Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

new user need help


  • This topic is locked This topic is locked
5 replies to this topic

#1 llleuroRlll

llleuroRlll

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 21 October 2009 - 12:26 AM

hi Hijackthis community, i just experienced a suspension from my ISP (rogers in canada) because of a possible BOT infection, and the security department recommanded me using HiJackThis to do system scan and seeking help in this community.

so i did as they recommanded me and did HijackThis scan and here is my result on my Vista...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:18 AM, on 21/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\Users\jojo\AppData\Roaming\Rogers Online Protection\Rogers Servicepoint Agent\downloads\Rogers_Online_Protection.41.exe.dir\Rogers_Online_Protection.exe
C:\Users\jojo\AppData\Local\Temp\pb35A5\InstallLauncher.exe
C:\Users\jojo\AppData\Local\Temp\pb35A5\setup.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\CA-SupportBridge\Controller.exe
C:\Program Files\CA-SupportBridge\Customer.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RogersServicepointAgent.exe] "C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-4164546791-2840903524-405394105-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://sympatico.zone.msn.com/bingame/feed...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Rogers Online Protection (Radialpoint Security Services) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
O23 - Service: Rogers Online Protection SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Rogers Online Protection\Rogers Online Protection\SafeConnect\Bin\SanaAgent.exe
O23 - Service: Rogers Online Protection Firewall (RP_FWS) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe

--
End of file - 11097 bytes


btw, i have 2 desktops running , 1 XP, 1 Vista... both have separate system drive and storage drives (which only contain media/data files), i've already formatted my XP and reinstalled XP, so that machine should be fine now ...... but i really don't want to reformat my current vista machine since it'll take way too much time reinstalling everything that im currently using...
so I really need help identifying and removing w/e it is that infected my computer... Thanks all in advance......

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:20 AM

Posted 21 October 2009 - 07:22 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemdrive%\*.exe
    %systemroot%\system32\drivers\*.sys


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 llleuroRlll

llleuroRlll
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 22 October 2009 - 11:03 PM

Hello Sam, thank you for looking into my situation.

Reguarding the question of how my computer is reacting, i really don't feel any thing is being slow or buggy... I don't remember the system crashing or freezing ever since i built this machine (around May) but since my ISP even suspended my connection, so i'm just guessing there's some sort of bad infection going on within...

so here goes my vista's scan results with your programs ! thx again !

Malwarebytes' Anti-Malware 1.41
Database version: 3015
Windows 6.0.6002 Service Pack 2

22/10/2009 11:55:41 PM
mbam-log-2009-10-22 (23-55-41).txt

Scan type: Quick Scan
Objects scanned: 90113
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 llleuroRlll

llleuroRlll
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 22 October 2009 - 11:07 PM

OTL logfile created on: 23/10/2009 12:05:06 AM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Users\jojo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 87.51% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.45 Gb Total Space | 97.39 Gb Free Space | 42.08% Space Free | Partition Type: NTFS
Drive D: | 700.07 Gb Total Space | 296.42 Gb Free Space | 42.34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOJO-
Current User Name: jojo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/23 00:04:26 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
PRC - [2009/10/21 02:31:15 | 00,175,184 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
PRC - [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/08/27 01:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/01 12:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/06/22 10:48:16 | 00,388,336 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\rps.exe
PRC - [2009/06/22 10:47:20 | 00,371,440 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
PRC - [2009/06/10 08:34:48 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/06/10 06:33:00 | 00,232,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvSCPAPISvr.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/23 09:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009/04/11 02:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/04/11 02:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/04/03 14:51:32 | 00,143,360 | ---- | M] (Kaspersky Lab.) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Kav\Bin\ScanningProcess.exe
PRC - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 14:13:52 | 03,228,912 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
PRC - [2009/02/27 14:13:52 | 00,398,576 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/03 00:55:42 | 05,381,632 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TurboV.exe
PRC - [2008/11/26 10:36:12 | 00,323,584 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2008/11/14 18:28:10 | 04,937,752 | R--- | M] (Sana Security) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\SafeConnect\Bin\SanaAgent.exe
PRC - [2008/11/11 23:42:42 | 06,687,264 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2008/09/22 16:58:46 | 00,066,824 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
PRC - [2008/09/22 16:58:44 | 00,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
PRC - [2008/08/15 04:23:20 | 00,086,016 | R--- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
PRC - [2008/01/20 22:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/20 22:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/20 22:24:39 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskmgr.exe
PRC - [2008/01/20 22:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/20 15:35:40 | 01,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/09/20 15:35:38 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2007/09/20 15:35:10 | 00,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007/09/20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (nSvcIp [Auto | Stopped])
SRV - File not found -- -- (MBDRU [On_Demand | Stopped])
SRV - File not found -- -- (IKPOAFLY [On_Demand | Stopped])
SRV - [2009/10/21 02:31:15 | 00,175,184 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe -- (Radialpoint Security Services [On_Demand | Running])
SRV - [2009/06/22 10:47:20 | 00,371,440 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe -- (RP_FWS [Auto | Running])
SRV - [2009/06/10 08:34:48 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2009/06/10 06:33:00 | 00,232,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvSCPAPISvr.exe -- (Stereo Service [Auto | Running])
SRV - [2009/05/25 23:39:00 | 02,796,757 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2009/04/11 02:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc [Auto | Running])
SRV - [2009/03/30 00:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/30 00:42:10 | 00,031,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/18 14:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/18 14:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/02/18 14:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/11/26 10:36:12 | 00,323,584 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES [Auto | Running])
SRV - [2008/11/14 18:28:10 | 04,937,752 | R--- | M] (Sana Security) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\SafeConnect\Bin\SanaAgent.exe -- (RadialpointSafeConnectAgent [Auto | Running])
SRV - [2008/09/22 16:58:48 | 00,910,600 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine [On_Demand | Stopped])
SRV - [2008/09/22 16:58:44 | 00,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent [Auto | Running])
SRV - [2008/08/15 04:23:20 | 00,086,016 | R--- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe -- (AsSysCtrlService [Auto | Running])
SRV - [2008/01/20 22:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/01/20 22:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 22:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2007/09/20 15:35:38 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2007/09/20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])

========== Modules (SafeList) ==========

MOD - [2009/10/23 00:04:26 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
MOD - [2009/04/11 02:28:21 | 02,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2009/04/11 02:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:15 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2006/11/02 05:46:13 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SFC.DLL
MOD - [2006/11/02 05:46:07 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-4164546791-2840903524-405394105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKU\S-1-5-21-4164546791-2840903524-405394105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-4164546791-2840903524-405394105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-4164546791-2840903524-405394105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4164546791-2840903524-405394105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4164546791-2840903524-405394105-1000\..\URLSearchHook: FBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4164546791-2840903524-405394105-1000\S-1-5-21-4164546791-2840903524-405394105-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 18:07:33 | 00,000,000 | ---D | M]


O1 HOSTS File: (347151 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11904 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll (Rogers)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-4164546791-2840903524-405394105-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RogersServicepointAgent.exe] C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-4164546791-2840903524-405394105-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-4164546791-2840903524-405394105-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4164546791-2840903524-405394105-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4164546791-2840903524-405394105-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-4164546791-2840903524-405394105-1000\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://sympatico.zone.msn.com/bingame/feed...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.77.0.11 207.200.7.21
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e5cd8fae-7bd2-11de-8494-00248c53fd1b}\Shell - "" = AutoRun
O33 - MountPoints2\{e5cd8fae-7bd2-11de-8494-00248c53fd1b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/21 00:18:20 | 00,000,000 | ---D | C] -- C:\ProgramData\CA-SupportBridge
[2009/10/22 23:49:42 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/21 00:22:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Raxco
[2009/10/20 23:49:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Rogers Online Protection
[2009/10/21 10:49:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/10/22 23:49:47 | 00,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Malwarebytes
[2009/10/20 13:31:58 | 00,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\PeerNetworking
[2009/10/20 23:50:12 | 00,000,000 | ---D | C] -- C:\Users\jojo\AppData\Roaming\Rogers Online Protection
[2009/10/20 19:39:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/10/15 21:12:49 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe(1)
[2009/10/21 00:18:29 | 00,000,000 | ---D | C] -- C:\Program Files\CA-SupportBridge
[2009/10/22 23:49:42 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/15 20:38:36 | 00,000,000 | ---D | C] -- C:\Program Files\Maple 12
[2009/10/21 00:22:48 | 00,000,000 | ---D | C] -- C:\Program Files\Raxco
[2009/10/20 23:49:04 | 00,000,000 | ---D | C] -- C:\Program Files\Rogers Online Protection
[2009/10/21 10:49:38 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/14 17:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2009/10/21 00:31:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/11 13:23:01 | 00,000,000 | ---D | C] -- C:\Program Files\WinAce
[2009/10/15 20:38:36 | 00,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2009/10/23 00:04:20 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
[2009/10/22 23:49:43 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/22 23:49:42 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/10/22 23:49:06 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\jojo\Desktop\mbam-setup.exe
[2009/10/21 00:23:42 | 00,053,192 | ---- | C] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys
[2009/10/21 00:23:35 | 00,048,384 | ---- | C] (Radialpoint, Inc.) -- C:\Windows\System32\drivers\rp_pkt32.sys
[2009/10/21 00:22:53 | 00,071,184 | ---- | C] (Raxco Software, Inc.) -- C:\Windows\System32\drivers\DefragFS.sys
[2009/10/15 20:39:29 | 00,000,000 | ---D | C] -- C:\watcom-1.3

========== Files - Modified Within 14 Days ==========

[5 C:\Windows\System32\*.tmp files]
[2 C:\Windows\*.tmp files]
[2009/10/23 00:05:29 | 04,825,888 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/10/23 00:04:26 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Users\jojo\Desktop\OTL.exe
[2009/10/22 23:49:46 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/22 23:49:25 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/10/22 23:49:24 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/10/22 23:49:10 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\jojo\Desktop\mbam-setup.exe
[2009/10/22 23:37:14 | 00,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/22 23:37:14 | 00,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/22 19:38:16 | 00,000,012 | -H-- | M] () -- C:\Windows\System32\%sdvmexp.idx
[2009/10/22 17:41:58 | 00,704,434 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/22 17:41:58 | 00,608,710 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/22 17:41:58 | 00,109,474 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/22 17:37:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/22 17:37:12 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/22 17:37:10 | 34,886,73792 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/22 09:19:16 | 00,064,004 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/10/22 09:18:38 | 04,844,461 | -H-- | M] () -- C:\Users\jojo\AppData\Local\IconCache.db
[2009/10/21 15:37:59 | 00,347,151 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/10/21 12:07:45 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/10/21 10:49:43 | 00,001,055 | ---- | M] () -- C:\Users\jojo\Desktop\Spybot - Search & Destroy.lnk
[2009/10/21 02:09:34 | 00,000,020 | ---- | M] () -- C:\Windows\System32\SYSTEM
[2009/10/21 00:31:48 | 00,001,874 | ---- | M] () -- C:\Users\jojo\Desktop\HijackThis.lnk
[2009/10/21 00:22:40 | 00,002,138 | ---- | M] () -- C:\Users\Public\Desktop\Rogers Online Protection.lnk
[2009/10/20 13:42:26 | 00,099,424 | ---- | M] () -- C:\Users\jojo\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/20 13:41:46 | 00,368,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/20 13:31:59 | 00,020,591 | ---- | M] () -- C:\Users\jojo\AppData\Roaming\UserTile.png

========== Files - No Company Name ==========
[2009/10/22 23:49:46 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/22 19:38:16 | 00,000,012 | -H-- | C] () -- C:\Windows\System32\%sdvmexp.idx
[2009/10/21 12:07:45 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/21 10:49:43 | 00,001,055 | ---- | C] () -- C:\Users\jojo\Desktop\Spybot - Search & Destroy.lnk
[2009/10/21 02:09:34 | 00,000,020 | ---- | C] () -- C:\Windows\System32\SYSTEM
[2009/10/21 02:08:28 | 00,064,004 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/10/21 02:08:17 | 04,822,304 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/10/21 00:31:48 | 00,001,874 | ---- | C] () -- C:\Users\jojo\Desktop\HijackThis.lnk
[2009/10/21 00:22:40 | 00,002,138 | ---- | C] () -- C:\Users\Public\Desktop\Rogers Online Protection.lnk
[2009/10/21 00:18:33 | 00,000,658 | ---- | C] () -- C:\Program Files\RejoinCommandLine.txt
[2009/10/20 13:31:59 | 00,020,591 | ---- | C] () -- C:\Users\jojo\AppData\Roaming\UserTile.png
[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/03 18:55:35 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/24 01:12:13 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/24 01:12:12 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/11 18:30:40 | 00,000,092 | ---- | C] () -- C:\Users\jojo\AppData\Local\fusioncache.dat
[2009/06/11 18:04:45 | 00,022,328 | ---- | C] () -- C:\Users\jojo\AppData\Roaming\PnkBstrK.sys
[2009/06/10 06:31:04 | 00,089,088 | ---- | C] () -- C:\Windows\System32\nvimage.dll
[2009/06/09 00:03:54 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/05 13:13:20 | 00,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/05/31 14:26:58 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/31 08:25:56 | 00,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2009/05/31 08:25:56 | 00,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2009/05/31 08:14:26 | 04,844,461 | -H-- | C] () -- C:\Users\jojo\AppData\Local\IconCache.db
[2009/05/31 08:11:55 | 00,036,349 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/05/31 08:11:36 | 00,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/05/31 08:11:28 | 00,028,187 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/05/31 08:08:09 | 00,099,424 | ---- | C] () -- C:\Users\jojo\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/05/31 08:07:55 | 00,001,356 | ---- | C] () -- C:\Users\jojo\AppData\Local\d3d9caps.dat
[2009/05/31 01:12:36 | 00,138,240 | ---- | C] () -- C:\Users\jojo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/31 00:03:29 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/11/07 18:08:20 | 00,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2008/10/14 16:09:12 | 00,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/12/28 03:22:02 | 00,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006/11/02 08:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/10/20 19:39:08 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Media Center Programs
[2009/10/20 19:39:08 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Media Center Programs
[2009/10/22 23:49:47 | 00,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming
[2009/05/31 01:37:35 | 00,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\DAEMON Tools Lite
[2009/10/20 13:25:43 | 00,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\dvdcss
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Media Center Programs
[2009/10/20 13:31:58 | 00,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\PeerNetworking
[2009/10/21 02:30:29 | 00,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Rogers Online Protection
[2009/06/08 16:37:42 | 00,000,000 | RH-D | M] -- C:\Users\jojo\AppData\Roaming\SecuROM
[2009/06/03 20:08:35 | 00,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Stardock
[2009/10/20 13:25:43 | 00,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\uTorrent
[2009/10/20 13:25:43 | 00,000,000 | ---D | M] -- C:\Users\jojo\AppData\Roaming\Ventrilo
[2009/10/22 17:37:14 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/22 09:18:54 | 00,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >

< %systemroot%\system32\drivers\*.sys >
[2008/01/20 22:23:21 | 00,053,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\1394bus.sys
[2009/04/11 02:32:46 | 00,265,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\acpi.sys
[2008/01/20 22:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys
[2008/01/20 22:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys
[2008/01/20 22:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys
[2008/01/20 22:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys
[2009/04/11 00:47:03 | 00,273,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\afd.sys
[2008/01/20 22:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\AGP440.sys
[2008/01/20 22:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys
[2008/01/20 22:23:01 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\AMDAGP.SYS
[2008/01/20 22:23:00 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdide.sys
[2008/01/20 22:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdk7.sys
[2008/01/20 22:23:00 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdk8.sys
[2008/01/20 22:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys
[2008/01/20 22:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys
[2006/10/18 01:44:48 | 00,007,680 | ---- | M] () -- C:\Windows\system32\drivers\ASACPI.sys
[2007/12/17 05:14:06 | 00,012,400 | R--- | M] () -- C:\Windows\system32\drivers\AsIO.sys
[2007/12/28 03:22:02 | 00,010,296 | ---- | M] () -- C:\Windows\system32\drivers\ASUSHWIO.SYS
[2008/01/20 22:24:04 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\asyncmac.sys
[2009/04/11 02:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\atapi.sys
[2009/04/11 02:32:42 | 00,109,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ataport.sys
[2008/01/20 22:23:00 | 00,028,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\battc.sys
[2008/01/20 22:23:31 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bdasup.sys
[2008/01/20 22:23:44 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\beep.sys
[2008/01/20 22:23:01 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\blbdrive.sys
[2008/01/20 22:23:53 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bowser.sys
[2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\BrFiltLo.sys
[2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\BrFiltUp.sys
[2009/04/11 01:42:55 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bridge.sys
[2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\BrSerId.sys
[2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\BrSerWdm.sys
[2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\BrUsbMdm.sys
[2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\BrUsbSer.sys
[2006/11/02 04:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bthmodem.sys
[2008/01/20 22:23:51 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cdfs.sys
[2009/04/11 00:39:17 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cdrom.sys
[2008/01/20 22:23:26 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\circlass.sys
[2009/04/11 02:32:43 | 00,125,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Classpnp.sys
[2008/01/20 22:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys
[2008/01/20 22:23:00 | 00,020,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\compbatt.sys
[2009/04/11 02:32:30 | 00,035,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\crashdmp.sys
[2008/01/20 22:23:22 | 00,024,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\crcdisk.sys
[2008/01/20 22:23:00 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\crusoe.sys
[2008/08/28 13:16:40 | 00,071,184 | ---- | M] (Raxco Software, Inc.) -- C:\Windows\system32\drivers\DefragFS.sys
[2009/04/11 00:14:12 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dfsc.sys
[2009/04/11 02:32:31 | 00,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\disk.sys
[2009/04/11 00:39:11 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Diskdump.sys
[2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys
[2008/01/20 22:23:20 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\drmk.sys
[2008/01/20 22:23:21 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\drmkaud.sys
[2009/04/11 02:32:29 | 00,027,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Dumpata.sys
[2008/01/20 22:24:21 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxapi.sys
[2009/04/11 00:23:23 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxg.sys
[2009/04/11 00:23:48 | 00,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgkrnl.sys
[2008/01/20 22:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\E1G60I32.sys
[2009/04/11 02:32:43 | 00,141,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ecache.sys
[2008/01/20 22:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys
[2008/01/20 22:23:00 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\errdev.sys
[2009/04/11 00:13:53 | 00,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\exfat.sys
[2009/04/11 00:13:52 | 00,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fastfat.sys
[2008/01/20 22:23:20 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fdc.sys
[2008/01/20 22:24:04 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fileinfo.sys
[2008/01/20 22:24:21 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\filetrace.sys
[2008/01/20 22:23:20 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\flpydisk.sys
[2009/04/11 02:32:46 | 00,190,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fltMgr.sys
[2008/01/20 22:24:06 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fs_rec.sys
[2009/04/11 02:32:43 | 00,099,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\FWPKCLNT.SYS
[2008/01/20 22:23:22 | 00,061,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\GAGP30KX.SYS
[2009/04/11 00:42:42 | 00,561,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hdaudbus.sys
[2006/11/02 03:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\HdAudio.sys
[2006/11/02 04:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidbth.sys
[2009/04/11 00:42:48 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidclass.sys
[2006/11/02 04:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidir.sys
[2008/01/20 22:23:26 | 00,025,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidparse.sys
[2009/04/11 00:42:48 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidusb.sys
[2008/01/20 22:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\HpCISSs.sys
[2009/04/11 00:45:32 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\http.sys
[2008/01/20 22:23:02 | 00,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\i2omgmt.sys
[2008/01/20 22:23:02 | 00,030,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\i2omp.sys
[2008/01/20 22:23:20 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\i8042prt.sys
[2008/01/20 22:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iaStorV.sys
[2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys
[2008/01/20 22:23:00 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\intelide.sys
[2008/01/20 22:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\intelppm.sys
[2008/01/20 22:24:45 | 00,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ipfltdrv.sys
[2008/01/20 22:23:22 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\IPMIDrv.sys
[2008/01/20 22:24:25 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ipnat.sys
[2008/01/20 22:24:31 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\irda.sys
[2008/01/20 22:23:54 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\irenum.sys
[2008/01/20 22:23:01 | 00,049,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\isapnp.sys
[2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys
[2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys
[2008/01/20 22:23:23 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\kbdclass.sys
[2008/01/20 22:23:23 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\kbdhid.sys
[2009/04/03 14:51:34 | 00,120,336 | ---- | M] (Kaspersky Lab) -- C:\Windows\system32\drivers\klif.sys
[2008/10/09 15:42:42 | 00,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\system32\drivers\KMWDFILTER.sys
[2009/04/11 00:38:49 | 00,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ks.sys
[2009/06/15 19:15:25 | 00,439,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2008/01/20 22:24:37 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\lltdio.sys
[2008/01/20 22:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys
[2008/01/20 22:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys
[2008/01/20 22:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys
[2008/01/20 22:24:37 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\luafv.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys
[2008/01/20 22:24:47 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mcd.sys
[2008/01/20 22:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys
[2008/01/20 22:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\MegaSR.sys
[2008/01/20 22:24:57 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\modem.sys
[2008/01/20 22:23:22 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\monitor.sys
[2008/01/20 22:23:20 | 00,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mouclass.sys
[2008/01/20 22:23:20 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mouhid.sys
[2008/01/20 22:23:43 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mountmgr.sys
[2008/01/20 22:23:20 | 00,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mpio.sys
[2008/01/20 22:24:47 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mpsdrv.sys
[2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\Mraid35x.sys
[2009/04/11 00:14:40 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxdav.sys
[2009/04/11 00:14:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb.sys
[2009/04/11 00:14:36 | 00,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb10.sys
[2009/04/11 00:14:29 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb20.sys
[2008/01/20 22:23:00 | 00,028,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msahci.sys
[2008/01/20 22:23:21 | 00,094,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msdsm.sys
[2008/01/20 22:23:51 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msfs.sys
[2008/01/20 22:23:01 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msisadrv.sys
[2009/04/11 02:32:46 | 00,180,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msiscsi.sys
[2008/01/20 22:24:50 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mskssrv.sys
[2008/01/20 22:24:51 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mspclock.sys
[2008/01/20 22:24:51 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mspqm.sys
[2009/04/11 02:32:46 | 00,161,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msrpc.sys
[2008/01/20 22:23:01 | 00,031,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mssmbios.sys
[2008/01/20 22:24:51 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mstee.sys
[2009/04/11 02:32:31 | 00,048,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mup.sys
[2009/04/11 02:32:49 | 00,527,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndis.sys
[2008/01/20 22:24:25 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndistapi.sys
[2008/01/20 22:24:55 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndisuio.sys
[2009/04/11 00:46:32 | 00,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndiswan.sys
[2008/01/20 22:24:25 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndproxy.sys
[2008/01/20 22:24:20 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\netbios.sys
[2009/04/11 00:45:37 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\netbt.sys
[2009/04/11 02:32:46 | 00,223,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\netio.sys
[2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys
[2009/04/11 00:14:01 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\npfs.sys
[2008/01/20 22:24:47 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\nsiproxy.sys
[2009/04/11 02:32:49 | 01,083,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ntfs.sys
[2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys
[2008/01/20 22:23:50 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\null.sys
[2009/06/10 06:03:00 | 09,899,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvlddmkm.sys
[2008/08/01 11:51:14 | 01,052,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvmfdx32.sys
[2008/01/20 22:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys
[2008/08/25 02:22:52 | 00,015,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvsmu.sys
[2008/01/20 22:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys
[2008/01/20 22:23:01 | 00,109,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\NV_AGP.SYS
[2009/04/11 00:43:28 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\nwifi.sys
[2009/04/11 00:43:04 | 00,062,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ohci1394.sys
[2009/04/11 00:45:51 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pacer.sys
[2006/11/02 04:51:30 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\parport.sys
[2009/04/11 02:32:31 | 00,054,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\partmgr.sys
[2006/11/02 04:51:23 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\parvdm.sys
[2009/04/11 02:32:55 | 00,149,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pci.sys
[2009/04/11 02:32:49 | 00,014,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pciide.sys
[2009/04/11 02:32:52 | 00,043,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pciidex.sys
[2006/11/02 05:51:12 | 00,167,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pcmcia.sys
[2006/11/02 05:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\PEAuth.sys
[2009/04/11 00:42:50 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\portcls.sys
[2008/01/20 22:23:00 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\processr.sys
[2008/01/20 22:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys
[2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys
[2008/01/20 22:23:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\qwavedrv.sys
[2008/01/20 22:24:19 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rasacd.sys
[2008/01/20 22:24:55 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rasl2tp.sys
[2009/04/11 00:46:30 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\raspppoe.sys
[2008/01/20 22:24:55 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\raspptp.sys
[2009/04/11 00:46:40 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rassstp.sys
[2009/04/11 00:14:29 | 00,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdbss.sys
[2008/01/20 22:24:06 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\RDPCDD.sys
[2008/01/20 22:23:01 | 00,248,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpdr.sys
[2008/01/20 22:24:50 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\RDPENCDD.sys
[2009/04/11 00:51:27 | 00,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys
[2009/04/11 00:45:24 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rmcast.sys
[2009/04/11 00:46:07 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\RNDISMP.sys
[2008/01/20 22:24:49 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rootmdm.sys
[2008/08/06 21:20:06 | 00,048,384 | ---- | M] (Radialpoint, Inc.) -- C:\Windows\system32\drivers\rp_pkt32.sys
[2008/11/26 15:19:56 | 00,053,192 | ---- | M] (Radialpoint Inc.) -- C:\Windows\system32\drivers\rp_skt32.sys
[2008/01/20 22:24:37 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rspndr.sys
[2008/11/11 05:15:12 | 02,236,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTKVHDA.sys
[2006/11/02 05:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sbp2port.sys
[2008/01/20 22:23:54 | 00,142,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\scsiport.sys
[2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\system32\drivers\secdrv.sys
[2008/01/20 22:23:01 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\serenum.sys
[2008/01/20 22:23:01 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\serial.sys
[2008/01/20 22:23:20 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sermouse.sys
[2008/01/20 22:23:27 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\serscan.sys
[2008/01/20 22:23:23 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sffdisk.sys
[2008/01/20 22:23:23 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sffp_mmc.sys
[2008/01/20 22:23:23 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sffp_sd.sys
[2006/11/02 04:51:40 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sfloppy.sys
[2008/01/20 22:23:01 | 00,055,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\SISAGP.SYS
[2008/01/20 22:23:26 | 00,041,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sisraid2.sys
[2008/01/20 22:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys
[2009/04/11 00:45:22 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\smb.sys
[2008/01/20 22:24:55 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\smclib.sys
[2008/01/20 22:24:11 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\spldr.sys
[2009/04/10 22:52:40 | 00,684,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\spsys.sys
[2009/05/31 00:03:29 | 00,721,904 | ---- | M] () -- C:\Windows\system32\drivers\sptd.sys
[2009/04/11 00:15:20 | 00,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srv.sys
[2009/09/14 05:29:50 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srv2.sys
[2009/04/11 00:15:02 | 00,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srvnet.sys
[2008/10/14 16:09:12 | 00,005,504 | ---- | M] () -- C:\Windows\system32\drivers\StarOpen_x86.sys
[2009/04/11 02:32:54 | 00,122,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Storport.sys
[2009/04/11 00:42:47 | 00,052,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\stream.sys
[2008/01/20 22:23:01 | 00,015,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\swenum.sys
[2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys
[2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys
[2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys
[2008/01/20 22:24:44 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tape.sys
[2009/08/14 12:27:34 | 00,904,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
[2009/08/14 09:48:21 | 00,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpipreg.sys
[2008/01/20 22:24:05 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdi.sys
[2008/01/20 22:24:08 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdpipe.sys
[2008/01/20 22:24:08 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdtcp.sys
[2009/04/11 00:45:56 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdx.sys
[2009/04/11 02:32:52 | 00,053,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\termdd.sys
[2008/01/20 22:24:59 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tssecsrv.sys
[2008/01/20 22:24:25 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\TUNMP.SYS
[2008/01/20 22:24:25 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tunnel.sys
[2008/01/20 22:23:22 | 00,059,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\UAGP35.SYS
[2009/04/11 00:13:59 | 00,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\udfs.sys
[2008/01/20 22:23:01 | 00,060,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ULIAGPKX.SYS
[2008/01/20 22:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys
[2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys
[2008/01/20 22:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys
[2008/01/20 22:23:22 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\umbus.sys
[2008/01/20 22:23:49 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\umpass.sys
[2009/04/11 00:46:08 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usb8023.sys
[2009/04/11 00:42:56 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\USBCAMD.sys
[2009/04/11 00:42:56 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\USBCAMD2.sys
[2008/01/20 22:23:20 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbccgp.sys
[2006/11/02 04:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbcir.sys
[2008/01/20 22:23:03 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbd.sys
[2009/04/11 00:42:52 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbehci.sys
[2009/04/11 00:43:16 | 00,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbhub.sys
[2009/04/11 00:42:52 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbohci.sys
[2009/04/11 00:42:57 | 00,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbport.sys
[2006/11/02 05:14:58 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbprint.sys
[2009/04/11 00:42:55 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\USBSTOR.SYS
[2008/01/20 22:23:03 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbuhci.sys
[2008/01/20 22:23:26 | 00,134,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbvideo.sys
[2008/01/20 22:24:50 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\vga.sys
[2008/01/20 22:23:02 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\vgapnp.sys
[2008/01/20 22:23:01 | 00,056,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\VIAAGP.SYS
[2008/01/20 22:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\viac7.sys
[2008/01/20 22:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys
[2008/01/20 22:23:42 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\videoprt.sys
[2008/01/20 22:23:01 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\volmgr.sys
[2009/04/11 02:33:03 | 00,292,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\volmgrx.sys
[2009/04/11 02:32:55 | 00,226,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\volsnap.sys
[2008/01/20 22:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys
[2006/11/02 04:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wacompen.sys
[2008/01/20 22:24:25 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wanarp.sys
[2009/04/11 00:22:46 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\watchdog.sys
[2008/01/20 22:23:24 | 00,022,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wd.sys
[2008/01/20 22:23:51 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Wdf01000.sys
[2008/01/20 22:23:51 | 00,035,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WdfLdr.sys
[2008/01/20 22:23:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wmiacpi.sys
[2008/01/20 22:23:42 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wmilib.sys
[2008/01/20 22:24:47 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ws2ifsl.sys
[2008/01/20 22:24:59 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WUDFPf.sys
[2008/01/20 22:24:59 | 00,083,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WUDFRd.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

========== Files - Unicode (All) ==========
[2009/10/21 00:25:02 | 00,000,036 | ---- | M] ()(C:\Windows\System32\?????????????????????????????????????????????????) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/10/21 00:25:02 | 00,000,036 | ---- | C] ()(C:\Windows\System32\?????????????????????????????????????????????????) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
< End of report >

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:20 AM

Posted 23 October 2009 - 07:49 AM

I'm not seeing anything malicious in that log. Let's take a look for anything that might be hiding better.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:20 AM

Posted 10 November 2009 - 06:23 PM

Unfortunately there has been no response. :(
This topic will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users