCBB2B47} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77E62C14-03EE-4B1D-BC07-7B13FCBB2B47}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{787F3998-0187-4482-B265-BA1950A38B12} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{787F3998-0187-4482-B265-BA1950A38B12}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{795D4D51-774E-40B4-ACDE-9E35D452967A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{795D4D51-774E-40B4-ACDE-9E35D452967A}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{7961D273-6BA1-4BDE-8DC2-4BAA07747B72} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7961D273-6BA1-4BDE-8DC2-4BAA07747B72}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{7A9BC48E-95D5-4110-A7F5-86266BC7D2CF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A9BC48E-95D5-4110-A7F5-86266BC7D2CF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{7AE4F465-F7C3-4F41-864B-A70A990CD971} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AE4F465-F7C3-4F41-864B-A70A990CD971}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{7CB79EE4-B221-44F2-BD25-ED61DEC5FA0C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7CB79EE4-B221-44F2-BD25-ED61DEC5FA0C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{7F5A6736-049F-4A74-872F-944286530B10} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F5A6736-049F-4A74-872F-944286530B10}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{8109468B-3EA8-49F8-8D4A-51B67C7644E8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8109468B-3EA8-49F8-8D4A-51B67C7644E8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{842B8CDB-10A2-4851-BB31-9741A3F229FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{842B8CDB-10A2-4851-BB31-9741A3F229FC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{8457A3E2-5618-4203-9623-20136597FE8C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8457A3E2-5618-4203-9623-20136597FE8C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{862CCB51-77AB-483A-AE41-A5907CC28CAA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{862CCB51-77AB-483A-AE41-A5907CC28CAA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{889CF40E-AD13-4F32-8BBD-0F5530E3A023} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{889CF40E-AD13-4F32-8BBD-0F5530E3A023}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{8B95F977-3A85-479E-9E3F-F5568BC3CD4D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B95F977-3A85-479E-9E3F-F5568BC3CD4D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{8D1848EF-BC99-4303-8902-C8CE123693CF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D1848EF-BC99-4303-8902-C8CE123693CF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{90F1A33D-EDBD-4635-B3CA-C6D08C6CDDA4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90F1A33D-EDBD-4635-B3CA-C6D08C6CDDA4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{91B453BF-7AD6-43F7-B9C1-5BDDDB526069} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91B453BF-7AD6-43F7-B9C1-5BDDDB526069}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{933FA22D-E849-4833-8197-5A2E2FF1B0A1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{933FA22D-E849-4833-8197-5A2E2FF1B0A1}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9AA67FF5-DCE9-4B28-A392-ECFCA202AAC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AA67FF5-DCE9-4B28-A392-ECFCA202AAC7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9AAEFF29-B6A7-4404-8F4A-E39DEB2B2475} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AAEFF29-B6A7-4404-8F4A-E39DEB2B2475}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9C0CB27B-06CD-44D5-8AD0-501549E9710B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C0CB27B-06CD-44D5-8AD0-501549E9710B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9C2E11A0-020E-4A94-AF04-3DCF4C65EE01} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C2E11A0-020E-4A94-AF04-3DCF4C65EE01}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9DA2A94C-AFA5-42BD-900F-FCE1385287E8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9DA2A94C-AFA5-42BD-900F-FCE1385287E8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9E62C24E-E0E4-4CC5-BFF2-3B002683D940} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E62C24E-E0E4-4CC5-BFF2-3B002683D940}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A0620F64-DCE6-44A8-8805-F5201A5A2EAB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0620F64-DCE6-44A8-8805-F5201A5A2EAB}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A18B5352-E5C1-419A-88E9-265C1F7E983F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A18B5352-E5C1-419A-88E9-265C1F7E983F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A1D5A59C-C1B6-475C-833B-AE72EB2955D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1D5A59C-C1B6-475C-833B-AE72EB2955D6}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A200AC6E-BB3B-4A24-9FB9-2A389C77D1D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A200AC6E-BB3B-4A24-9FB9-2A389C77D1D5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A9A26D8E-F3B6-4C43-AD7F-40E62FAE0FED} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9A26D8E-F3B6-4C43-AD7F-40E62FAE0FED}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AD83FC08-A6DF-44DD-855E-7CBAC4E72820} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD83FC08-A6DF-44DD-855E-7CBAC4E72820}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AD9688CE-5236-454F-8D68-3D51BFB0FE8F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD9688CE-5236-454F-8D68-3D51BFB0FE8F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{ADCC2EFE-BBD7-4A2B-8952-EE61C4C5B226} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADCC2EFE-BBD7-4A2B-8952-EE61C4C5B226}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AF2E6EEC-AAFD-44DE-B231-8D88F515098C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF2E6EEC-AAFD-44DE-B231-8D88F515098C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B1768154-2B69-429B-AFB6-262574DAE272} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1768154-2B69-429B-AFB6-262574DAE272}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B30751DF-19DD-4833-825E-0CA451EB881A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B30751DF-19DD-4833-825E-0CA451EB881A}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B36F464B-8000-41D2-9362-1B9C5E457111} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B36F464B-8000-41D2-9362-1B9C5E457111}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B3A76541-C5FB-4B8C-AD04-86793E5CD684} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3A76541-C5FB-4B8C-AD04-86793E5CD684}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B676C807-7EB2-453C-99FE-D5D2EAD4F803} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B676C807-7EB2-453C-99FE-D5D2EAD4F803}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B730E3EA-0270-4856-9050-72BD4958BD51} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B730E3EA-0270-4856-9050-72BD4958BD51}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{BCF190DE-CB8E-4ED6-9A62-5106AD5A66DC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCF190DE-CB8E-4ED6-9A62-5106AD5A66DC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{BD21883B-19B6-4559-BBB5-BD23BBB34F3C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD21883B-19B6-4559-BBB5-BD23BBB34F3C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{BEE8C517-08AA-4844-B9E7-30AF54752847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEE8C517-08AA-4844-B9E7-30AF54752847}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{C00AB6E5-2CCB-4EF5-B3FA-01A363F99830} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C00AB6E5-2CCB-4EF5-B3FA-01A363F99830}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{C4368D2A-53F2-4727-A7E8-F4ED54178B21} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4368D2A-53F2-4727-A7E8-F4ED54178B21}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{C65B6179-B534-46E5-9E09-AB811F384EFF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C65B6179-B534-46E5-9E09-AB811F384EFF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{C85F2CDB-297F-4364-A561-A489D3C91003} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C85F2CDB-297F-4364-A561-A489D3C91003}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{C8B7D7C6-A0EE-40AA-BD67-0098F03C40AC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8B7D7C6-A0EE-40AA-BD67-0098F03C40AC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{CBF82635-91DA-42C4-832C-92073876BC9E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBF82635-91DA-42C4-832C-92073876BC9E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{CE0DE6F4-5EF8-47F5-8EEB-DD90F05AF953} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE0DE6F4-5EF8-47F5-8EEB-DD90F05AF953}\ deleted successfully.
C:\WINDOWS\System32\Zlac.dll NOT unregistered.
C:\WINDOWS\System32\Zlac.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{CE771032-D9EB-4196-B53B-C8427F245335} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE771032-D9EB-4196-B53B-C8427F245335}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{CED0390F-B4B3-46F0-BD43-F04236508454} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CED0390F-B4B3-46F0-BD43-F04236508454}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{CF5999ED-D07E-4925-A1B0-2791D1A5773E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF5999ED-D07E-4925-A1B0-2791D1A5773E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{D0A77C56-1796-4132-93A3-2042CB863E99} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0A77C56-1796-4132-93A3-2042CB863E99}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{D32E43A6-79CE-4BD7-A05C-358C2BC7A815} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D32E43A6-79CE-4BD7-A05C-358C2BC7A815}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{D3B3A173-D5AA-439B-8F45-508F9967A518} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3B3A173-D5AA-439B-8F45-508F9967A518}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{D4700314-37FD-48AE-A0D2-3DCDEACCD929} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4700314-37FD-48AE-A0D2-3DCDEACCD929}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{D82197E8-D9DB-4E7D-B2B0-632F4F228FF8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D82197E8-D9DB-4E7D-B2B0-632F4F228FF8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{D9489367-CD3E-4E9A-A6E5-BF9CDFDCDC74} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9489367-CD3E-4E9A-A6E5-BF9CDFDCDC74}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{D97B2027-E1F9-4D28-A9C5-1AF683E747D9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D97B2027-E1F9-4D28-A9C5-1AF683E747D9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{D9E78D42-2D2E-49D1-BF53-7DB3F2818CA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9E78D42-2D2E-49D1-BF53-7DB3F2818CA0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DA67DEAF-7688-4FAA-AF70-36877C0EFA6C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA67DEAF-7688-4FAA-AF70-36877C0EFA6C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DACB5C66-7D38-4121-94B2-E7DCF075E5E9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DACB5C66-7D38-4121-94B2-E7DCF075E5E9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DC7F3842-BC5B-4109-A11B-3C0902A5EC02} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC7F3842-BC5B-4109-A11B-3C0902A5EC02}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DCA8F56D-73B8-40F2-966A-97446469A3ED} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCA8F56D-73B8-40F2-966A-97446469A3ED}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DD90D74A-AC42-4054-9533-161DE454116A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD90D74A-AC42-4054-9533-161DE454116A}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DEA636BF-4F5B-438B-AAC6-E57F3D0110E0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA636BF-4F5B-438B-AAC6-E57F3D0110E0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DF6B7DB1-32AE-4819-869B-C9643C2BD6A3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF6B7DB1-32AE-4819-869B-C9643C2BD6A3}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{DF6B9239-97B6-4AF1-8431-3A97CEC92B4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF6B9239-97B6-4AF1-8431-3A97CEC92B4C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E1989F84-BF01-4960-B423-6232CEE6B398} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1989F84-BF01-4960-B423-6232CEE6B398}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E1B0BC24-9FAC-451B-AEE6-78D15B1B7EB4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1B0BC24-9FAC-451B-AEE6-78D15B1B7EB4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E1BAB224-9C2E-4AC0-9EF5-80354D52E6DC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1BAB224-9C2E-4AC0-9EF5-80354D52E6DC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E2A3FE48-2E8B-40DE-AFDB-48DC6637444F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2A3FE48-2E8B-40DE-AFDB-48DC6637444F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E3537A44-9119-4C88-A632-34EFE1B5ADEF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3537A44-9119-4C88-A632-34EFE1B5ADEF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E50348DB-8AF1-4863-A29B-51C75396EA6F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E50348DB-8AF1-4863-A29B-51C75396EA6F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E66F87A8-BDE8-41D1-834B-3DCC69D477CF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E66F87A8-BDE8-41D1-834B-3DCC69D477CF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E7B3FAC3-3A12-4A8F-9988-950E1CFC20D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7B3FAC3-3A12-4A8F-9988-950E1CFC20D7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E7E811C7-2DDA-422D-962C-3B42C95155F9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E811C7-2DDA-422D-962C-3B42C95155F9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E912DDEB-3BCF-401D-9852-4CF02DC1D749} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E912DDEB-3BCF-401D-9852-4CF02DC1D749}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{EA01A161-93F0-4B5A-918C-CEC9AC96F7A6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA01A161-93F0-4B5A-918C-CEC9AC96F7A6}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{EAADED0E-0012-4E6B-8450-9E043DDA596D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EAADED0E-0012-4E6B-8450-9E043DDA596D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{EBA1F4EA-CC8E-4C5E-909B-32BCD98A324D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBA1F4EA-CC8E-4C5E-909B-32BCD98A324D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{EC66667C-606C-4847-9973-B52ECECE2E18} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC66667C-606C-4847-9973-B52ECECE2E18}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{EF90BEC9-9C83-4FB4-AE11-C727D781234B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF90BEC9-9C83-4FB4-AE11-C727D781234B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F06BF7CD-ABB2-468C-9C7A-54AF27108A17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F06BF7CD-ABB2-468C-9C7A-54AF27108A17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F14B6818-65C3-4DA0-93C5-D33F73F5FBB1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F14B6818-65C3-4DA0-93C5-D33F73F5FBB1}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F37A4232-78E6-450F-A646-56DDEA371EDC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F37A4232-78E6-450F-A646-56DDEA371EDC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F3F6AC7B-C3A4-4937-8466-5AC115EE6AB6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3F6AC7B-C3A4-4937-8466-5AC115EE6AB6}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F62BEDDA-42DD-4ACD-97EB-C78FF05B33D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F62BEDDA-42DD-4ACD-97EB-C78FF05B33D6}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F7037716-52FD-4BA4-A2E0-D70A0A29DDE4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7037716-52FD-4BA4-A2E0-D70A0A29DDE4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F88796B8-BFB1-4C81-BE74-859C3C9DA156} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F88796B8-BFB1-4C81-BE74-859C3C9DA156}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F947E829-7E89-4AD2-82F4-94B9D3110892} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F947E829-7E89-4AD2-82F4-94B9D3110892}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F9F1CB87-0B64-4588-9CA2-3F92C4FEBCBA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9F1CB87-0B64-4588-9CA2-3F92C4FEBCBA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{FA6CD028-69FF-4C3F-AB06-62066514C852} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA6CD028-69FF-4C3F-AB06-62066514C852}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{FAB00860-C74A-452B-BECB-D374DF0C2CC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAB00860-C74A-452B-BECB-D374DF0C2CC7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{FB1F204E-E14C-4B8C-ACE4-1D55F2400BEA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB1F204E-E14C-4B8C-ACE4-1D55F2400BEA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{FBE8A2DC-6828-426F-BCE0-C40A1F631EE5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBE8A2DC-6828-426F-BCE0-C40A1F631EE5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{FE00E7BC-3B05-4526-ADA9-BC3E341B3867} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE00E7BC-3B05-4526-ADA9-BC3E341B3867}\ deleted successfully.
File C:\WINDOWS\System32\Lktm.dll not found.
File C:\WINDOWS\System32\Auzq.dll not found.
File C:\WINDOWS\System32\Zlac.dll not found.
File C:\WINDOWS\System32\Jgwhfn.dll not found.
File C:\WINDOWS\System32\Swmnv.dll not found.
File C:\WINDOWS\System32\Bhcq.dll not found.
File C:\WINDOWS\System32\Xrct.dll not found.
File C:\WINDOWS\System32\drivers\0000_sys.sys not found.
C:\WINDOWS\Disney.ini moved successfully.
C:\WINDOWS\WORDPAD.INI moved successfully.
C:\WINDOWS\DMI.INI moved successfully.
C:\WINDOWS\A4W.INI moved successfully.
C:\WINDOWS\chsmtreg.ini moved successfully.
C:\WINDOWS\chsmts16.ini moved successfully.
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Bannana
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jane
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 201904788 bytes

User: Jane Dog

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 2910 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: john
->Temp folder emptied: 39042915 bytes
->Temporary Internet Files folder emptied: 7395154 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6168356 bytes

User: David
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 138283 bytes
->FireFox cache emptied: 776443 bytes

User: David New
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 29592466 bytes

%systemdrive% .tmp files removed: 6597 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4071161 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 85267125 bytes

Total Files Cleaned = 357.07 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08172009_200601

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 18 August 2009 - 10:52 AM

Please ran OTL once again.. Don't change anything.. Just hit the Run Scan button and post the log here.. Next do below.. :thumbup2:


Go HERE and download SysProt AntiRootkit. Unzip it to your Desktop
  • Run SysProt >> Click on the Log tab
  • Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)
  • Hit the Create Log button
  • When it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)
  • Let it scan until finish
  • Find the log.txt inside the SysProt folder and attach the log here.


NEXT


Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 John_2009

John_2009
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 18 August 2009 - 07:24 PM

fenzodahl512,

The following are logs for three runs:

Thanks,

John

Log for OTL:
OTL logfile created on: 8/18/2009 6:49:26 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\John\Desktop\John
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 640.16 Mb Available Physical Memory | 62.63% Memory free
2.40 Gb Paging File | 2.05 Gb Available in Paging File | 85.54% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.84 Gb Total Space | 46.79 Gb Free Space | 32.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 7.09 Gb Free Space | 95.15% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL8400
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2004/12/06 17:18:18 | 01,437,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\VUMC\VUMC VPN Client\cvpnd.exe
PRC - [2008/06/05 04:09:18 | 00,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
PRC - [2004/03/23 13:15:40 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
PRC - [2006/12/19 11:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/01/27 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2009/01/27 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2004/09/20 16:09:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2003/12/10 22:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe
PRC - [2006/12/19 11:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/10/13 03:04:00 | 00,184,320 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
PRC - [2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2004/03/23 13:16:16 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
PRC - [2004/10/12 17:54:30 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2003/09/17 11:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2005/01/31 23:14:56 | 00,331,776 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\System32\WDBtnMgr.exe
PRC - [2005/06/07 00:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2009/01/27 20:50:00 | 00,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2006/12/19 11:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2006/12/19 15:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/11 10:16:40 | 00,470,273 | ---- | M] (Avira GmbH) -- c:\program files\avira\antivir desktop\avcenter.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/08/17 09:01:38 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\John\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2004/12/06 17:18:18 | 01,437,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\VUMC\VUMC VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/06/05 04:09:18 | 00,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [Auto | Running])
SRV - [2009/05/18 22:17:49 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/03/23 13:15:40 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/02/08 15:03:38 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Stopped])
SRV - [2006/12/19 11:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2009/01/27 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield [Auto | Paused])
SRV - [2009/01/27 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2004/09/20 16:09:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/12/10 22:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe -- (RetroWDSvc [Auto | Running])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2004/05/29 18:41:54 | 00,186,112 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2000/11/22 06:36:12 | 00,021,824 | ---- | M] (Shining Technology) -- C:\WINDOWS\System32\DRIVERS\bot2k.sys -- (bot [On_Demand | Stopped])
DRV - [2000/11/22 06:39:10 | 00,015,640 | ---- | M] (Shining Technology) -- C:\WINDOWS\System32\DRIVERS\botscsi2k.sys -- (botscsi [On_Demand | Stopped])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2003/09/22 09:48:00 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2003/05/01 14:26:34 | 00,005,220 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2004/12/06 17:17:18 | 00,268,872 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2003/07/24 19:55:50 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2008/06/05 03:50:08 | 00,023,552 | ---- | M] (Juniper Networks) -- C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt [On_Demand | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
DRV - [2004/08/04 06:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2005/02/02 02:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/03/23 13:13:58 | 00,467,200 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2003/12/08 01:53:06 | 00,009,728 | R--- | M] (Western Digital) -- C:\WINDOWS\System32\DRIVERS\inibtmgr.sys -- (inibtmgr [On_Demand | Stopped])
DRV - [2004/03/05 23:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/05 23:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/06/15 23:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2009/01/27 20:50:00 | 00,065,000 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV - [2009/01/27 20:50:00 | 00,073,512 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2009/01/27 20:50:00 | 00,034,408 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2009/01/27 20:50:00 | 00,177,864 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV - [2009/01/27 20:50:00 | 00,031,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
DRV - [2009/01/27 20:50:00 | 00,052,168 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys -- (mfetdik [System | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/05 23:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2006/02/07 22:46:14 | 00,020,386 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Tencent\qq\npkcrypt.sys -- (npkcrypt [Auto | Running])
DRV - [2006/02/07 22:46:14 | 00,037,009 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Tencent\qq\npkcusb.sys -- (npkcusb [On_Demand | Running])
DRV - [2004/09/20 16:09:00 | 02,738,592 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2003/09/22 09:47:00 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2004/01/12 16:51:44 | 01,252,474 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\P1120Vid.sys -- (P1120VID [On_Demand | Stopped])
DRV - [2004/06/09 13:16:00 | 00,840,960 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/10/18 04:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2004/11/16 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,086,554 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/11/16 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2003/08/28 22:40:26 | 00,189,792 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 21:29:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.4\Extensions\\Components: C:\PROGRA~1\MOZILL~1\components\ [2009/05/06 20:42:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.4\Extensions\\Plugins: C:\PROGRA~1\MOZILL~1\plugins\ [2009/05/06 20:42:01 | 00,000,000 | ---D | M]

[2007/12/21 23:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\e7rztp3m.default\extensions
[2007/12/21 23:23:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\e7rztp3m.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2006/03/01 23:45:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/06/08 22:23:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2006/06/08 22:23:42 | 00,060,526 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/06/08 22:23:42 | 00,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/06/08 22:23:43 | 00,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2007/03/01 18:08:58 | 00,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/05/06 20:42:01 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2006/06/08 22:23:44 | 00,017,032 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/12/23 01:56:00 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/12/23 01:56:00 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/12/23 01:56:00 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/12/23 01:56:00 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/12/23 01:56:00 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2006/04/19 01:36:53 | 01,312,392 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2006/03/01 23:46:51 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2006/03/01 23:46:26 | 00,000,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2006/03/01 23:46:26 | 00,001,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png
[2006/03/01 23:46:09 | 00,000,539 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src
[2006/03/01 23:46:34 | 00,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2006/03/01 23:46:17 | 00,001,007 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2006/03/01 23:46:17 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2006/03/01 23:46:09 | 00,001,056 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2006/03/01 23:46:42 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2006/03/01 23:46:17 | 00,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2006/03/01 23:46:09 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2006/03/01 23:46:34 | 00,001,122 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: (685 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Download by easyMule - C:\Program Files\easyMule\IE2EM.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - File not found
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm ()
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm ()
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent1\qq\AddEmotion.htm ()
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\Bin\SetMSNDP.htm ()
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe File not found
O9 - Extra 'Tools' menuitem : 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: StumbleUpon - {75C9223A-409A-4795-A3CA-08DE6B075B4B} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (BitComet)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 5 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://qidaiunitedstates.spaces.live.com//...ad/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1129005725656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://vpn.mc.vanderbilt.edu/dana-cached/s...perSetupSP1.cab (JuniperSetupControlXP Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop Components:1 (Aqua Real) - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/08/17 20:06:01 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/17 19:56:58 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\John\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/17 19:56:51 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\John\Desktop\NTREGOPT.lnk
[2009/08/17 19:56:51 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2009/08/17 19:56:51 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/17 00:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Runscanner.net
[2009/08/17 00:25:17 | 00,000,000 | ---D | C] -- C:\runscanner
[2009/08/17 00:23:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\John
[2009/08/16 21:33:43 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/08/16 21:33:25 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/08/16 21:33:25 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/08/16 21:33:25 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/08/16 21:33:25 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/08/16 21:33:23 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/08/16 21:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/08/16 21:29:12 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/16 19:08:57 | 00,000,000 | ---D | C] -- C:\rsit
[2009/08/16 19:08:57 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/08/15 11:09:40 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/08/15 11:08:50 | 00,019,286 | ---- | C] () -- C:\cleanup.exe
[2009/08/14 23:57:55 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/08/13 23:11:54 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/08/13 19:43:43 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/11 23:52:53 | 00,000,000 | ---D | C] -- C:\sb
[2009/08/11 21:55:30 | 00,000,000 | ---D | C] -- C:\SDFIX
[2009/08/11 19:10:03 | 00,000,000 | ---D | C] -- C:\john
[2009/08/09 23:34:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\32788R22FWJFW
[2009/08/09 21:35:10 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/09 21:35:08 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/09 16:45:41 | 00,000,000 | ---D | C] -- C:\New virus
[2009/08/06 19:27:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/08/06 03:04:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/06 03:04:09 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/06 03:03:39 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/06 03:03:39 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/06 03:03:39 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/06 03:03:39 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/06 03:03:39 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/06 03:03:39 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/06 03:03:39 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/06 03:03:38 | 00,000,000 | ---D | C] -- C:\e8345f09ee23ae7997
[2009/08/03 23:12:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\working memory
[2009/08/03 00:33:55 | 00,792,525 | ---- | C] () -- C:\Documents and Settings\John\Desktop\偷拍动物睡觉,太可爱了 - 灌水閒聊 - Sina BBS - Powered by Discuz!.mht
[2009/06/20 22:05:16 | 00,068,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\SKYNETfrfbpjpi.sys
[2008/10/28 20:22:58 | 00,000,223 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2008/10/28 20:18:23 | 00,548,864 | ---- | C] () -- C:\WINDOWS\System32\dlbjusb1.dll
[2008/10/28 20:18:23 | 00,544,768 | ---- | C] () -- C:\WINDOWS\System32\dlbjserv.dll
[2008/10/28 20:18:23 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlbjjswr.dll
[2008/10/28 20:18:23 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\dlbjcomc.dll
[2008/10/28 20:18:23 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\dlbjcomm.dll
[2008/10/28 20:18:23 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\dlbjlmpm.dll
[2008/10/28 20:18:23 | 00,352,256 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjutil.dll
[2008/10/28 20:18:23 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbjpplc.dll
[2008/10/28 20:18:23 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dlbjprox.dll
[2008/10/28 20:18:23 | 00,090,112 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjcur.dll
[2008/10/28 20:18:23 | 00,073,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbjcu.dll
[2008/10/28 20:18:23 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbjvs.dll
[2008/10/14 22:53:36 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/10/14 21:18:30 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/20 23:56:37 | 00,166,216 | ---- | C] () -- C:\WINDOWS\System32\contmenu.dll.del
[2008/02/20 23:56:37 | 00,166,216 | ---- | C] () -- C:\WINDOWS\System32\contmenu.dll
[2007/01/05 22:38:54 | 00,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/05/06 01:49:39 | 00,000,071 | ---- | C] () -- C:\WINDOWS\SCRCFG.ini
[2005/09/10 00:01:23 | 00,000,086 | ---- | C] () -- C:\WINDOWS\BMate.INI
[2005/03/12 20:25:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/02/01 16:16:31 | 00,000,201 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2005/02/01 15:48:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/01/31 22:59:00 | 00,000,098 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/31 22:55:02 | 00,131,072 | ---- | C] () -- C:\WINDOWS\SNVerifyDLL.dll
[2005/01/12 20:03:00 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/09 14:15:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 14:10:33 | 00,000,344 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/09 14:06:36 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/09 14:06:28 | 00,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/01/09 14:06:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/01/09 14:06:23 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/01/09 13:39:12 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/12/21 17:47:17 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/09/15 23:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:04:08 | 00,000,582 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 13:57:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 06:00:00 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\scecli.dll
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/04/14 10:40:32 | 00,001,417 | ---- | C] () -- C:\WINDOWS\System32\WD.ini
[2003/12/15 15:42:52 | 00,000,232 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP3.ini
[2003/12/15 15:42:36 | 00,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP2.ini
[1980/01/01 01:00:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1980/01/01 01:00:00 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 01:00:00 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

========== Files - Modified Within 30 Days ==========

[2009/08/18 18:25:13 | 00,007,275 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/18 18:24:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/08/18 18:18:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/18 18:18:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/08/17 19:56:58 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\John\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/17 19:56:51 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\John\Desktop\NTREGOPT.lnk
[2009/08/17 19:56:51 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2009/08/16 21:33:43 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/08/16 17:58:13 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/16 17:51:51 | 00,000,582 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/08/16 17:51:51 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/16 17:51:51 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/08/15 11:08:50 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
[2009/08/13 22:53:25 | 01,600,656 | -H-- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\IconCache.db
[2009/08/11 22:03:24 | 00,000,685 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/08/09 16:43:36 | 00,527,650 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/09 16:43:36 | 00,445,684 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/08/09 16:43:36 | 00,072,890 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/08/09 15:21:15 | 00,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/06 21:27:37 | 00,107,984 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/06 03:14:55 | 00,383,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/04 11:25:41 | 00,000,223 | ---- | M] () -- C:\WINDOWS\DELLSTAT.INI
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/03 00:33:56 | 00,792,525 | ---- | M] () -- C:\Documents and Settings\John\Desktop\偷拍动物睡觉,太可爱了 - 灌水閒聊 - Sina BBS - Powered by Discuz!.mht
[2009/08/01 22:55:57 | 00,001,852 | -H-- | M] () -- C:\Documents and Settings\John\My Documents\Default.rdp
[2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

========== Files - Unicode (All) ==========
[2006/01/01 12:21:21 | 00,000,000 | ---D | C](C:\Documents and Settings\John\My Documents\北美生活网 ? World Biz City Archive_files) -- C:\Documents and Settings\John\My Documents\北美生活网 World Biz City Archive_files
[2006/01/01 12:21:21 | 00,026,076 | ---- | C] ()(C:\Documents and Settings\John\My Documents\北美生活网 ? World Biz City Archive.htm) -- C:\Documents and Settings\John\My Documents\北美生活网 World Biz City Archive.htm
[2006/01/01 12:21:22 | 00,000,000 | ---D | M](C:\Documents and Settings\John\My Documents\北美生活网 ? World Biz City Archive_files) -- C:\Documents and Settings\John\My Documents\北美生活网 World Biz City Archive_files
[2006/01/01 12:21:22 | 00,026,076 | ---- | M] ()(C:\Documents and Settings\John\My Documents\北美生活网 ? World Biz City Archive.htm) -- C:\Documents and Settings\John\My Documents\北美生活网 World Biz City Archive.htm
[2007/01/19 11:31:38 | 00,000,000 | ---D | C](C:\Documents and Settings\John\My Documents\国力面临大转折? (??-1)_files) -- C:\Documents and Settings\John\My Documents\国力面临大转折? (续1)_files
[2007/01/19 11:31:38 | 00,061,412 | ---- | C] ()(C:\Documents and Settings\John\My Documents\国力面临大转折? (??-1).htm) -- C:\Documents and Settings\John\My Documents\国力面临大转折? (续1).htm
[2007/01/19 11:31:39 | 00,000,000 | ---D | M](C:\Documents and Settings\John\My Documents\国力面临大转折? (??-1)_files) -- C:\Documents and Settings\John\My Documents\国力面临大转折? (续1)_files
[2007/01/19 11:31:39 | 00,061,412 | ---- | M] ()(C:\Documents and Settings\John\My Documents\国力面临大转折? (??-1).htm) -- C:\Documents and Settings\John\My Documents\国力面临大转折? (续1).htm
< End of report >


Log for SysProt:
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\smss.exe
PID: 956
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\csrss.exe
PID: 996
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\winlogon.exe
PID: 1020
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\services.exe
PID: 1068
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\lsass.exe
PID: 1080
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1276
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1412
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1492
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1620
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1680
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\spoolsv.exe
PID: 1760
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\sched.exe
PID: 1808
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PID: 1820
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 1864
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
PID: 2032
Hidden: No
Window Visible: No

Name: C:\Program Files\VUMC\VUMC VPN Client\cvpnd.exe
PID: 144
Hidden: No
Window Visible: No

Name: C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PID: 156
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Live\Family Safety\fsssvc.exe
PID: 184
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PID: 224
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PID: 264
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PID: 384
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PID: 416
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\nvsvc32.exe
PID: 548
Hidden: No
Window Visible: No

Name: C:\Program Files\Dantz\Retrospect\wdsvc.exe
PID: 608
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PID: 640
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 692
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PID: 764
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\svchost.exe
PID: 784
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
PID: 840
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\alg.exe
PID: 2328
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 3888
Hidden: No
Window Visible: No

Name: C:\Program Files\Creative\Shared Files\CamTray.exe
PID: 748
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PID: 916
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PID: 1596
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PID: 1896
Hidden: No
Window Visible: No

Name: C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PID: 2052
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\WDBtnMgr.exe
PID: 2080
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PID: 2104
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\wuauclt.exe
PID: 2112
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PID: 2120
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PID: 1576
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PID: 2064
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\Common Framework\Mctray.exe
PID: 1952
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PID: 1376
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\ctfmon.exe
PID: 1468
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PID: 2692
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SYSTEM32\wscntfy.exe
PID: 4016
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\John\Desktop\John\SysProt\SysProt.exe
PID: 1728
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\John\Desktop\John\SysProt\SysProt.exe
PID: 1512
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: C:\WINDOWS\system32\drivers\SKYNETfrfbpjpi.sys
Service Name: SKYNETlwivgfyq
Module Base: ---
Module End: ---
Hidden: Yes

Module Name: \??\C:\Documents and Settings\John\Desktop\John\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: ECCB4000
Module End: ECCBF000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F79D2000
Module End: F79D4000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F78E2000
Module End: F78E5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F73A3000
Module End: F73D1000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F79D4000
Module End: F79D6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7392000
Module End: F73A3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F74D2000
Module End: F74DC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7A9A000
Module End: F7A9B000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7752000
Module End: F7759000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aliide.sys
Service Name: AliIde
Module Base: F79D6000
Module End: F79D8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cmdide.sys
Service Name: CmdIde
Module Base: F79D8000
Module End: F79DA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\toside.sys
Service Name: TosIde
Module Base: F79DA000
Module End: F79DC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaide.sys
Service Name: ViaIde
Module Base: F79DC000
Module End: F79DE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: F79DE000
Module End: F79E0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F74E2000
Module End: F74ED000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7373000
Module End: F7392000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F775A000
Module End: F775F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F74F2000
Module End: F74FF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cpqarray.sys
Service Name: Cpqarray
Module Base: F78E6000
Module End: F78EA000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: F735B000
Module End: F7373000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\iaStor.sys
Service Name: iaStor
Module Base: F72E8000
Module End: F735B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F72D0000
Module End: F72E8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aha154x.sys
Service Name: Aha154x
Module Base: F78EA000
Module End: F78EE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sparrow.sys
Service Name: Sparrow
Module Base: F7762000
Module End: F7767000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\symc810.sys
Service Name: symc810
Module Base: F78EE000
Module End: F78F2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aic78xx.sys
Service Name: aic78xx
Module Base: F7502000
Module End: F7510000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dac960nt.sys
Service Name: dac960nt
Module Base: F78F2000
Module End: F78F6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql10wnt.sys
Service Name: Ql10wnt
Module Base: F7512000
Module End: F751B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\amsint.sys
Service Name: amsint
Module Base: F78F6000
Module End: F78F9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc.sys
Service Name: asc
Module Base: F776A000
Module End: F7771000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc3550.sys
Service Name: asc3550
Module Base: F78FA000
Module End: F78FE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mraid35x.sys
Service Name: mraid35x
Module Base: F7772000
Module End: F7777000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\i2omp.sys
Service Name: i2omp
Module Base: F777A000
Module End: F777F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ini910u.sys
Service Name: ini910u
Module Base: F78FE000
Module End: F7902000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1240.sys
Service Name: ql1240
Module Base: F7522000
Module End: F752C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aic78u2.sys
Service Name: aic78u2
Module Base: F7532000
Module End: F7540000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\symc8xx.sys
Service Name: symc8xx
Module Base: F7782000
Module End: F778A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sym_hi.sys
Service Name: sym_hi
Module Base: F778A000
Module End: F7791000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sym_u3.sys
Service Name: sym_u3
Module Base: F7792000
Module End: F779A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ABP480N5.SYS
Service Name: abp480n5
Module Base: F779A000
Module End: F77A0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc3350p.sys
Service Name: asc3350p
Module Base: F77A2000
Module End: F77A8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cd20xrnt.sys
Service Name: cd20xrnt
Module Base: F79E0000
Module End: F79E2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ultra.sys
Service Name: ultra
Module Base: F7542000
Module End: F754B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\adpu160m.sys
Service Name: adpu160m
Module Base: F72B7000
Module End: F72D0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dpti2o.sys
Service Name: dpti2o
Module Base: F77AA000
Module End: F77AF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1080.sys
Service Name: ql1080
Module Base: F7552000
Module End: F755C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1280.sys
Service Name: ql1280
Module Base: F7562000
Module End: F756E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql12160.sys
Service Name: ql12160
Module Base: F7572000
Module End: F757E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\perc2.sys
Service Name: perc2
Module Base: F77B2000
Module End: F77B9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\perc2hib.sys
Service Name: perc2hib
Module Base: F79E2000
Module End: F79E4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\hpn.sys
Service Name: hpn
Module Base: F77BA000
Module End: F77C1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cbidf2k.sys
Service Name: cbidf
Module Base: F7902000
Module End: F7906000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dac2w2k.sys
Service Name: dac2w2k
Module Base: F728B000
Module End: F72B7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F7582000
Module End: F758B000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F7592000
Module End: F759F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F726B000
Module End: F728B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7259000
Module End: F726B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drvmcdb.sys
Service Name: drvmcdb
Module Base: F7244000
Module End: F7259000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F75A2000
Module End: F75AB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F722D000
Module End: F7244000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F71A0000
Module End: F722D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F7173000
Module End: F71A0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sisagp.sys
Service Name: sisagp
Module Base: F75B2000
Module End: F75BC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaagp.sys
Service Name: viaagp
Module Base: F75C2000
Module End: F75CD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sbp2port.sys
Service Name: sbp2port
Module Base: F75D2000
Module End: F75DD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F75E2000
Module End: F75F2000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F75F2000
Module End: F7600000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F7159000
Module End: F7173000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\agp440.sys
Service Name: agp440
Module Base: F7602000
Module End: F760D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\alim1541.sys
Service Name: alim1541
Module Base: F7612000
Module End: F761D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\amdagp.sys
Service Name: amdagp
Module Base: F7622000
Module End: F762D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\agpCPQ.sys
Service Name: agpCPQ
Module Base: F7632000
Module End: F763D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: F7652000
Module End: F7662000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F70F9000
Module End: F7102000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: F5371000
Module End: F560E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F535D000
Module End: F5371000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
Service Name: b57w2k
Module Base: F532F000
Module End: F535D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F7852000
Module End: F7858000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F530B000
Module End: F532F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F785A000
Module End: F7862000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\IntelC53.sys
Service Name: IntelC53
Module Base: F70E9000
Module End: F70F8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F52E8000
Module End: F530B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\IntelC51.sys
Service Name: IntelC51
Module Base: F51C1000
Module End: F52E8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\IntelC52.sys
Service Name: IntelC52
Module Base: F512C000
Module End: F51C1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mohfilt.sys
Service Name: mohfilt
Module Base: F7862000
Module End: F7868000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F786A000
Module End: F7872000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\P17.sys
Service Name: P17
Module Base: F505E000
Module End: F512C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F503A000
Module End: F505E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F70D9000
Module End: F70E8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
Service Name: ossrv
Module Base: F500E000
Module End: F503A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
Service Name: ctsfm2k
Module Base: F4FEE000
Module End: F500E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F4FDA000
Module End: F4FEE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F70C9000
Module End: F70D9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: F79CA000
Module End: F79CE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Service Name: sscdbhk5
Module Base: F7A42000
Module End: F7A44000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F5E4A000
Module End: F5E5A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F5E3A000
Module End: F5E49000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: F7872000
Module End: F7879000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F5E2A000
Module End: F5E35000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fsvga.sys
Service Name: FsVga
Module Base: F7091000
Module End: F7094000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\dne2000.sys
Service Name: DNE
Module Base: F4FBF000
Module End: F4FDA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
Service Name: dsNcAdpt
Module Base: F5E1A000
Module End: F5E24000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7AE2000
Module End: F7AE3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F5E0A000
Module End: F5E17000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7089000
Module End: F708C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F4FA8000
Module End: F4FBF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F5DFA000
Module End: F5E05000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F7732000
Module End: F773E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F787A000
Module End: F787F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F4F97000
Module End: F4FA8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F5DEA000
Module End: F5DF3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7882000
Module End: F7887000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F788A000
Module End: F788F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F5DDA000
Module End: F5DE4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F5656000
Module End: F565C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F564E000
Module End: F5654000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7A44000
Module End: F7A46000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F4F39000
Module End: F4F97000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7081000
Module End: F7085000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\omci.sys
Service Name: omci
Module Base: F5646000
Module End: F564B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F76A2000
Module End: F76AC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F76D2000
Module End: F76E1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7A52000
Module End: F7A54000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Service Name: MODEMCSA
Module Base: F79AE000
Module End: F79B2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: F646D000
Module End: F6470000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7A72000
Module End: F7A74000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7BBF000
Module End: F7BC0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7A74000
Module End: F7A76000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ssrtln.sys
Service Name: ssrtln
Module Base: F77FA000
Module End: F7800000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F7802000
Module End: F7809000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: ---
Module Base: F7812000
Module End: F7818000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7A76000
Module End: F7A78000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7A78000
Module End: F7A7A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F781A000
Module End: F781F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F7842000
Module End: F784A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F645D000
Module End: F6460000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: F1C44000
Module End: F1C57000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: F1BEB000
Module End: F1C44000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mfetdik.sys
Service Name: mfetdik
Module Base: F25EE000
Module End: F25FA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: F1BC5000
Module End: F1BEB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: F1B9D000
Module End: F1BC5000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: F1B7B000
Module End: F1B9D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F25DE000
Module End: F25E7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Service Name: ssmdrv
Module Base: F782A000
Module End: F7830000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: F1B50000
Module End: F1B7B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: F1AE0000
Module End: F1B50000
Hidden: No

Module Name: \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
Service Name: mferkdk
Module Base: F7832000
Module End: F7839000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F25CE000
Module End: F25D9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Service Name: avipbb
Module Base: F1AC4000
Module End: F1AE0000
Hidden: No

Module Name: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Service Name: avgio
Module Base: F7A84000
Module End: F7A86000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: F7050000
Module End: F7053000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F259E000
Module End: F25A7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F16F3000
Module End: F16FC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: F16E3000
Module End: F16F2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: F1CFB000
Module End: F1CFE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: EBE36000
Module End: EBE3E000
Hidden: No

Module Name: \??\C:\Program Files\Tencent\qq\npkcusb.sys
Service Name: npkcusb
Module Base: EBD82000
Module End: EBD8B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: ED0CA000
Module End: ED0CE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F7672000
Module End: F7682000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: EB533000
Module End: EB5A6000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: EFD7C000
Module End: EFD7F000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: ED06F000
Module End: ED074000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F0DE7000
Module End: F0DE8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Service Name: avgntflt
Module Base: EB03F000
Module End: EB053000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drvnddm.sys
Service Name: drvnddm
Module Base: EBD62000
Module End: EBD6C000
Hidden: No

Module Name: \systemroot\win32k.sys:1
Service Name: ---
Module Base: ED2F5000
Module End: ED2FA000
Hidden: Yes

Module Name: C:\WINDOWS\system32\dla\tfsndres.sys
Service Name: tfsndres
Module Base: EC268000
Module End: EC269000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnifs.sys
Service Name: tfsnifs
Module Base: EB029000
Module End: EB03F000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnopio.sys
Service Name: tfsnopio
Module Base: F1868000
Module End: F186C000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnpool.sys
Service Name: tfsnpool
Module Base: ED9BB000
Module End: ED9BD000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnboio.sys
Service Name: tfsnboio
Module Base: ED2ED000
Module End: ED2F4000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsncofs.sys
Service Name: tfsncofs
Module Base: EBD32000
Module End: EBD3B000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsndrct.sys
Service Name: tfsndrct
Module Base: EC265000
Module End: EC266000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnudf.sys
Service Name: tfsnudf
Module Base: EB088000
Module End: EB0A1000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnudfa.sys
Service Name: tfsnudfa
Module Base: EB06F000
Module End: EB088000
Hidden: No

Module Name: \systemroot\win32k.sys:2
Service Name: ---
Module Base: EBD52000
Module End: EBD61000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
Service Name: fssfltr
Module Base: F7149000
Module End: F7155000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: ECE57000
Module End: ECE5B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: EB670000
Module End: EB69D000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
Service Name: CVPNDRVA
Module Base: BA70D000
Module End: BA788000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Service Name: dsunidrv
Module Base: F7A88000
Module End: F7A8A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: BA66B000
Module End: BA6BD000
Hidden: No

Module Name: \??\C:\Program Files\Tencent\qq\npkcrypt.sys
Service Name: npkcrypt
Module Base: F2536000
Module End: F253B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: EBD42000
Module End: EBD4C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Service Name: mfehidk
Module Base: BA193000
Module End: BA1BD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mfebopk.sys
Service Name: mfebopk
Module Base: EE587000
Module End: EE58E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mfeapfk.sys
Service Name: mfeapfk
Module Base: BA3A3000
Module End: BA3B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mfeavfk.sys
Service Name: mfeavfk
Module Base: BA182000
Module End: BA193000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: B97DD000
Module End: B97F2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: BA04A000
Module End: BA059000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: B9516000
Module End: B9557000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: F1759000
Module End: F1760000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: B7FC0000
Module End: B7FE4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: B7794000
Module End: B77BF000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F7BF88B6
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: F7BF88AC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: F7BF88BB
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: F7BF88C5
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadKey
Address: F7BF88CA
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: F7BF8898
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: F7BF889D
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwReplaceKey
Address: F7BF88D4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRestoreKey
Address: F7BF88CF
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: F7BF88C0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: F7BF88A7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwYieldExecution
At Address: 80504AE8
Jump To: BA1A7280
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwUnmapViewOfSection
At Address: 805B2E14
Jump To: BA1A72AC
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwRenameKey
At Address: 806231D2
Jump To: BA1A71E1
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwProtectVirtualMemory
At Address: 805B83E6
Jump To: BA1A7256
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenKey
At Address: 80624B82
Jump To: BA1A719B
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwMapViewOfSection
At Address: 805B2006
Jump To: BA1A7296
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateProcess
At Address: 805D11F8
Jump To: BA1A726C
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateFile
At Address: 80579084
Jump To: BA1A7242
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: PsCreateSystemProcess
At Address: 805D11F8
Jump To: BA1A726C
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: DELL8400:4242
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
State: LISTENING

Local Address: DELL8400:1030
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\SYSTEM32\alg.exe
State: LISTENING

Local Address: DELL8400:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DELL8400:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: LISTENING

Local Address: DELL8400:62524
Remote Address: NA
Type: UDP
Process: C:\Program Files\VUMC\VUMC VPN Client\cvpnd.exe
State: NA

Local Address: DELL8400:62523
Remote Address: NA
Type: UDP
Process: C:\Program Files\VUMC\VUMC VPN Client\cvpnd.exe
State: NA

Local Address: DELL8400:62521
Remote Address: NA
Type: UDP
Process: C:\Program Files\VUMC\VUMC VPN Client\cvpnd.exe
State: NA

Local Address: DELL8400:62519
Remote Address: NA
Type: UDP
Process: C:\Program Files\VUMC\VUMC VPN Client\cvpnd.exe
State: NA

Local Address: DELL8400:62517
Remote Address: NA
Type: UDP
Process: C:\Program Files\VUMC\VUMC VPN Client\cvpnd.exe
State: NA

Local Address: DELL8400:62515
Remote Address: NA
Type: UDP
Process: C:\Program Files\VUMC\VUMC VPN Client\cvpnd.exe
State: NA

Local Address: DELL8400:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: DELL8400:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: DELL8400:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\lsass.exe
State: NA

Local Address: DELL8400:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\lsass.exe
State: NA

Local Address: DELL8400:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************

Log for mbr.exe:


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 19 August 2009 - 12:38 AM

Delete your version of ComboFix and do below...


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 John_2009

John_2009
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 19 August 2009 - 08:35 PM

fenzodahl512,

Cheer! It seems most of problems have been solved. I do not know why it initiated the Chinese version of Combofix. I tried to translated some Chinese characters into English in the log. One concern I noticed is "c:\documents and settings.\NetworkService\Favorites\Desktop.ini . . . . Deletion fail"

The following is the detailed log.

Thank you so much,

John




ComboFix 09-08-18.04 - John 9/2009 Wed 19:47.6.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.1022.613 [GMT -5:00]
ִλ: f:\virus toll\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Deleted list )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
c:\documents and settings.\NetworkService\Favorites\Desktop.ini
c:\program files\Update
c:\windows\bf23567.dat
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Fonts\WPHV07NB.TTF
c:\windows\Installer\124b43.msi
c:\windows\Installer\129572.msi
c:\windows\Installer\178aae.msi
c:\windows\Installer\20eea.msi
c:\windows\Installer\26ab6.msi
c:\windows\Installer\36c09.msi
c:\windows\Installer\619e3.msi
c:\windows\REPAIR\sysbd.bak1
c:\windows\REPAIR\sysbd.bak2
c:\windows\REPAIR\sysbd.ini
c:\windows\sonce123198.dat
c:\windows\sonce123222.dat
c:\windows\system32\Data
c:\windows\system32\drivers\SKYNETfrfbpjpi.sys
c:\windows\system32\SKYNETahlvqyei.dat
c:\documents and settings.\NetworkService\Favorites\Desktop.ini . . . . Deletion fail



Cannot find "c:\windows\system32\proquota.exe"
- c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP900\A0127183.exe Recover original file

.
((((((((((((((((((((((((((((((((((((((( / )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SKYNETlwivgfyq
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_SKYNETlwivgfyq


((((((((((((((((((((((((( 2009-07-20 2009-08-20 µĵ )))))))))))))))))))))))))))))))
.

2009-08-20 00:54 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-18 01:06 . 2009-08-18 01:06 -------- d-----w- C:\_OTL
2009-08-18 00:56 . 2009-08-18 00:56 -------- d-----w- c:\program files\ERUNT
2009-08-17 05:25 . 2009-08-17 05:25 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Runscanner.net
2009-08-17 05:25 . 2009-08-17 05:25 -------- d-----w- C:\runscanner
2009-08-17 02:33 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-17 02:33 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-17 02:33 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-17 02:33 . 2009-08-17 02:33 -------- d-----w- c:\program files\Avira
2009-08-17 02:33 . 2009-08-17 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-17 00:08 . 2009-08-17 00:08 -------- d-----w- C:\rsit
2009-08-17 00:08 . 2009-08-17 00:08 -------- d-----w- c:\program files\trend micro
2009-08-14 04:11 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-14 00:43 . 2009-08-14 00:43 -------- d-----w- c:\program files\Alwil Software
2009-08-12 04:52 . 2009-08-12 05:09 -------- d-----w- C:\sb
2009-08-12 02:55 . 2009-08-12 04:01 -------- d-----w- C:\SDFIX
2009-08-10 02:35 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 02:35 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 21:45 . 2009-08-09 21:53 -------- d-----w- C:\New virus
2009-08-07 00:27 . 2009-08-07 02:28 -------- d-----w- c:\windows\system32\CatRoot
2009-08-06 08:04 . 2009-08-06 08:04 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-06 08:04 . 2009-08-06 08:04 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 08:03 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 08:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 08:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 08:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 08:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 08:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 08:03 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 08:03 . 2009-08-06 08:03 -------- d-----w- C:\e8345f09ee23ae7997
2009-08-03 01:38 . 2009-08-03 01:38 -------- d-sh--w- c:\documents and settings\Bannana\IETldCache
2009-08-02 05:05 . 2009-08-02 05:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( ڱ޸ĵĵ ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 05:18 . 2009-02-28 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-09 21:51 . 2009-05-23 03:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-07 02:27 . 2005-01-13 00:54 107984 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 08:04 . 2008-08-18 01:36 -------- d-----w- c:\program files\MSBuild
2009-07-31 23:07 . 2008-08-19 02:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 04:58 . 2005-05-27 05:39 -------- d-----w- c:\documents and settings\John\Application Data\Skype
2009-07-16 04:26 . 2008-08-18 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-07 01:13 . 2007-07-05 06:37 -------- d-----w- c:\program files\The KMPlayer
2009-07-03 17:09 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-23 19:42 . 2007-07-01 06:22 2287 ----a-w- c:\windows\system32\cid_store.dat
2006-06-09 03:23 . 2006-03-02 04:44 60526 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-06-09 03:23 . 2006-03-02 04:45 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-06-09 03:23 . 2006-03-02 04:44 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-03-08 20:54 . 2009-03-08 20:54 2713 --sh--w- c:\windows\SYSTEM32\gavedewu.exe
.

------- Sigcheck -------

[-] 2004-08-04 11:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SYSTEM32\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-04 11:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SYSTEM32\user32.dll
[-] 2009-06-21 16:08 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SYSTEM32\DLLCACHE\user32.dll

[-] 2004-08-04 11:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SYSTEM32\ws2_32.dll

[-] 2004-09-29 18:27 656896 2C07195588D69A067C2AFDAA31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2005-01-27 17:08 657920 A8EAC5330876548E9966A7D13025D196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-03-10 07:43 657920 C8663B488996E89A84C3D17C1D12B79E c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[-] 2007-04-18 12:46 665600 4261BA03AFD659DE04F0A17DFBDD454D c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[-] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[-] 2007-10-11 05:57 666112 80D660A49E0D118144423099B2A9F5DA c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 17:06 915456 38114DAB42FB2EB84D1726C42B8D80C5 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2004-08-04 11:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB834707$\wininet.dll
[-] 2004-09-29 18:47 656896 CBA65B573C66FE23F647FF96E3A10994 c:\windows\$NtUninstallKB867282$\wininet.dll
[-] 2005-03-10 08:02 656896 6F018D6319BE4F96426EA829B79E05D5 c:\windows\$NtUninstallKB883939$\wininet.dll
[-] 2005-01-27 17:13 656896 B5E043E440B210014E021B24CF0A72E3 c:\windows\$NtUninstallKB890923$\wininet.dll
[-] 2005-07-03 02:11 658432 5B5FF992C0FA762CCF8655FC290E6E52 c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB896727$\wininet.dll
[-] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:17 658944 6B2735ADFF5A5D3B9130CA4A794722F0 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 13:37 658944 8C393DF5234CBCBFF1EE31902D6B40AE c:\windows\$NtUninstallKB931768$\wininet.dll
[-] 2007-02-20 09:48 658944 30D1C47E40EFBB792FF8D3C3B51CE507 c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 2007-04-18 12:31 658944 B7156CD97E739F3014BC4D61758F868A c:\windows\$NtUninstallKB937143$\wininet.dll
[-] 2007-06-26 14:09 658944 184E47C8F7B331025E6DC92740DB188F c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2007-10-11 06:13 659456 2005AD86A22AEE68E21EE59F9CCB77F2 c:\windows\ie7\wininet.dll
[-] 2007-08-14 00:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\ie8\wininet.dll
[-] 2009-03-08 09:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-06-26 14:09 658944 184E47C8F7B331025E6DC92740DB188F c:\windows\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\sp2gdr\wininet.dll
[-] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\sp2qfe\wininet.dll
[-] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[-] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[-] 2009-07-03 17:09 915456 7E8A47A2E6561274B83E257CE74803FD c:\windows\SYSTEM32\wininet.dll
[-] 2009-07-03 17:09 915456 7E8A47A2E6561274B83E257CE74803FD c:\windows\SYSTEM32\DLLCACHE\wininet.dll

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-04 11:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 EF7834C1D9DDF4C7DA697D8C24A03791 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[-] 2008-06-20 11:51 361600 4AFB3B0919649F95C1964AA1FAD27D73 c:\windows\SYSTEM32\DRIVERS\tcpip.sys

[-] 2004-08-04 11:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SYSTEM32\winlogon.exe

[-] 2004-08-04 11:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SYSTEM32\DRIVERS\ndis.sys

[-] 2004-08-04 11:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SYSTEM32\DRIVERS\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 20:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 09:22 2015744 DC097A896A03B8277457D228FD12D4E6 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-08-04 04:59 2015232 FB142B7007CA2EEA76966C6C5CC12150 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2015232 3CD941E472DDF3534E53038535719771 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 12:55 2015744 BBB2322EB14AD9AD55B1024FFD4D88BF c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2008-08-14 09:33 2023936 8206B5F94A6A9450E934029420C1693F c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 18:31 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2007-02-28 08:38 2015744 A58AC1C6199EF34228ABEE7FC057AE09 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\I386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\SYSTEM32\ntkrnlpa.exe
[-] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2009-02-08 00:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 21:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 09:58 2136064 DD31AB4B91C2605601A3C108AF57A0C9 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-04 05:18 2148352 626309040459C3915997EF98EC1C8D40 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:57 2135552 48B3E89AF7074CEE0314A3E0C7FAFFDB c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 14:15 2136064 8318ED54797F3E513FD5817A1D4BBD18 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2008-08-14 10:09 2145280 F6F8245B3A2E9CA834DD318E7AE0C6D0 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 19:24 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 09:08 2136064 1220FAF071DEA8653EE21DE7DCDA8BFD c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\I386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\SYSTEM32\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe

[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 11:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-04 11:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SYSTEM32\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SYSTEM32\DLLCACHE\services.exe

[-] 2004-08-04 11:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SYSTEM32\lsass.exe

[-] 2004-08-04 11:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SYSTEM32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 11:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SYSTEM32\spoolsv.exe

[-] 2004-08-04 11:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SYSTEM32\userinit.exe

[-] 2004-08-04 11:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SYSTEM32\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-04 11:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SYSTEM32\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SYSTEM32\DLLCACHE\kernel32.dll

[-] 2004-08-04 11:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SYSTEM32\powrprof.dll

[-] 2004-08-04 11:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SYSTEM32\imm32.dll

[-] 2004-09-29 17:27 3004928 087FF7C54E7EBE4A59BD4DFC1D0EE9B8 c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll
[-] 2005-01-27 14:08 3008000 91C5ADE25BC4E3322577854FA2E7B58B c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll
[-] 2005-05-02 20:57 3014144 DCC5C79B99F02EEF8C826B074DBFC222 c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2005-03-10 07:43 3011072 255C2CE965543ABDC3E0A25A5DA1874A c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[-] 2005-10-05 00:51 3017728 3394299FBF1CD0B24089FC762611360B c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2005-07-20 02:03 3016192 A14A7A206AE22DE4FE563E44CFC7DDF5 c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[-] 2005-11-24 01:07 3018240 D3F037F5DA702AE9DDD7663EC9D78BA7 c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2006-03-23 20:31 3055616 ABCD123F888E4E97C8751378CCCC4F26 c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2006-05-19 15:06 3055104 8687E029BE63C77D4919485068C54D77 c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-07-28 11:30 3058176 D251679BD9EF0250201FB899EC40FD32 c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-09-14 08:31 3058688 CEFEA1C301139A817931BE132F0359FE c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-10-23 15:34 3061248 88E1C15BB1A9ED3CBA4D6F2F408D5010 c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[-] 2007-01-04 14:05 3062272 1C45525574EF206346FBAFCAAC7CC4A5 c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll
[-] 2007-02-20 06:52 3063296 2991727809C7AC3A33E4178CC73244D8 c:\windows\$hf_mig$\KB931768\SP2QFE\mshtml.dll
[-] 2007-05-04 12:59 3064320 00ADCB32832A10ED9419493BCEA97526 c:\windows\$hf_mig$\KB933566\SP2QFE\mshtml.dll
[-] 2007-06-15 08:12 3064320 53F3FD772C010622346C39284C4A863B c:\windows\$hf_mig$\KB937143\SP2QFE\mshtml.dll
[-] 2007-10-30 09:55 3065856 79314A0A6B0DA78AFE491FF2D8B117BA c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll
[-] 2007-10-30 23:48 3593216 54D8B404F17AA74C666F7F3AEF2AE459 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 03:35 3593728 4D612FF5D3B7EEF200595AE6F95D5E68 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-06-23 16:01 3594240 28B8231CA8D55FC85E027A57C90F5C88 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-08-26 09:08 3594752 25CC085720EE3617FD1F8AB9E2F7CAB2 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-10-16 20:24 3595264 B74F31A4BD83797D7A083F922169287D c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 06:26 3594752 C79FAD61CD4A26ED5AA8C16D991C6FBD c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2009-01-16 16:24 3596288 CC9D001B7370B292C35B366CA05B12B4 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2009-02-21 07:39 3596800 1BB754AB47B327DE8DBF2FA18C36357C c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 04:49 3598336 C6FD770D518FB024245A0EE217D72BC1 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-05-13 05:10 5936128 1290E417BF806185CC7B2845E78A104E c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 13:17 5938176 F25D866DD486AD30E05E5596CB363C3E c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2004-08-04 11:00 3003392 376E0843B2356CA91CEC8D9837A56FF7 c:\windows\$NtUninstallKB834707$\mshtml.dll
[-] 2004-09-29 18:47 3004928 D94E6405E420373161467ACD3DA65640 c:\windows\$NtUninstallKB867282$\mshtml.dll
[-] 2005-03-10 08:02 3010560 84A1B9B0C362051E68BB131F14C6DAAD c:\windows\$NtUninstallKB883939$\mshtml.dll
[-] 2005-01-27 17:13 3006976 FAE3CA9B2459581C45B3A8845BE3077C c:\windows\$NtUninstallKB890923$\mshtml.dll
[-] 2005-07-20 02:00 3014144 31E7520E58E5E4DFA93215A6D5603AF2 c:\windows\$NtUninstallKB896688$\mshtml.dll
[-] 2005-05-02 20:52 3012608 DCFAC5470EE0A159EC4222BC28AE3EE6 c:\windows\$NtUninstallKB896727$\mshtml.dll
[-] 2005-10-04 22:26 3015168 042AC20E084D21DD6BEE99B89CC30FB7 c:\windows\$NtUninstallKB905915$\mshtml.dll
[-] 2005-11-24 01:06 3015680 5E7A39950EA133BB54719A6E08C544A7 c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 2006-03-23 20:32 3053568 DEAA438EA31095E14A196FF647E38D13 c:\windows\$NtUninstallKB916281$\mshtml.dll
[-] 2006-05-19 15:08 3052544 284CE76B71DD5260B42A3CCF0135AF67 c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2006-07-28 11:28 3054080 C7074DA3D8F8C0F6C03874BA0B05069C c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-09-14 08:39 3054592 BE45460D1453B7342E01EAE79BFBC681 c:\windows\$NtUninstallKB925454$\mshtml.dll
[-] 2006-10-23 15:17 3055104 5FC7DE1195C8E9B5360FD65DBE95E5B0 c:\windows\$NtUninstallKB928090$\mshtml.dll
[-] 2007-01-04 13:36 3056640 F31274D7667D83E73C6EE16D2206B76C c:\windows\$NtUninstallKB931768$\mshtml.dll
[-] 2007-02-20 09:48 3056640 6B9D083C0D4C4555FE011B01A98872DA c:\windows\$NtUninstallKB933566$\mshtml.dll
[-] 2007-05-04 12:29 3058688 4D92717B5BBCE85F1254BAD23B0D357C c:\windows\$NtUninstallKB937143$\mshtml.dll
[-] 2007-06-14 16:09 3058688 F049C52772FC86FD5F6C16D77A2A6204 c:\windows\$NtUninstallKB942615$\mshtml.dll
[-] 2007-10-30 10:16 3058688 DA077E334961230C12E3E4D62626286E c:\windows\ie7\mshtml.dll
[-] 2007-08-14 00:54 3578368 C6EC2493346ED8888A549F59210A8ED3 c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-10-31 11:12 3590656 8AB7ECF59D6EBBE986277B65ED4A40A1 c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-04-24 03:16 3591680 8976CAB317105F7431B08EA32AB73C65 c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-06-24 15:57 3592192 EC936148284F557F19C333178768109B c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-08-27 08:24 3593216 1AD035E04A7068EC2820B055A3131ED8 c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-10-17 08:08 3593216 EACAEDEF6FA2A969DE5B36190D45396F c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-12-13 06:40 3593216 121EC39A64D64205A88C2C45B034B455 c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2009-01-17 03:35 3594752 3B413267DA8AE71C20E5EF3E54F74728 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-02-20 18:09 3595264 C7C3E41CC2F6EB4A629FE2184136C098 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-04-29 04:56 3596288 2B4315EC9E3124408A2A5074C4B97700 c:\windows\ie8\mshtml.dll
[-] 2009-03-08 09:41 5937152 D469A0EBA2EF5C6BEE8065B7E3196E5E c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2009-05-13 05:15 5936128 EEAADAA744B20E68CF5EB4FBB4F8AFA9 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2008-04-14 00:11 3066880 A706E122B398FE1AB85CB9B75D044223 c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-06-14 18:09 3058688 F049C52772FC86FD5F6C16D77A2A6204 c:\windows\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\sp2gdr\mshtml.dll
[-] 2007-06-15 08:12 3064320 53F3FD772C010622346C39284C4A863B c:\windows\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\sp2qfe\mshtml.dll
[-] 2009-05-13 05:15 5936128 EEAADAA744B20E68CF5EB4FBB4F8AFA9 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\mshtml.dll
[-] 2009-05-13 05:10 5936128 1290E417BF806185CC7B2845E78A104E c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\mshtml.dll
[-] 2009-07-19 13:18 5937152 5A32B43A48D6DCA339BF24105D9A028F c:\windows\SYSTEM32\mshtml.dll
[-] 2009-07-19 13:18 5937152 5A32B43A48D6DCA339BF24105D9A028F c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

[-] 2004-08-04 04:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SYSTEM32\DRIVERS\kbdclass.sys

[-] 2004-08-04 11:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\SYSTEM32\comres.dll

[-] 2004-08-04 11:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\SYSTEM32\lpk.dll

[-] 2008-08-07 20:27 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\SYSTEM32\DLLCACHE\beep.sys
[-] 2008-08-07 20:27 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\SYSTEM32\DRIVERS\BEEP.SYS

[-] 2004-08-04 11:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\SYSTEM32\DRIVERS\NULL.SYS

[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 04:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\SYSTEM32\DRIVERS\aec.sys

[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 11:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\SYSTEM32\mfc40u.dll

[-] 2005-01-14 05:07 395776 94456045BEB4545B5EBE1DCC85951AFA c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2005-04-28 19:35 396288 DA383FB39A6F1C445F3AFC94B3EB1248 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-07-26 04:20 398336 C369DF215D352B6F3A0B8C3469AA34F8 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2009-02-09 10:56 401408 9222562D44021B988B9F9F62207FB6F2 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2005-07-26 04:39 397824 CE94A2BD25E3E9F4D46A7373FF455C6D c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2004-08-04 11:00 395776 5C83A4408604F737717AB96371201680 c:\windows\$NtUninstallKB873333$\rpcss.dll
[-] 2005-01-14 08:55 395776 419899803CA479B73B02390318C787C0 c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-04-28 19:31 395776 C8061F289E000703E7672916B7FE1571 c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2008-04-14 00:12 399360 2589FE6015A316C0F5D5112B4DA7B509 c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 00:12 399360 2589FE6015A316C0F5D5112B4DA7B509 c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2009-02-09 12:10 401408 6B27A5C03DFB94B4245739065431322C c:\windows\SYSTEM32\rpcss.dll
[-] 2009-02-09 12:10 401408 6B27A5C03DFB94B4245739065431322C c:\windows\SYSTEM32\DLLCACHE\rpcss.dll

[-] 2004-08-04 11:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\SYSTEM32\msgsvc.dll

[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 11:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\SYSTEM32\comctl32.dll
[-] 2004-08-04 11:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\COMCTL32.DLL
[-] 2004-08-04 11:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.DLL
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2008-04-14 00:12 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2004-08-04 11:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\SYSTEM32\DRIVERS\ACPIEC.SYS

[-] 2004-08-04 11:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\SYSTEM32\sfc.dll

[-] 2004-08-04 11:00 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\SYSTEM32\netlogon.dll

[-] 2004-08-04 11:00 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\SYSTEM32\qmgr.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\SYSTEM32\bits\qmgr.dll

[-] 2004-08-04 11:00 180224 0F78E27F563F2AAF74B91A49E2ABF19A c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2008-04-14 00:12 181248 A86BB5E61BF3E39B62AB4C7E7085A084 c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 00:12 60928 !HASH: COULD NOT OPEN FILE !!!!! c:\windows\SYSTEM32\scecli.dll

[-] 2004-08-04 11:00 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\SYSTEM32\eventlog.dll

[-] 2004-08-04 11:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\SYSTEM32\DRIVERS\asyncmac.sys

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 11:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SYSTEM32\DRIVERS\ntfs.sys

[-] 2005-01-28 19:44 25088 140EF97B64F560FD78643CAE2CDAD838 c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 19:44 25088 140EF97B64F560FD78643CAE2CDAD838 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 11:00 52224 C086483E3DBA8C1C0A687EC8D5B3D4C1 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2006-10-19 03:47 27136 C51B4A5C05A5475708E3C81C7765B71D c:\windows\SYSTEM32\mspmsnsv.dll
[-] 2006-10-19 03:47 27136 C51B4A5C05A5475708E3C81C7765B71D c:\windows\SYSTEM32\DLLCACHE\mspmsnsv.dll

[-] 2004-08-04 11:00 129536 EEF46DAB68229A14DA3D8E73C99E2959 c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2008-04-14 00:12 129024 295D21F14C335B53CB8154E5B1F892B9 c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 00:12 129024 295D21F14C335B53CB8154E5B1F892B9 c:\windows\SYSTEM32\xmlprov.dll

[-] 2004-08-04 11:00 60416 10654F9DDCEA9C46CFB77554231BE73B c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2008-04-14 00:11 62464 3D4E199942E29207970E04315D02AD3B c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 00:11 62464 3D4E199942E29207970E04315D02AD3B c:\windows\SYSTEM32\cryptsvc.dll

[-] 2004-08-04 11:00 77312 E3CFCCDDA4EDD1D0DC9168B2E18F27B8 c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2008-04-14 00:11 77824 A06CE3399D16DB864F55FAEB1F1927A9 c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 00:11 77824 A06CE3399D16DB864F55FAEB1F1927A9 c:\windows\SYSTEM32\browser.dll

[-] 2005-07-08 16:28 249344 1418A3A6E76E5A2E3F5E43866E793A8B c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 16:27 249344 FB78839B36025AA286A51289ED28B73E c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 11:00 246272 EB4A4187D74A8EFDCBEA3EA2CB1BDFBD c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2008-04-14 00:12 249856 3CB78C17BB664637787C9A1C98F79C38 c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 00:12 249856 3CB78C17BB664637787C9A1C98F79C38 c:\windows\SYSTEM32\tapisrv.dll

[-] 2008-06-20 17:36 245248 1DFCA7713EA5A70D5D93B436AEA0317A c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 17:46 245248 832E4DD8964AB7ACC880B2837CB1ED20 c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 17:43 245248 FCEE5FCB99F7C724593365C706D28388 c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 17:41 245248 097722F235A1FB698BF9234E01B52637 c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-04-14 00:12 245248 B4138E99236F0F57D4CF49BAE98A0746 c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2004-08-04 11:00 245248 4E74AF063C3271FBEA20DD940CFD1184 c:\windows\$NtUninstallKB951748_0$\mswsock.dll
[-] 2008-04-14 00:12 245248 B4138E99236F0F57D4CF49BAE98A0746 c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2008-06-20 17:46 245248 832E4DD8964AB7ACC880B2837CB1ED20 c:\windows\SYSTEM32\mswsock.dll
[-] 2008-06-20 17:46 245248 832E4DD8964AB7ACC880B2837CB1ED20 c:\windows\SYSTEM32\DLLCACHE\mswsock.dll

[-] 2005-08-22 18:24 197632 3516D8A18B36784B1005B950B84232E1 c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2005-08-22 18:29 197632 36739B39267914BA69AD0610A0299732 c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2004-08-04 11:00 198144 DAB9E6C7105D2EF49876FE92C524F565 c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2008-04-14 00:12 198144 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 00:12 198144 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE c:\windows\SYSTEM32\netman.dll

[-] 2005-07-26 04:20 243200 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2008-07-07 20:06 253952 A4AB3DCA4A383F0DF4988ABDEB84F9A4 c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-07-07 20:26 253952 D4991D98F2DB73C60D042F1AEF79EFAE c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 253952 F17F6226BDC0CD5F0BEF0DAF84D29BEC c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:32 253952 60D1A6342238378BFB7545C81EE3606C c:\windows\$NtServicePackUninstall$\es.dll
[-] 2004-08-04 11:00 243200 ACD36A2DD7D1E9D8A060AA651DC07E63 c:\windows\$NtUninstallKB902400$\es.dll
[-] 2008-04-14 00:11 246272 19A799805B24990867B00C120D300C3A c:\windows\$NtUninstallKB950974$\es.dll
[-] 2005-07-26 04:39 243200 34BBD9ACC1538818F2C878898C64E793 c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2008-04-14 00:11 246272 19A799805B24990867B00C120D300C3A c:\windows\ServicePackFiles\i386\es.dll
[-] 2008-07-07 20:26 253952 D4991D98F2DB73C60D042F1AEF79EFAE c:\windows\SYSTEM32\es.dll
[-] 2008-07-07 20:26 253952 D4991D98F2DB73C60D042F1AEF79EFAE c:\windows\SYSTEM32\DLLCACHE\es.dll

[-] 2004-08-04 11:00 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\SYSTEM32\srsvc.dll

[-] 2004-08-04 11:00 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\SYSTEM32\wscntfy.exe

[-] 2004-08-04 11:00 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\SYSTEM32\ntmssvc.dll

[-] 2004-08-04 11:00 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\ServicePackFiles\i386\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\SYSTEM32\rasauto.dll

[-] 2004-08-04 11:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SYSTEM32\sfcfiles.dll

[-] 2004-08-04 11:00 190976 92360854316611F6CC471612213C3D92 c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2008-04-14 00:12 192512 0A9A7365A1CA4319AA7C1D6CD8E4EAFA c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 00:12 192512 0A9A7365A1CA4319AA7C1D6CD8E4EAFA c:\windows\SYSTEM32\schedsvc.dll

[-] 2004-08-04 11:00 59904 3151427DB7D87107D1C5BE58FAC53960 c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2008-04-14 00:12 59904 5B19B557B0C188210A56A6B699D90B8F c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 00:12 59904 5B19B557B0C188210A56A6B699D90B8F c:\windows\SYSTEM32\regsvc.dll

[-] 2004-08-04 11:00 71680 4B8D61792F7175BED48859CC18CE4E38 c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2008-04-14 00:12 71680 0A5679B3714EDAB99E357057EE88FCA6 c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 00:12 71680 0A5679B3714EDAB99E357057EE88FCA6 c:\windows\SYSTEM32\ssdpsrv.dll

[-] 2007-02-05 20:19 185344 36ACA6CDC19C95FF468A1426EB7F32F0 c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 20:17 185344 ACA5D98663D879C6BAAFCEA7E2F1B710 c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 11:00 185344 0546477BDE979E33294FE97F6B3DE84A c:\windows\$NtUninstallKB931261$\upnphost.dll
[-] 2008-04-14 00:12 185856 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 00:12 185856 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 c:\windows\SYSTEM32\upnphost.dll

[-] 2006-12-19 21:50 135168 53D9184A21C5CBF600D918E51EF3A7E5 c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2006-12-19 21:52 134656 6815DEF9B810AEFAC107EEAF72DA6F82 c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2004-08-04 11:00 134656 E7518DC542D3EBDCB80EDD98462C7821 c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2008-04-14 00:12 135168 1926899BF9FFE2602B63074971700412 c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 00:12 135168 1926899BF9FFE2602B63074971700412 c:\windows\SYSTEM32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Ҫ ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* հϷȱʡ¼ᱻʾ
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 184320]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-28 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-20 4583424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\SYSTEM32\WDBtnMgr.exe [2005-02-01 331776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\John\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sina UC.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sina UC.lnk
backup=c:\windows\pss\Sina UC.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Vanderbilt University VUMC VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Vanderbilt University VUMC VPN Client.lnk
backup=c:\windows\pss\Vanderbilt University VUMC VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^Ƶ.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\Ƶ.lnk
backup=c:\windows\pss\Ƶ.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^ѶQQ.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\ѶQQ.lnk
backup=c:\windows\pss\ѶQQ.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^ѶTM.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\ѶTM.lnk
backup=c:\windows\pss\ѶTM.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Tencent\\qq\\QQ.exe"=
"c:\\Program Files\\Tencent\\qq\\QQLiveUpdate.exe"=
"c:\\Program Files\\Tencent\\qq\\TMDLLs\\TM.exe"=
"c:\\Program Files\\Netease\\popo2004\\Popo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Tencent1\\qq\\QQ.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\vqqsdl.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Tencent1\\qq\\Qzone\\Qzone.exe"=
"c:\\Program Files\\Tencent1\\qq\\QQUpdateCenter.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=
"c:\\Program Files\\Tencent1\\qq\\QzoneMusic.exe"=
"c:\\Program Files\\Tencent1\\qq\\QQMusic.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\MSNShell\\Bin\\engie.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\Tencent\\QQChat\\QQChatUp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\UdaterUI.exe"=
"c:\\Program Files\\Tencent\\QQGame\\QQGameDl.exe"=
"c:\\Program Files\\Dantz\\Retrospect\\wdsvc.exe"=
"c:\\Program Files\\Netease\\POPO\\MyPopo.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Defender\\MsMpEng.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\John\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Ƶ\\isee.exe"=
"c:\\Program Files\\easyMule\\emule.exe"=
"c:\\Program Files\\sina\\SinaUC\\uc.exe"=
"c:\\Program Files\\sina\\SinaShow\\SinaShow.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\dwwin.exe"=
"c:\\Program Files\\Creative\\Shared Files\\CamTray.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\WDC\\SetIcon.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\??䨺?2??\\isee.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11545:TCP"= 11545:TCP:BitComet 11545 TCP
"11545:UDP"= 11545:UDP:BitComet 11545 UDP
"15499:TCP"= 15499:TCP:BitComet 15499 TCP
"15499:UDP"= 15499:UDP:BitComet 15499 UDP
"16982:TCP"= 16982:TCP:BitComet 16982 TCP
"16982:UDP"= 16982:UDP:BitComet 16982 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/16/2009 9:33 PM 108289]
R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [3/27/2009 11:08 PM 55152]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S0 ADProt;ADProt;c:\windows\system32\drivers\ADProt.sys --> c:\windows\system32\drivers\ADProt.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 bot;bot;c:\windows\SYSTEM32\DRIVERS\bot2k.sys [12/28/2004 4:15 PM 21824]
S3 botscsi;botscsi;c:\windows\SYSTEM32\DRIVERS\botscsi2k.sys [12/28/2004 4:15 PM 15640]
S3 inibtmgr;WD Bridge Controller Driver;c:\windows\SYSTEM32\DRIVERS\inibtmgr.sys [1/31/2005 11:24 PM 9728]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\SYSTEM32\DRIVERS\P1120Vid.sys [1/12/2005 8:34 PM 1252474]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - {79007602-0CDB-4405-9DBF-1257BB3226ED}
*NewlyCreated* - {79007602-0CDB-4405-9DBF-1257BB3226EE}
*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226ED}
*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226EE}

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
ƻ ļ

2005-01-13 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]
.
.
------- ɨ -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
IE: c:\program files\Tencent1\qq\SendMMS.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download by easyMule - c:\program files\easyMule\IE2EM.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: ʹѸ - c:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: ʹѸȫ - c:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: ӵQQ - c:\program files\Tencent1\qq\AddEmotion.htm
IE: Ϊ Messenger Live ͷ - c:\program files\MSNShell\Bin\SetMSNDP.htm
IE: ַͨ - c:\program files\CNNIC\Cdn\cnnic.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\Thunder Network\Thunder\Thunder.exe
Trusted Zone: aol.com\free
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\e7rztp3m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- ļ ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.
.
------- ļ -------
.
chm.file="hh.exe" %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 19:57
Windows 5.1.2600 Service Pack 3 NTFS

ɨ豻صĽ

ɨ豻ص

ɨ豻صļ

ɨ
صĵ: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EntDrv51]
"ImagePath"="\??\c:\windows\system32\drivers\EntDrv51.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fssfltr]
"ImagePath"="system32\DRIVERS\fssfltr_tdi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fsssvc]
"ImagePath"="\"c:\program files\Windows Live\Family Safety\fsssvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FsVga]
"ImagePath"="system32\DRIVERS\fsvga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="System32\Drivers\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
"ImagePath"="system32\DRIVERS\hpn.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
"ImagePath"="system32\DRIVERS\i2omp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IAANTMon]
"ImagePath"="c:\program files\Intel\Intel Application Accelerator\iaantmon.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor]
"ImagePath"="system32\drivers\iaStor.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
"ImagePath"="system32\DRIVERS\ini910u.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inibtmgr]
"ImagePath"="system32\DRIVERS\inibtmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC51]
"ImagePath"="system32\DRIVERS\IntelC51.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC52]
"ImagePath"="system32\DRIVERS\IntelC52.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC53]
"ImagePath"="system32\DRIVERS\IntelC53.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPodService]
"ImagePath"="c:\program files\iPod\bin\iPodService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr]
"ImagePath"="\??\c:\docume~1\QIDAI~1\LOCALS~1\Temp\mbr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McAfeeFramework]
"ImagePath"="\"c:\program files\McAfee\Common Framework\FrameworkService.exe\" /ServiceStart"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McShield]
"ImagePath"="\"c:\program files\McAfee\VirusScan Enterprise\mcshield.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McTaskManager]
"ImagePath"="\"c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfeapfk]
"ImagePath"="system32\drivers\mfeapfk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfeavfk]
"ImagePath"="system32\drivers\mfeavfk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfebopk]
"ImagePath"="system32\drivers\mfebopk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfehidk]
"ImagePath"="system32\drivers\mfehidk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mferkdk]
"ImagePath"="\??\c:\program files\McAfee\VirusScan Enterprise\mferkdk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfetdik]
"ImagePath"="system32\drivers\mfetdik.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MODEMCSA]
"ImagePath"="system32\drivers\MODEMCSA.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mohfilt]
"ImagePath"="system32\DRIVERS\mohfilt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
"ImagePath"="system32\DRIVERS\mraid35x.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npkcrypt]
"ImagePath"="\??\c:\program files\Tencent\qq\npkcrypt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npkcusb]
"ImagePath"="\??\c:\program files\Tencent\qq\npkcusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odserv]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\omci]
"ImagePath"="system32\DRIVERS\omci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ossrv]
"ImagePath"="system32\DRIVERS\ctoss2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P1120VID]
"ImagePath"="system32\DRIVERS\P1120Vid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P17]
"ImagePath"="system32\drivers\P17.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
"ImagePath"="system32\DRIVERS\perc2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
"ImagePath"="system32\DRIVERS\perc2hib.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
"ImagePath"="system32\DRIVERS\ql1080.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
"ImagePath"="system32\DRIVERS\ql10wnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
"ImagePath"="system32\DRIVERS\ql12160.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
"ImagePath"="system32\DRIVERS\ql1240.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
"ImagePath"="system32\DRIVERS\ql1280.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RetroWDSvc]
"ImagePath"="c:\progra~1\Dantz\RETROS~1\wdsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbp2port]
"ImagePath"="system32\DRIVERS\sbp2port.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SeaPort]
"ImagePath"="\"c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sisagp]
"ImagePath"="system32\DRIVERS\sisagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
"ImagePath"="system32\DRIVERS\sparrow.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sprtsvc_dellsupportcenter]
"ImagePath"="c:\program files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdbhk5]
"ImagePath"="system32\drivers\sscdbhk5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssmdrv]
"ImagePath"="system32\DRIVERS\ssmdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssrtln]
"ImagePath"="system32\drivers\ssrtln.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
"ImagePath"="system32\DRIVERS\symc810.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
"ImagePath"="system32\DRIVERS\symc8xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
"ImagePath"="system32\DRIVERS\sym_hi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
"ImagePath"="system32\DRIVERS\sym_u3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnboio]
"ImagePath"="system32\dla\tfsnboio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsncofs]
"ImagePath"="system32\dla\tfsncofs.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsndrct]
"ImagePath"="system32\dla\tfsndrct.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsndres]
"ImagePath"="system32\dla\tfsndres.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnifs]
"ImagePath"="system32\dla\tfsnifs.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnopio]
"ImagePath"="system32\dla\tfsnopio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnpool]
"ImagePath"="system32\dla\tfsnpool.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnudf]
"ImagePath"="system32\dla\tfsnudf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnudfa]
"ImagePath"="system32\dla\tfsnudfa.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
"ImagePath"="system32\DRIVERS\toside.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
"ImagePath"="system32\DRIVERS\ultra.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\viaagp]
"ImagePath"="system32\DRIVERS\viaagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
"ImagePath"="system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="\??\c:\windows\system32\vsdatant.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w32time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wanatw]
"ImagePath"="system32\DRIVERS\wanatw4.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinDefend]
"ImagePath"="\"c:\program files\Windows Defender\MsMpEng.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMDM PMSP Service]
"ImagePath"="c:\windows\system32\MsPMSPSv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{09C79D45-9730-4048-B6EF-EE94A96051EF}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{6B64B0F8-F8E6-4945-95CE-EF084C2D7373}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{9EB22341-AF89-466E-B457-370554A16C68}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{C5F297F4-ECC2-4841-8A65-B90D6DE5F1DD}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FA02639A-A610-445E-87AD-D067BF7EE80F}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-603982993-1017363278-2204760330-1006\Software\Microsoft\Internet Explorer\MenuExt\mR0RQ*Q*h`]
@="c:\\Program Files\\Tencent1\\qq\\AddEmotion.htm"
"contexts"=dword:00000002
.
--------------------- нµĶ̬ӿ ---------------------

- - - - - - - > 'explorer.exe'(3404)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ н ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\VUMC\VUMC VPN Client\cvpnd.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\windows\SYSTEM32\conime.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Dantz\Retrospect\wdsvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\McAfee\Common Framework\Mctray.exe
.
**************************************************************************
.
ʱ: 2009-08-20 20:10 -
ComboFix-quarantined-files.txt 2009-08-20 01:10
ComboFix2.txt 2009-04-07 03:34
ComboFix3.txt 2009-03-20 01:15
ComboFix4.txt 2009-03-15 02:22
ComboFix5.txt 2009-08-20 00:37

Pre-Run: 50,175,938,560 bytes free
Post-Run: 49,925,775,360 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

1243 --- E O F --- 2009-08-19 08:00

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 19 August 2009 - 10:16 PM

Please download this zip file to your desktop
  • Locate Export.zip and unzip it to your desktop
  • Now locate Export.cmd and double click it to run the script
  • A black command window will open briefly then close, this is normal
  • When complete a Notepad file will open, please copy and paste the entire contents into your next reply
Note: A copy of the Notepad file can be found at C:\export.txt. You can delete it, along with the zip and cmd files after posting the contents here.



Please download CCSkeys to your desktop
  • Double click CCSkeys.exe to run the program, it will be very quick.
  • When complete a Notepad file will open, please copy and paste the entire contents into your next reply
Note: A copy of the Notepad file can be found at C:\export.txt. You can delete it, along with the CCSkeys.exe after posting the contents here.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 John_2009

John_2009
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 20 August 2009 - 06:22 PM

Hi, fenzodahl512

The following are two reports:

Thanks

John


Export.cmd
Run at: 18:10:46.37
On 08/20/2009 Thu

Run from C:\Documents and Settings\John\Desktop\john





Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc]
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="CryptSvc"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
63,00,72,00,79,00,70,00,74,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ServiceMain"="CryptServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Security]
"Security"=hex:00,00,0e,00,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Enum]
"0"="Root\\LEGACY_CRYPTSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon]
"Description"="Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Secondary Logon"
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Objectname"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000120

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ServiceMain"="SvcEntry_Seclogon"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Enum]
"0"="Root\\LEGACY_SECLOGON\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler]
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"Description"="Loads files to memory for later printing."
"DisplayName"="Print Spooler"
"ErrorControl"=dword:00000001
"Group"="SpoolerGroup"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,70,00,6f,00,6f,00,6c,00,73,00,76,00,2e,00,65,00,78,00,65,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000110

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Performance]
"Close"="PerfClose"
"Collect"="PerfCollect"
"Collect Timeout"=dword:000007d0
"Library"="winspool.drv"
"Object List"="1450"
"Open"="PerfOpen"
"Open Timeout"=dword:00000fa0
"WbemAdapFileSignature"=hex:bd,83,ab,a6,1e,8a,cc,c8,d9,ff,b8,69,f2,94,18,ce
"WbemAdapFileTime"=hex:00,29,52,e3,7a,79,c4,01
"WbemAdapFileSize"=dword:00023c00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Enum]
"0"="Root\\LEGACY_SPOOLER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="Security Center"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\
6d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="LocalSystem"
"Description"="Monitors system security settings and configurations."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\
00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001



-----------------EOF-----------------


CCSkeys.exe
Run at: 18:16:00.53
On 08/20/2009 Thu

Run from C:\Documents and Settings\John\Desktop\john



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc]
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="CryptSvc"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
63,00,72,00,79,00,70,00,74,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ServiceMain"="CryptServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Security]
"Security"=hex:00,00,0e,00,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Enum]
"0"="Root\\LEGACY_CRYPTSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon]
"Description"="Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Secondary Logon"
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Objectname"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000120

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ServiceMain"="SvcEntry_Seclogon"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Enum]
"0"="Root\\LEGACY_SECLOGON\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler]
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"Description"="Loads files to memory for later printing."
"DisplayName"="Print Spooler"
"ErrorControl"=dword:00000001
"Group"="SpoolerGroup"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,70,00,6f,00,6f,00,6c,00,73,00,76,00,2e,00,65,00,78,00,65,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000110

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Performance]
"Close"="PerfClose"
"Collect"="PerfCollect"
"Collect Timeout"=dword:000007d0
"Library"="winspool.drv"
"Object List"="1450"
"Open"="PerfOpen"
"Open Timeout"=dword:00000fa0
"WbemAdapFileSignature"=hex:bd,83,ab,a6,1e,8a,cc,c8,d9,ff,b8,69,f2,94,18,ce
"WbemAdapFileTime"=hex:00,29,52,e3,7a,79,c4,01
"WbemAdapFileSize"=dword:00023c00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Enum]
"0"="Root\\LEGACY_SPOOLER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="Security Center"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\
6d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="LocalSystem"
"Description"="Monitors system security settings and configurations."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\
00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001





-----------------EOF-----------------

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 21 August 2009 - 03:38 AM

Please run ERUNT to backup your Registry.. For detailed instruction on how to back-up registry via ERUNT, please visit HERE



Please copy and paste the following into a Notepad

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc]
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Cryptographic Services"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
63,00,72,00,79,00,70,00,74,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ServiceMain"="CryptServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Security]
"Security"=hex:00,00,0e,00,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Enum]
"0"="Root\\LEGACY_CRYPTSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon]
"Description"="Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Secondary Logon"
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Objectname"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000120

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ServiceMain"="SvcEntry_Seclogon"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Enum]
"0"="Root\\LEGACY_SECLOGON\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler]
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"Description"="Loads files to memory for later printing."
"DisplayName"="Print Spooler"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,e8,47,0c,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"Group"="SpoolerGroup"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,70,00,6f,00,6f,00,6c,00,73,00,76,00,2e,00,65,00,78,00,65,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000110

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Performance]
"Close"="PerfClose"
"Collect"="PerfCollect"
"Collect Timeout"=dword:000007d0
"Library"="winspool.drv"
"Object List"="1450"
"Open"="PerfOpen"
"Open Timeout"=dword:00000fa0
"WbemAdapFileSignature"=hex:12,6c,5c,67,9c,9d,52,12,37,ca,57,4b,78,a2,8d,55
"WbemAdapFileTime"=hex:00,88,ab,ca,c9,e7,a8,01
"WbemAdapFileSize"=dword:00020400
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Enum]
"0"="Root\\LEGACY_SPOOLER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Save it in desktop as Fix.reg and in Save as type: choose All Files

A new registry file will then created on your desktop. It should look like this: Posted Image

Just double-click the file and choose Yes at prompt. Remove this file after you're done..



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Run ComboFix again.. Post these logs in your next reply

1. GMER
2. ComboFix

Edited by fenzodahl512, 21 August 2009 - 03:39 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 John_2009

John_2009
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 22 August 2009 - 10:30 AM

fenzodahl512,

Thanks. The first step was going smoothly. When I ran GAMERS, I copied and saved the log after it was starting to scan the file. Similar to the last time, everything disappeared after the scanning was completed. So, I posted the log saved at the middle (after registry scanning). After that, I reran Combofix and it seems it cannot deleted one file " c:\documents and settings.\NetworkService\Favorites\Desktop.ini
c:\documents and settings.\NetworkService\Favorites\Desktop.ini . . . . deletion fails"

I posted the detailed log for GAMERS and COMBOFIX in the following. However, becauase it is too long, I posted combofix log in a separate post.

Thanks,

John


GMER 1.0.15.15077 [GAMERS.exe] - http://www.gmer.net
Rootkit scan 2009-08-22 00:19:42
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT F7B4D9CE ZwCreateKey
SSDT F7B4D9C4 ZwCreateThread
SSDT F7B4D9D3 ZwDeleteKey
SSDT F7B4D9DD ZwDeleteValueKey
SSDT F7B4D9E2 ZwLoadKey
SSDT F7B4D9B0 ZwOpenProcess
SSDT F7B4D9B5 ZwOpenThread
SSDT F7B4D9EC ZwReplaceKey
SSDT F7B4D9E7 ZwRestoreKey
SSDT F7B4D9D8 ZwSetValueKey
SSDT F7B4D9BF ZwTerminateProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB892D197]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB892D1DD]

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwRenameKey 806231D2 7 Bytes JMP B892D1E1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B82 5 Bytes JMP B892D19B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? Combo-Fix.sys The system cannot find the file specified. !
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !
? C:\Combo-Fix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[168] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[168] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[168] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[196] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0101F7BF C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Family Safety Service/Microsoft Corporation)
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[196] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[196] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[196] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[744] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[744] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[744] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1472] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1472] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\WINDOWS\System32\svchost.exe[1472] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 016394FC C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 01639580 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 01639610 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 01639494 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 016395F4 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 0156DEE4 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 016395D4 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 5 Bytes JMP 014B9E5C C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] ADVAPI32.dll!RegEnumKeyExW 77DD7BD9 5 Bytes JMP 014B9F8C C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] ADVAPI32.dll!RegSetValueExA 77DDEAE7 7 Bytes JMP 015948A8 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] ADVAPI32.dll!RegEnumKeyExA 77DE51B6 5 Bytes JMP 014B9F5C C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DDC \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DF8 \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] USER32.dll!GetWindowLongW 7E4188A6 7 Bytes JMP 0159FD30 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] USER32.dll!LoadStringW 7E419E36 5 Bytes JMP 016398B0 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0159FCE4 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] USER32.dll!LoadImageW 7E427B97 5 Bytes JMP 01639414 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] USER32.dll!GetKeyState 7E429ED9 5 Bytes JMP 01595D4C C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672DB0 \\?\globalroot\Device\__max++>\2382DE86.x86.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] USER32.dll!LoadStringA 7E42C908 5 Bytes JMP 0163999C C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] USER32.dll!LoadIconA 7E42E8F6 5 Bytes JMP 0163945C C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 015A0430 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] USER32.dll!LoadMenuA 7E44FA83 5 Bytes JMP 015A0548 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 016510BC C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 016507FC C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01594660 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] WS2_32.dll!recv 71AB676F 5 Bytes JMP 015941DC C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] WS2_32.dll!WSAAsyncSelect 71AC0991 5 Bytes JMP 01593F40 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 5 Bytes JMP 015791A0 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 01586A20 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] ole32.dll!CoRegisterClassObject 77517E90 5 Bytes JMP 0164FD68 C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] WININET.dll!HttpSendRequestA 3D95EE81 2 Bytes JMP 014B43DC C:\Program Files\MSNShell\Bin\ShellDll02.dll (ShellDll02/MSNShell Team)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] WININET.dll!HttpSendRequestA + 3 3D95EE84 2 Bytes [B5, C3] {MOV CH, 0xc3}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\2382DE86.x86.dll
IAT C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\2382DE86.x86.dll
IAT C:\Program Files\Windows Live\Family Safety\fsssvc.exe[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\2382DE86.x86.dll
IAT C:\Program Files\Windows Live\Family Safety\fsssvc.exe[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\2382DE86.x86.dll
IAT C:\Program Files\Dell Support Center\bin\sprtsvc.exe[744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\2382DE86.x86.dll
IAT C:\Program Files\Dell Support Center\bin\sprtsvc.exe[744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\2382DE86.x86.dll
IAT C:\WINDOWS\System32\svchost.exe[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\2382DE86.x86.dll
IAT C:\WINDOWS\System32\svchost.exe[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\2382DE86.x86.dll
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672AAE] \\?\globalroot\Device\__max++>\2382DE86.x86.dll
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A38] \\?\globalroot\Device\__max++>\2382DE86.x86.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\2382DE86.x86.dll (*** hidden *** ) @ C:\Program Files\VUMC\VUMC VPN Client\cvpnd.exe [156] 0x35670000
Library \\?\globalroot\Device\__max++>\2382DE86.x86.dll (*** hidden *** ) @ C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [168] 0x35670000
Library \\?\globalroot\Device\__max++>\2382DE86.x86.dll (*** hidden *** ) @ C:\Program Files\Windows Live\Family Safety\fsssvc.exe [196] 0x35670000
Library \\?\globalroot\Device\__max++>\2382DE86.x86.dll (*** hidden *** ) @ C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [396] 0x35670000
Library \\?\globalroot\Device\__max++>\2382DE86.x86.dll (*** hidden *** ) @ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [596] 0x35670000
Library \\?\globalroot\Device\__max++>\2382DE86.x86.dll (*** hidden *** ) @ C:\Program Files\Dell Support Center\bin\sprtsvc.exe [744] 0x35670000
Library \\?\globalroot\Device\__max++>\2382DE86.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1372] 0x35670000
Library \\?\globalroot\Device\__max++>\2382DE86.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1472] 0x35670000
Library \\?\globalroot\Device\__max++>\2382DE86.x86.dll (*** hidden *** ) @ C:\Program Files\Windows Live\Messenger\msnmsgr.exe [1504] 0x35670000
Library \\?\globalroot\Device\__max++>\2382DE86.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1672] 0x35670000
Library \\?\globalroot\Device\__max++>\2382DE86.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1768] 0x35670000
Library \\?\globalroot\Device\__max++>\2382DE86.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [2492] 0x35670000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ C:\Program Files\Movie Maker\wmm2filt.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ThreadingModel Both
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cc@@cc@
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\2764992158\Groups@\fT 0
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\2764992158\Groups@\vg 1
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\2764992158\Groups@ 1
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\4270109353\Groups@ 0
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\4270109353\Groups@\vg 0
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\4270109353\Groups@vQ 0
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\4270109353\Groups@\fT 1
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\4270109353\Groups@ 1

#13 John_2009

John_2009
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 22 August 2009 - 10:33 AM

fenzodahl512,

The following is the log for combofix.
One error I noticed is
c:\documents and settings.\NetworkService\Favorites\Desktop.ini
c:\documents and settings.\NetworkService\Favorites\Desktop.ini . . . . deletion fails

Thanks,

John

ComboFix 09-08-18.04 - John 2/2009 Sat 9:16.8.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.1022.425 [GMT -5:00]
ִλ: c:\documents and settings\John\Desktop\john\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( ɾĵ )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings.\NetworkService\Favorites\Desktop.ini
c:\documents and settings.\NetworkService\Favorites\Desktop.ini . . . . deletion fails


.
((((((((((((((((((((((((((((((((((((((( / )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( 2009-07-22 2009-08-22 µĵ )))))))))))))))))))))))))))))))
.

2009-08-20 00:54 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-18 01:06 . 2009-08-18 01:06 -------- d-----w- C:\_OTL
2009-08-18 00:56 . 2009-08-22 04:58 -------- d-----w- c:\program files\ERUNT
2009-08-17 05:25 . 2009-08-17 05:25 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Runscanner.net
2009-08-17 05:25 . 2009-08-17 05:25 -------- d-----w- C:\runscanner
2009-08-17 02:33 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-17 02:33 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-17 02:33 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-17 02:33 . 2009-08-17 02:33 -------- d-----w- c:\program files\Avira
2009-08-17 02:33 . 2009-08-17 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-17 00:08 . 2009-08-17 00:08 -------- d-----w- C:\rsit
2009-08-17 00:08 . 2009-08-17 00:08 -------- d-----w- c:\program files\trend micro
2009-08-14 04:11 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-14 00:43 . 2009-08-14 00:43 -------- d-----w- c:\program files\Alwil Software
2009-08-12 04:52 . 2009-08-12 05:09 -------- d-----w- C:\sb
2009-08-12 02:55 . 2009-08-12 04:01 -------- d-----w- C:\SDFIX
2009-08-10 02:35 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 02:35 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 21:45 . 2009-08-09 21:53 -------- d-----w- C:\New virus
2009-08-07 00:27 . 2009-08-07 02:28 -------- d-----w- c:\windows\system32\CatRoot
2009-08-06 08:04 . 2009-08-06 08:04 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-06 08:04 . 2009-08-06 08:04 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 08:03 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 08:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 08:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 08:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 08:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 08:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 08:03 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 08:03 . 2009-08-06 08:03 -------- d-----w- C:\e8345f09ee23ae7997
2009-08-03 01:38 . 2009-08-03 01:38 -------- d-sh--w- c:\documents and settings\Bannana\IETldCache
2009-08-02 05:05 . 2009-08-02 05:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( ڱ޸ĵĵ ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 05:18 . 2009-02-28 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-09 21:51 . 2009-05-23 03:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-07 02:27 . 2005-01-13 00:54 107984 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 08:04 . 2008-08-18 01:36 -------- d-----w- c:\program files\MSBuild
2009-07-31 23:07 . 2008-08-19 02:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 04:58 . 2005-05-27 05:39 -------- d-----w- c:\documents and settings\John\Application Data\Skype
2009-07-16 04:26 . 2008-08-18 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-07 01:13 . 2007-07-05 06:37 -------- d-----w- c:\program files\The KMPlayer
2009-07-03 17:09 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2006-06-09 03:23 . 2006-03-02 04:44 60526 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-06-09 03:23 . 2006-03-02 04:45 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-06-09 03:23 . 2006-03-02 04:44 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-03-08 20:54 . 2009-03-08 20:54 2713 --sh--w- c:\windows\SYSTEM32\gavedewu.exe
.

------- Sigcheck -------

[-] 2004-08-04 11:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SYSTEM32\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-04 11:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SYSTEM32\user32.dll
[-] 2009-06-21 16:08 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SYSTEM32\DLLCACHE\user32.dll

[-] 2004-08-04 11:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SYSTEM32\ws2_32.dll

[-] 2004-09-29 18:27 656896 2C07195588D69A067C2AFDAA31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2005-01-27 17:08 657920 A8EAC5330876548E9966A7D13025D196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-03-10 07:43 657920 C8663B488996E89A84C3D17C1D12B79E c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[-] 2007-04-18 12:46 665600 4261BA03AFD659DE04F0A17DFBDD454D c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[-] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[-] 2007-10-11 05:57 666112 80D660A49E0D118144423099B2A9F5DA c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 17:06 915456 38114DAB42FB2EB84D1726C42B8D80C5 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2004-08-04 11:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB834707$\wininet.dll
[-] 2004-09-29 18:47 656896 CBA65B573C66FE23F647FF96E3A10994 c:\windows\$NtUninstallKB867282$\wininet.dll
[-] 2005-03-10 08:02 656896 6F018D6319BE4F96426EA829B79E05D5 c:\windows\$NtUninstallKB883939$\wininet.dll
[-] 2005-01-27 17:13 656896 B5E043E440B210014E021B24CF0A72E3 c:\windows\$NtUninstallKB890923$\wininet.dll
[-] 2005-07-03 02:11 658432 5B5FF992C0FA762CCF8655FC290E6E52 c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB896727$\wininet.dll
[-] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:17 658944 6B2735ADFF5A5D3B9130CA4A794722F0 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 13:37 658944 8C393DF5234CBCBFF1EE31902D6B40AE c:\windows\$NtUninstallKB931768$\wininet.dll
[-] 2007-02-20 09:48 658944 30D1C47E40EFBB792FF8D3C3B51CE507 c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 2007-04-18 12:31 658944 B7156CD97E739F3014BC4D61758F868A c:\windows\$NtUninstallKB937143$\wininet.dll
[-] 2007-06-26 14:09 658944 184E47C8F7B331025E6DC92740DB188F c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2007-10-11 06:13 659456 2005AD86A22AEE68E21EE59F9CCB77F2 c:\windows\ie7\wininet.dll
[-] 2007-08-14 00:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\ie8\wininet.dll
[-] 2009-03-08 09:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-06-26 14:09 658944 184E47C8F7B331025E6DC92740DB188F c:\windows\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\sp2gdr\wininet.dll
[-] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\sp2qfe\wininet.dll
[-] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[-] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[-] 2009-07-03 17:09 915456 7E8A47A2E6561274B83E257CE74803FD c:\windows\SYSTEM32\wininet.dll
[-] 2009-07-03 17:09 915456 7E8A47A2E6561274B83E257CE74803FD c:\windows\SYSTEM32\DLLCACHE\wininet.dll

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-04 11:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 EF7834C1D9DDF4C7DA697D8C24A03791 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[-] 2008-06-20 11:51 361600 4AFB3B0919649F95C1964AA1FAD27D73 c:\windows\SYSTEM32\DRIVERS\tcpip.sys

[-] 2004-08-04 11:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SYSTEM32\winlogon.exe

[-] 2004-08-04 11:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SYSTEM32\DRIVERS\ndis.sys

[-] 2004-08-04 11:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SYSTEM32\DRIVERS\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 20:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 09:22 2015744 DC097A896A03B8277457D228FD12D4E6 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-08-04 04:59 2015232 FB142B7007CA2EEA76966C6C5CC12150 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2015232 3CD941E472DDF3534E53038535719771 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 12:55 2015744 BBB2322EB14AD9AD55B1024FFD4D88BF c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2008-08-14 09:33 2023936 8206B5F94A6A9450E934029420C1693F c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 18:31 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2007-02-28 08:38 2015744 A58AC1C6199EF34228ABEE7FC057AE09 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\I386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\SYSTEM32\ntkrnlpa.exe
[-] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2009-02-08 00:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 21:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 09:58 2136064 DD31AB4B91C2605601A3C108AF57A0C9 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-04 05:18 2148352 626309040459C3915997EF98EC1C8D40 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:57 2135552 48B3E89AF7074CEE0314A3E0C7FAFFDB c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 14:15 2136064 8318ED54797F3E513FD5817A1D4BBD18 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2008-08-14 10:09 2145280 F6F8245B3A2E9CA834DD318E7AE0C6D0 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 19:24 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 09:08 2136064 1220FAF071DEA8653EE21DE7DCDA8BFD c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\I386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\SYSTEM32\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe

[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 11:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-04 11:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SYSTEM32\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SYSTEM32\DLLCACHE\services.exe

[-] 2004-08-04 11:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SYSTEM32\lsass.exe

[-] 2004-08-04 11:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SYSTEM32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 11:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SYSTEM32\spoolsv.exe

[-] 2004-08-04 11:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SYSTEM32\userinit.exe

[-] 2004-08-04 11:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SYSTEM32\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-04 11:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SYSTEM32\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SYSTEM32\DLLCACHE\kernel32.dll

[-] 2004-08-04 11:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SYSTEM32\powrprof.dll

[-] 2004-08-04 11:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SYSTEM32\imm32.dll

[-] 2004-09-29 17:27 3004928 087FF7C54E7EBE4A59BD4DFC1D0EE9B8 c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll
[-] 2005-01-27 14:08 3008000 91C5ADE25BC4E3322577854FA2E7B58B c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll
[-] 2005-05-02 20:57 3014144 DCC5C79B99F02EEF8C826B074DBFC222 c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2005-03-10 07:43 3011072 255C2CE965543ABDC3E0A25A5DA1874A c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[-] 2005-10-05 00:51 3017728 3394299FBF1CD0B24089FC762611360B c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2005-07-20 02:03 3016192 A14A7A206AE22DE4FE563E44CFC7DDF5 c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[-] 2005-11-24 01:07 3018240 D3F037F5DA702AE9DDD7663EC9D78BA7 c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2006-03-23 20:31 3055616 ABCD123F888E4E97C8751378CCCC4F26 c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2006-05-19 15:06 3055104 8687E029BE63C77D4919485068C54D77 c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-07-28 11:30 3058176 D251679BD9EF0250201FB899EC40FD32 c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-09-14 08:31 3058688 CEFEA1C301139A817931BE132F0359FE c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-10-23 15:34 3061248 88E1C15BB1A9ED3CBA4D6F2F408D5010 c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[-] 2007-01-04 14:05 3062272 1C45525574EF206346FBAFCAAC7CC4A5 c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll
[-] 2007-02-20 06:52 3063296 2991727809C7AC3A33E4178CC73244D8 c:\windows\$hf_mig$\KB931768\SP2QFE\mshtml.dll
[-] 2007-05-04 12:59 3064320 00ADCB32832A10ED9419493BCEA97526 c:\windows\$hf_mig$\KB933566\SP2QFE\mshtml.dll
[-] 2007-06-15 08:12 3064320 53F3FD772C010622346C39284C4A863B c:\windows\$hf_mig$\KB937143\SP2QFE\mshtml.dll
[-] 2007-10-30 09:55 3065856 79314A0A6B0DA78AFE491FF2D8B117BA c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll
[-] 2007-10-30 23:48 3593216 54D8B404F17AA74C666F7F3AEF2AE459 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 03:35 3593728 4D612FF5D3B7EEF200595AE6F95D5E68 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-06-23 16:01 3594240 28B8231CA8D55FC85E027A57C90F5C88 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-08-26 09:08 3594752 25CC085720EE3617FD1F8AB9E2F7CAB2 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-10-16 20:24 3595264 B74F31A4BD83797D7A083F922169287D c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 06:26 3594752 C79FAD61CD4A26ED5AA8C16D991C6FBD c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2009-01-16 16:24 3596288 CC9D001B7370B292C35B366CA05B12B4 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2009-02-21 07:39 3596800 1BB754AB47B327DE8DBF2FA18C36357C c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 04:49 3598336 C6FD770D518FB024245A0EE217D72BC1 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-05-13 05:10 5936128 1290E417BF806185CC7B2845E78A104E c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 13:17 5938176 F25D866DD486AD30E05E5596CB363C3E c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2004-08-04 11:00 3003392 376E0843B2356CA91CEC8D9837A56FF7 c:\windows\$NtUninstallKB834707$\mshtml.dll
[-] 2004-09-29 18:47 3004928 D94E6405E420373161467ACD3DA65640 c:\windows\$NtUninstallKB867282$\mshtml.dll
[-] 2005-03-10 08:02 3010560 84A1B9B0C362051E68BB131F14C6DAAD c:\windows\$NtUninstallKB883939$\mshtml.dll
[-] 2005-01-27 17:13 3006976 FAE3CA9B2459581C45B3A8845BE3077C c:\windows\$NtUninstallKB890923$\mshtml.dll
[-] 2005-07-20 02:00 3014144 31E7520E58E5E4DFA93215A6D5603AF2 c:\windows\$NtUninstallKB896688$\mshtml.dll
[-] 2005-05-02 20:52 3012608 DCFAC5470EE0A159EC4222BC28AE3EE6 c:\windows\$NtUninstallKB896727$\mshtml.dll
[-] 2005-10-04 22:26 3015168 042AC20E084D21DD6BEE99B89CC30FB7 c:\windows\$NtUninstallKB905915$\mshtml.dll
[-] 2005-11-24 01:06 3015680 5E7A39950EA133BB54719A6E08C544A7 c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 2006-03-23 20:32 3053568 DEAA438EA31095E14A196FF647E38D13 c:\windows\$NtUninstallKB916281$\mshtml.dll
[-] 2006-05-19 15:08 3052544 284CE76B71DD5260B42A3CCF0135AF67 c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2006-07-28 11:28 3054080 C7074DA3D8F8C0F6C03874BA0B05069C c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-09-14 08:39 3054592 BE45460D1453B7342E01EAE79BFBC681 c:\windows\$NtUninstallKB925454$\mshtml.dll
[-] 2006-10-23 15:17 3055104 5FC7DE1195C8E9B5360FD65DBE95E5B0 c:\windows\$NtUninstallKB928090$\mshtml.dll
[-] 2007-01-04 13:36 3056640 F31274D7667D83E73C6EE16D2206B76C c:\windows\$NtUninstallKB931768$\mshtml.dll
[-] 2007-02-20 09:48 3056640 6B9D083C0D4C4555FE011B01A98872DA c:\windows\$NtUninstallKB933566$\mshtml.dll
[-] 2007-05-04 12:29 3058688 4D92717B5BBCE85F1254BAD23B0D357C c:\windows\$NtUninstallKB937143$\mshtml.dll
[-] 2007-06-14 16:09 3058688 F049C52772FC86FD5F6C16D77A2A6204 c:\windows\$NtUninstallKB942615$\mshtml.dll
[-] 2007-10-30 10:16 3058688 DA077E334961230C12E3E4D62626286E c:\windows\ie7\mshtml.dll
[-] 2007-08-14 00:54 3578368 C6EC2493346ED8888A549F59210A8ED3 c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-10-31 11:12 3590656 8AB7ECF59D6EBBE986277B65ED4A40A1 c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-04-24 03:16 3591680 8976CAB317105F7431B08EA32AB73C65 c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-06-24 15:57 3592192 EC936148284F557F19C333178768109B c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-08-27 08:24 3593216 1AD035E04A7068EC2820B055A3131ED8 c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-10-17 08:08 3593216 EACAEDEF6FA2A969DE5B36190D45396F c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-12-13 06:40 3593216 121EC39A64D64205A88C2C45B034B455 c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2009-01-17 03:35 3594752 3B413267DA8AE71C20E5EF3E54F74728 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-02-20 18:09 3595264 C7C3E41CC2F6EB4A629FE2184136C098 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-04-29 04:56 3596288 2B4315EC9E3124408A2A5074C4B97700 c:\windows\ie8\mshtml.dll
[-] 2009-03-08 09:41 5937152 D469A0EBA2EF5C6BEE8065B7E3196E5E c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2009-05-13 05:15 5936128 EEAADAA744B20E68CF5EB4FBB4F8AFA9 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2008-04-14 00:11 3066880 A706E122B398FE1AB85CB9B75D044223 c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-06-14 18:09 3058688 F049C52772FC86FD5F6C16D77A2A6204 c:\windows\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\sp2gdr\mshtml.dll
[-] 2007-06-15 08:12 3064320 53F3FD772C010622346C39284C4A863B c:\windows\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\sp2qfe\mshtml.dll
[-] 2009-05-13 05:15 5936128 EEAADAA744B20E68CF5EB4FBB4F8AFA9 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\mshtml.dll
[-] 2009-05-13 05:10 5936128 1290E417BF806185CC7B2845E78A104E c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\mshtml.dll
[-] 2009-07-19 13:18 5937152 5A32B43A48D6DCA339BF24105D9A028F c:\windows\SYSTEM32\mshtml.dll
[-] 2009-07-19 13:18 5937152 5A32B43A48D6DCA339BF24105D9A028F c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

[-] 2004-08-04 04:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SYSTEM32\DRIVERS\kbdclass.sys

[-] 2004-08-04 11:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\SYSTEM32\comres.dll

[-] 2004-08-04 11:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\SYSTEM32\lpk.dll

[-] 2008-08-07 20:27 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\SYSTEM32\DLLCACHE\beep.sys
[-] 2008-08-07 20:27 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\SYSTEM32\DRIVERS\BEEP.SYS

[-] 2004-08-04 11:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\SYSTEM32\DRIVERS\NULL.SYS

[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 04:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\SYSTEM32\DRIVERS\aec.sys

[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 11:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\SYSTEM32\mfc40u.dll

[-] 2005-01-14 05:07 395776 94456045BEB4545B5EBE1DCC85951AFA c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2005-04-28 19:35 396288 DA383FB39A6F1C445F3AFC94B3EB1248 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-07-26 04:20 398336 C369DF215D352B6F3A0B8C3469AA34F8 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2009-02-09 10:56 401408 9222562D44021B988B9F9F62207FB6F2 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2005-07-26 04:39 397824 CE94A2BD25E3E9F4D46A7373FF455C6D c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2004-08-04 11:00 395776 5C83A4408604F737717AB96371201680 c:\windows\$NtUninstallKB873333$\rpcss.dll
[-] 2005-01-14 08:55 395776 419899803CA479B73B02390318C787C0 c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-04-28 19:31 395776 C8061F289E000703E7672916B7FE1571 c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2008-04-14 00:12 399360 2589FE6015A316C0F5D5112B4DA7B509 c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 00:12 399360 2589FE6015A316C0F5D5112B4DA7B509 c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2009-02-09 12:10 401408 6B27A5C03DFB94B4245739065431322C c:\windows\SYSTEM32\rpcss.dll
[-] 2009-02-09 12:10 401408 6B27A5C03DFB94B4245739065431322C c:\windows\SYSTEM32\DLLCACHE\rpcss.dll

[-] 2004-08-04 11:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\SYSTEM32\msgsvc.dll

[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 11:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\SYSTEM32\comctl32.dll
[-] 2004-08-04 11:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\COMCTL32.DLL
[-] 2004-08-04 11:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.DLL
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2008-04-14 00:12 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2004-08-04 11:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\SYSTEM32\DRIVERS\ACPIEC.SYS

[-] 2004-08-04 11:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\SYSTEM32\sfc.dll

[-] 2004-08-04 11:00 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\SYSTEM32\netlogon.dll

[-] 2004-08-04 11:00 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\SYSTEM32\qmgr.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\SYSTEM32\bits\qmgr.dll

[-] 2004-08-04 11:00 180224 0F78E27F563F2AAF74B91A49E2ABF19A c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2008-04-14 00:12 181248 A86BB5E61BF3E39B62AB4C7E7085A084 c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 00:12 60928 !HASH: COULD NOT OPEN FILE !!!!! c:\windows\SYSTEM32\scecli.dll

[-] 2004-08-04 11:00 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\SYSTEM32\eventlog.dll

[-] 2004-08-04 11:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\SYSTEM32\DRIVERS\asyncmac.sys

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 11:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SYSTEM32\DRIVERS\ntfs.sys

[-] 2005-01-28 19:44 25088 140EF97B64F560FD78643CAE2CDAD838 c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 19:44 25088 140EF97B64F560FD78643CAE2CDAD838 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 11:00 52224 C086483E3DBA8C1C0A687EC8D5B3D4C1 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2006-10-19 03:47 27136 C51B4A5C05A5475708E3C81C7765B71D c:\windows\SYSTEM32\mspmsnsv.dll
[-] 2006-10-19 03:47 27136 C51B4A5C05A5475708E3C81C7765B71D c:\windows\SYSTEM32\DLLCACHE\mspmsnsv.dll

[-] 2004-08-04 11:00 129536 EEF46DAB68229A14DA3D8E73C99E2959 c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2008-04-14 00:12 129024 295D21F14C335B53CB8154E5B1F892B9 c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 00:12 129024 295D21F14C335B53CB8154E5B1F892B9 c:\windows\SYSTEM32\xmlprov.dll

[-] 2004-08-04 11:00 60416 10654F9DDCEA9C46CFB77554231BE73B c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2008-04-14 00:11 62464 3D4E199942E29207970E04315D02AD3B c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 00:11 62464 3D4E199942E29207970E04315D02AD3B c:\windows\SYSTEM32\cryptsvc.dll

[-] 2004-08-04 11:00 77312 E3CFCCDDA4EDD1D0DC9168B2E18F27B8 c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2008-04-14 00:11 77824 A06CE3399D16DB864F55FAEB1F1927A9 c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 00:11 77824 A06CE3399D16DB864F55FAEB1F1927A9 c:\windows\SYSTEM32\browser.dll

[-] 2005-07-08 16:28 249344 1418A3A6E76E5A2E3F5E43866E793A8B c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 16:27 249344 FB78839B36025AA286A51289ED28B73E c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 11:00 246272 EB4A4187D74A8EFDCBEA3EA2CB1BDFBD c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2008-04-14 00:12 249856 3CB78C17BB664637787C9A1C98F79C38 c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 00:12 249856 3CB78C17BB664637787C9A1C98F79C38 c:\windows\SYSTEM32\tapisrv.dll

[-] 2008-06-20 17:36 245248 1DFCA7713EA5A70D5D93B436AEA0317A c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 17:46 245248 832E4DD8964AB7ACC880B2837CB1ED20 c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 17:43 245248 FCEE5FCB99F7C724593365C706D28388 c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 17:41 245248 097722F235A1FB698BF9234E01B52637 c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-04-14 00:12 245248 B4138E99236F0F57D4CF49BAE98A0746 c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2004-08-04 11:00 245248 4E74AF063C3271FBEA20DD940CFD1184 c:\windows\$NtUninstallKB951748_0$\mswsock.dll
[-] 2008-04-14 00:12 245248 B4138E99236F0F57D4CF49BAE98A0746 c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2008-06-20 17:46 245248 832E4DD8964AB7ACC880B2837CB1ED20 c:\windows\SYSTEM32\mswsock.dll
[-] 2008-06-20 17:46 245248 832E4DD8964AB7ACC880B2837CB1ED20 c:\windows\SYSTEM32\DLLCACHE\mswsock.dll

[-] 2005-08-22 18:24 197632 3516D8A18B36784B1005B950B84232E1 c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2005-08-22 18:29 197632 36739B39267914BA69AD0610A0299732 c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2004-08-04 11:00 198144 DAB9E6C7105D2EF49876FE92C524F565 c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2008-04-14 00:12 198144 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 00:12 198144 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE c:\windows\SYSTEM32\netman.dll

[-] 2005-07-26 04:20 243200 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2008-07-07 20:06 253952 A4AB3DCA4A383F0DF4988ABDEB84F9A4 c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-07-07 20:26 253952 D4991D98F2DB73C60D042F1AEF79EFAE c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 253952 F17F6226BDC0CD5F0BEF0DAF84D29BEC c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:32 253952 60D1A6342238378BFB7545C81EE3606C c:\windows\$NtServicePackUninstall$\es.dll
[-] 2004-08-04 11:00 243200 ACD36A2DD7D1E9D8A060AA651DC07E63 c:\windows\$NtUninstallKB902400$\es.dll
[-] 2008-04-14 00:11 246272 19A799805B24990867B00C120D300C3A c:\windows\$NtUninstallKB950974$\es.dll
[-] 2005-07-26 04:39 243200 34BBD9ACC1538818F2C878898C64E793 c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2008-04-14 00:11 246272 19A799805B24990867B00C120D300C3A c:\windows\ServicePackFiles\i386\es.dll
[-] 2008-07-07 20:26 253952 D4991D98F2DB73C60D042F1AEF79EFAE c:\windows\SYSTEM32\es.dll
[-] 2008-07-07 20:26 253952 D4991D98F2DB73C60D042F1AEF79EFAE c:\windows\SYSTEM32\DLLCACHE\es.dll

[-] 2004-08-04 11:00 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\SYSTEM32\srsvc.dll

[-] 2004-08-04 11:00 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\SYSTEM32\wscntfy.exe

[-] 2004-08-04 11:00 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\SYSTEM32\ntmssvc.dll

[-] 2004-08-04 11:00 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\ServicePackFiles\i386\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\SYSTEM32\rasauto.dll

[-] 2004-08-04 11:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SYSTEM32\sfcfiles.dll

[-] 2004-08-04 11:00 190976 92360854316611F6CC471612213C3D92 c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2008-04-14 00:12 192512 0A9A7365A1CA4319AA7C1D6CD8E4EAFA c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 00:12 192512 0A9A7365A1CA4319AA7C1D6CD8E4EAFA c:\windows\SYSTEM32\schedsvc.dll

[-] 2004-08-04 11:00 59904 3151427DB7D87107D1C5BE58FAC53960 c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2008-04-14 00:12 59904 5B19B557B0C188210A56A6B699D90B8F c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 00:12 59904 5B19B557B0C188210A56A6B699D90B8F c:\windows\SYSTEM32\regsvc.dll

[-] 2004-08-04 11:00 71680 4B8D61792F7175BED48859CC18CE4E38 c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2008-04-14 00:12 71680 0A5679B3714EDAB99E357057EE88FCA6 c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 00:12 71680 0A5679B3714EDAB99E357057EE88FCA6 c:\windows\SYSTEM32\ssdpsrv.dll

[-] 2007-02-05 20:19 185344 36ACA6CDC19C95FF468A1426EB7F32F0 c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 20:17 185344 ACA5D98663D879C6BAAFCEA7E2F1B710 c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 11:00 185344 0546477BDE979E33294FE97F6B3DE84A c:\windows\$NtUninstallKB931261$\upnphost.dll
[-] 2008-04-14 00:12 185856 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 00:12 185856 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 c:\windows\SYSTEM32\upnphost.dll

[-] 2006-12-19 21:50 135168 53D9184A21C5CBF600D918E51EF3A7E5 c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2006-12-19 21:52 134656 6815DEF9B810AEFAC107EEAF72DA6F82 c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2004-08-04 11:00 134656 E7518DC542D3EBDCB80EDD98462C7821 c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2008-04-14 00:12 135168 1926899BF9FFE2602B63074971700412 c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 00:12 135168 1926899BF9FFE2602B63074971700412 c:\windows\SYSTEM32\shsvcs.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-20_00.57.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-21 23:30 . 2009-08-21 23:30 28672 c:\windows\ERDNT\AutoBackup\8-21-2009\Users\00000002\UsrClass.dat
+ 2009-08-20 23:06 . 2009-08-20 23:06 28672 c:\windows\ERDNT\AutoBackup\8-20-2009\Users\00000002\UsrClass.dat
+ 2009-08-22 05:02 . 2009-08-22 05:02 28672 c:\windows\ERDNT\8-22-2009\Users\00000006\UsrClass.dat
+ 2009-08-22 04:59 . 2009-08-22 04:59 28672 c:\windows\ERDNT\8-21-2009\Users\00000002\UsrClass.dat
+ 2009-08-22 05:02 . 2009-08-22 05:02 8192 c:\windows\ERDNT\8-22-2009\Users\00000004\UsrClass.dat
+ 2009-08-22 05:02 . 2009-08-22 05:02 8192 c:\windows\ERDNT\8-22-2009\Users\00000002\UsrClass.dat
+ 2009-08-21 23:30 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\8-21-2009\ERDNT.EXE
+ 2009-08-20 23:06 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\8-20-2009\ERDNT.EXE
+ 2009-08-22 05:02 . 2009-08-22 05:02 237568 c:\windows\ERDNT\8-22-2009\Users\00000003\NTUSER.DAT
+ 2009-08-22 05:02 . 2009-08-22 05:02 241664 c:\windows\ERDNT\8-22-2009\Users\00000001\NTUSER.DAT
+ 2009-08-22 05:02 . 2005-10-20 17:02 163328 c:\windows\ERDNT\8-22-2009\ERDNT.EXE
+ 2009-08-22 04:59 . 2005-10-20 17:02 163328 c:\windows\ERDNT\8-21-2009\ERDNT.EXE
+ 2009-08-21 23:29 . 2009-08-21 23:30 9797632 c:\windows\ERDNT\AutoBackup\8-21-2009\Users\00000001\NTUSER.DAT
+ 2009-08-20 23:06 . 2009-08-20 23:06 9797632 c:\windows\ERDNT\AutoBackup\8-20-2009\Users\00000001\NTUSER.DAT
+ 2009-08-22 05:02 . 2009-08-22 05:02 9797632 c:\windows\ERDNT\8-22-2009\Users\00000005\NTUSER.DAT
+ 2009-08-22 04:59 . 2009-08-22 04:59 9797632 c:\windows\ERDNT\8-21-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Ҫ ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*ע* հϷȱʡ¼ᱻʾ
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 184320]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-28 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-20 4583424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\SYSTEM32\WDBtnMgr.exe [2005-02-01 331776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sina UC.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sina UC.lnk
backup=c:\windows\pss\Sina UC.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Vanderbilt University VUMC VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Vanderbilt University VUMC VPN Client.lnk
backup=c:\windows\pss\Vanderbilt University VUMC VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^Ƶ.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\Ƶ.lnk
backup=c:\windows\pss\Ƶ.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^ѶQQ.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\ѶQQ.lnk
backup=c:\windows\pss\ѶQQ.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^ѶTM.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\ѶTM.lnk
backup=c:\windows\pss\ѶTM.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Tencent\\qq\\QQ.exe"=
"c:\\Program Files\\Tencent\\qq\\QQLiveUpdate.exe"=
"c:\\Program Files\\Tencent\\qq\\TMDLLs\\TM.exe"=
"c:\\Program Files\\Netease\\popo2004\\Popo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Tencent1\\qq\\QQ.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\vqqsdl.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Tencent1\\qq\\Qzone\\Qzone.exe"=
"c:\\Program Files\\Tencent1\\qq\\QQUpdateCenter.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=
"c:\\Program Files\\Tencent1\\qq\\QzoneMusic.exe"=
"c:\\Program Files\\Tencent1\\qq\\QQMusic.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\MSNShell\\Bin\\engie.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\Tencent\\QQChat\\QQChatUp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\UdaterUI.exe"=
"c:\\Program Files\\Tencent\\QQGame\\QQGameDl.exe"=
"c:\\Program Files\\Dantz\\Retrospect\\wdsvc.exe"=
"c:\\Program Files\\Netease\\POPO\\MyPopo.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Defender\\MsMpEng.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\John\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Ƶ\\isee.exe"=
"c:\\Program Files\\easyMule\\emule.exe"=
"c:\\Program Files\\sina\\SinaUC\\uc.exe"=
"c:\\Program Files\\sina\\SinaShow\\SinaShow.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\dwwin.exe"=
"c:\\Program Files\\Creative\\Shared Files\\CamTray.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\WDC\\SetIcon.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\??䨺?2??\\isee.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11545:TCP"= 11545:TCP:BitComet 11545 TCP
"11545:UDP"= 11545:UDP:BitComet 11545 UDP
"15499:TCP"= 15499:TCP:BitComet 15499 TCP
"15499:UDP"= 15499:UDP:BitComet 15499 UDP
"16982:TCP"= 16982:TCP:BitComet 16982 TCP
"16982:UDP"= 16982:UDP:BitComet 16982 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/16/2009 9:33 PM 108289]
R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [3/27/2009 11:08 PM 55152]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S0 ADProt;ADProt;c:\windows\system32\drivers\ADProt.sys --> c:\windows\system32\drivers\ADProt.sys [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 bot;bot;c:\windows\SYSTEM32\DRIVERS\bot2k.sys [12/28/2004 4:15 PM 21824]
S3 botscsi;botscsi;c:\windows\SYSTEM32\DRIVERS\botscsi2k.sys [12/28/2004 4:15 PM 15640]
S3 inibtmgr;WD Bridge Controller Driver;c:\windows\SYSTEM32\DRIVERS\inibtmgr.sys [1/31/2005 11:24 PM 9728]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\SYSTEM32\DRIVERS\P1120Vid.sys [1/12/2005 8:34 PM 1252474]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - {79007602-0CDB-4405-9DBF-1257BB3226ED}
*NewlyCreated* - {79007602-0CDB-4405-9DBF-1257BB3226EE}
*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226ED}
*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226EE}

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
ƻ ļ

2005-01-13 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]
.
.
------- ɨ -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
IE: c:\program files\Tencent1\qq\SendMMS.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download by easyMule - c:\program files\easyMule\IE2EM.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: ʹѸ - c:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: ʹѸȫ - c:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: ӵQQ - c:\program files\Tencent1\qq\AddEmotion.htm
IE: Ϊ Messenger Live ͷ - c:\program files\MSNShell\Bin\SetMSNDP.htm
IE: ַͨ - c:\program files\CNNIC\Cdn\cnnic.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\Thunder Network\Thunder\Thunder.exe
Trusted Zone: aol.com\free
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\e7rztp3m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- ļ ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.
.
------- ļ -------
.
chm.file="hh.exe" %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 09:54
Windows 5.1.2600 Service Pack 3 NTFS

ɨ豻صĽ

ɨ豻ص

ɨ豻صļ

ɨ
صĵ: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EntDrv51]
"ImagePath"="\??\c:\windows\system32\drivers\EntDrv51.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fssfltr]
"ImagePath"="system32\DRIVERS\fssfltr_tdi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fsssvc]
"ImagePath"="\"c:\program files\Windows Live\Family Safety\fsssvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FsVga]
"ImagePath"="system32\DRIVERS\fsvga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="System32\Drivers\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
"ImagePath"="system32\DRIVERS\hpn.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
"ImagePath"="system32\DRIVERS\i2omp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IAANTMon]
"ImagePath"="c:\program files\Intel\Intel Application Accelerator\iaantmon.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor]
"ImagePath"="system32\drivers\iaStor.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
"ImagePath"="system32\DRIVERS\ini910u.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inibtmgr]
"ImagePath"="system32\DRIVERS\inibtmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC51]
"ImagePath"="system32\DRIVERS\IntelC51.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC52]
"ImagePath"="system32\DRIVERS\IntelC52.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelC53]
"ImagePath"="system32\DRIVERS\IntelC53.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPodService]
"ImagePath"="c:\program files\iPod\bin\iPodService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr]
"ImagePath"="\??\c:\docume~1\QIDAI~1\LOCALS~1\Temp\mbr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McAfeeFramework]
"ImagePath"="\"c:\program files\McAfee\Common Framework\FrameworkService.exe\" /ServiceStart"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McShield]
"ImagePath"="\"c:\program files\McAfee\VirusScan Enterprise\mcshield.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McTaskManager]
"ImagePath"="\"c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfeapfk]
"ImagePath"="system32\drivers\mfeapfk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfeavfk]
"ImagePath"="system32\drivers\mfeavfk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfebopk]
"ImagePath"="system32\drivers\mfebopk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfehidk]
"ImagePath"="system32\drivers\mfehidk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mferkdk]
"ImagePath"="\??\c:\program files\McAfee\VirusScan Enterprise\mferkdk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mfetdik]
"ImagePath"="system32\drivers\mfetdik.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MODEMCSA]
"ImagePath"="system32\drivers\MODEMCSA.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mohfilt]
"ImagePath"="system32\DRIVERS\mohfilt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
"ImagePath"="system32\DRIVERS\mraid35x.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npkcrypt]
"ImagePath"="\??\c:\program files\Tencent\qq\npkcrypt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npkcusb]
"ImagePath"="\??\c:\program files\Tencent\qq\npkcusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odserv]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\omci]
"ImagePath"="system32\DRIVERS\omci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ossrv]
"ImagePath"="system32\DRIVERS\ctoss2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P1120VID]
"ImagePath"="system32\DRIVERS\P1120Vid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P17]
"ImagePath"="system32\drivers\P17.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
"ImagePath"="system32\DRIVERS\perc2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
"ImagePath"="system32\DRIVERS\perc2hib.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
"ImagePath"="system32\DRIVERS\ql1080.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
"ImagePath"="system32\DRIVERS\ql10wnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
"ImagePath"="system32\DRIVERS\ql12160.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
"ImagePath"="system32\DRIVERS\ql1240.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
"ImagePath"="system32\DRIVERS\ql1280.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RetroWDSvc]
"ImagePath"="c:\progra~1\Dantz\RETROS~1\wdsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbp2port]
"ImagePath"="system32\DRIVERS\sbp2port.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SeaPort]
"ImagePath"="\"c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sisagp]
"ImagePath"="system32\DRIVERS\sisagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
"ImagePath"="system32\DRIVERS\sparrow.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sprtsvc_dellsupportcenter]
"ImagePath"="c:\program files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdbhk5]
"ImagePath"="system32\drivers\sscdbhk5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssmdrv]
"ImagePath"="system32\DRIVERS\ssmdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssrtln]
"ImagePath"="system32\drivers\ssrtln.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
"ImagePath"="system32\DRIVERS\symc810.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
"ImagePath"="system32\DRIVERS\symc8xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
"ImagePath"="system32\DRIVERS\sym_hi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
"ImagePath"="system32\DRIVERS\sym_u3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnboio]
"ImagePath"="system32\dla\tfsnboio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsncofs]
"ImagePath"="system32\dla\tfsncofs.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsndrct]
"ImagePath"="system32\dla\tfsndrct.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsndres]
"ImagePath"="system32\dla\tfsndres.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnifs]
"ImagePath"="system32\dla\tfsnifs.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnopio]
"ImagePath"="system32\dla\tfsnopio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnpool]
"ImagePath"="system32\dla\tfsnpool.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnudf]
"ImagePath"="system32\dla\tfsnudf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tfsnudfa]
"ImagePath"="system32\dla\tfsnudfa.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
"ImagePath"="system32\DRIVERS\toside.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
"ImagePath"="system32\DRIVERS\ultra.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\viaagp]
"ImagePath"="system32\DRIVERS\viaagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
"ImagePath"="system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="\??\c:\windows\system32\vsdatant.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w32time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wanatw]
"ImagePath"="system32\DRIVERS\wanatw4.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinDefend]
"ImagePath"="\"c:\program files\Windows Defender\MsMpEng.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMDM PMSP Service]
"ImagePath"="c:\windows\system32\MsPMSPSv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{09C79D45-9730-4048-B6EF-EE94A96051EF}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{6B64B0F8-F8E6-4945-95CE-EF084C2D7373}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{9EB22341-AF89-466E-B457-370554A16C68}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{C5F297F4-ECC2-4841-8A65-B90D6DE5F1DD}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FA02639A-A610-445E-87AD-D067BF7EE80F}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-603982993-1017363278-2204760330-1006\Software\Microsoft\Internet Explorer\MenuExt\mR0RQ*Q*h`]
@="c:\\Program Files\\Tencent1\\qq\\AddEmotion.htm"
"contexts"=dword:00000002
.
--------------------- нµĶ̬ӿ ---------------------

- - - - - - - > 'explorer.exe'(128)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ н ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\VUMC\VUMC VPN Client\cvpnd.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Dantz\Retrospect\wdsvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\windows\SYSTEM32\conime.exe
c:\program files\McAfee\Common Framework\Mctray.exe
.
**************************************************************************
.
ʱ: 2009-08-22 10:08 -
ComboFix-quarantined-files.txt 2009-08-22 15:08
ComboFix2.txt 2009-08-22 04:22
ComboFix3.txt 2009-08-20 01:10
ComboFix4.txt 2009-04-07 03:34
ComboFix5.txt 2009-08-22 14:14

Pre-Run: 49,561,481,216 bytes free
Post-Run: 49,480,347,648 bytes free

1228 --- E O F --- 2009-08-22 08:00

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 22 August 2009 - 10:37 AM

Please save this file to your Desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 John_2009

John_2009
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 22 August 2009 - 12:15 PM

fenzodahl512,

The following is the log:

Thanks,

John

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SYSTEM32\scecli.dll

[1] 2004-08-04 06:00:00 180224 C:\WINDOWS\$NtServicePackUninstall$\scecli.dll (Microsoft Corporation)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users