Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Tools Malware Problems


  • This topic is locked This topic is locked
24 replies to this topic

#1 JForester

JForester

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseville, CA
  • Local time:08:06 PM

Posted 21 October 2009 - 10:01 AM

This scan Security Tools Malware hit my PC while I was at work.
Wife told me about it. I just told her to shut the PC down.

I am running Windows XP Media Center Edition OS.
My firewall and virus program is Zonealarm Security Suite - latest updates, etc.

What I first noticed was:

Wallpaper screen was replaced with dark blue screen.
All of my program icons - missing.
Security Tools window keeps popping up and locks out just about everything else.
3 folders appear in Documents and Settings\All Users\Application Data
Randomly numbered folder names with the Security Tools icon inside.

I have been battling with information from the Zonealarm Forum site:

I boot up in Safe Mode with Networking and perform a Deep Scan
That seems to find lots of problems and I can then delete the quarantined files.
That seems to allow my PC to operate apparently virus or malware free for perhaps a day and then the randomly numbered files start to appear again. One folder on day one, the second folder on day two, and the 3rd folder on day three. The Security Tool window doesn't seem to appear until all three folders are generated. It seems like a new folder appears each time I turn off computer and restart??
I'm not sure about that though.

Anyway, the deep scanning in Safe Mode with Zonealarm seems to just get me by, but isn't a fix, so the Zonealarm Forum said to come here. It's interesting that the scanning with Zonealarm seems to temporarily disable and fix my PC, but then it comes back after a day or two. It's frustrating.

Last night I started going through the steps you outline. I got to Step 6 - Download and Run DDS.
When I select Download I get a similar File Download - Security Warning window, like you show, but mine is generated by Zonealarm. I save it. It gets scanned by Zonealarm along the way and saves to the desktop. When I double click on the icon, I do not get the small black window with readable information. I get a small white window with a whole lot of gibberish. Also, no scanning happens. Just the window with gibberish, nothing else. So I'm kind of stuck there.
Am I doing something wrong? Do I need to turn off Zonealarm?

I hope you can help so that I can proceed and hopefully restore my PC back to normal - virus free and malware free. I've never been hit with a virus before.

Thanks,
Jeff
-- Jeff Forester --

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:06 PM

Posted 21 October 2009 - 07:30 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

Let's try a couple programs here and see if you can get them to run. If you run into the same issues, try disabling ZA for a short time while you download and run the programs.



Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemdrive%\*.exe
    %systemroot%\system32\drivers\*.sys


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 JForester

JForester
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseville, CA
  • Local time:08:06 PM

Posted 21 October 2009 - 08:01 PM

Hi Sam,

Okay, I downloaded Mbam program with Zonealarm ON. Got a Zonealarm Download window, which I said go ahead and download to.
It seemed to download onto the desktop fine. At that point, I disabled Zonealarm to do the install. The install seemed to go fine as well.

I clicked "Finish" and then got the following message:

Unable to execute file:
c:\Program Files\Malwarebyte' Anti-Malware\mbam.exe
Create Process failed;code2
The System cannot find the file specified.

I never have been able to run the Malwarebyte program. I've tried all sorts of ways to do it.
Incidently, when I got home today, the computer was turned off because the Security Tools Malware was back firmly on the PC. In the past, I'd just boot up in Safe Mode with System Restore disabled and do a Deep Scan. The results of this have typically been between 7 and 12 assorted viruses which were put in quarantined. Today, when I did the same thing, it found only one virus, a different one that I've haven't seen yet. It had Krap.(something) at the end which I'd seen on this website as a trojan that Kapersky finds. From what I understand, Zonealarm uses Kapersky as their virus engine?
Anyway, I deleted the one found virus and then rebooted normally, and everything seems okay. I did get a few suspect alarms from Zonealarm telling me that keyloggers were trying to track my activity. The same programs I've been seeing only since this whole ordeal began. I also got a couple of annoying popups that easily shutdown - popups that I've only been experiencing since this ordeal began.

So, I cannot run the Malwarebytes program at this point. What next?

I hope I'm giving you the appropriate amount of information? Let me know if you need more, or if I need to clear up anything for you.

Thanks Sam!

Jeff
-- Jeff Forester --

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:06 PM

Posted 22 October 2009 - 07:21 AM

Ok. Did you try the other tool? OTL?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 JForester

JForester
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseville, CA
  • Local time:08:06 PM

Posted 22 October 2009 - 10:20 AM

No, I didn't try the other tool.
I didn't know if it would be a good idea to skip ahead in the process.
I'm at work now. When I get home this afternoon, I will try to run OTL.

Do you want to wait to give me further instructions until after that, or is there anything else I should do as well as the OTL?
-- Jeff Forester --

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:06 PM

Posted 22 October 2009 - 06:38 PM

I need to see the OTL log before determining our next steps.

Edited by Buckeye_Sam, 22 October 2009 - 06:38 PM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 JForester

JForester
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseville, CA
  • Local time:08:06 PM

Posted 22 October 2009 - 06:50 PM

Attached File  Extras.Txt   43.59KB   3 downloadsAttached File  OTL.Txt   177.27KB   3 downloads

Hi Sam,

Okay, OTL seemed to run, scan and create the two log files you requested. I'm including them as attachments.

:( I'm sure they'll mean something to you. It's all "Greek" to me.

I've attached them but notice that you wanted me to copy and paste here. I hope I'm doing this right? I see reference above to the attachments, but no actual text? Hmm

Jeff

OTL logfile created on: 10/22/2009 4:30:07 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Jeff Forester\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.65 Gb Available in Paging File | 91.22% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 60.28 Gb Free Space | 56.30% Space Free | Partition Type: NTFS
Drive D: | 37.13 Gb Total Space | 5.21 Gb Free Space | 14.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 430.27 Gb Free Space | 92.38% Space Free | Partition Type: NTFS

Computer Name: FORESTER
Current User Name: Jeff Forester
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/22 16:28:09 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff Forester\Desktop\OTL.exe
PRC - [2009/10/22 08:55:33 | 00,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Jeff Forester\Local Settings\Temp\clclean.0001
PRC - [2009/08/26 21:10:06 | 02,383,216 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2009/08/26 21:09:12 | 01,011,080 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/08/26 09:20:40 | 00,435,568 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2009/08/26 09:20:22 | 00,722,288 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/08/16 08:35:36 | 00,167,936 | ---- | M] () -- C:\Program Files\Upromise\UpromiseTray.exe
PRC - [2009/07/01 10:19:32 | 00,081,920 | ---- | M] (Compete Inc) -- C:\Program Files\Upromise\dca-ua.exe
PRC - [2009/06/25 10:48:46 | 00,871,696 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/01/25 12:44:36 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/11/22 11:49:08 | 00,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2007/11/06 11:08:10 | 00,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2007/10/09 16:21:06 | 00,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/07/17 11:03:38 | 00,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2006/08/14 01:07:00 | 00,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
PRC - [2006/07/31 09:00:00 | 01,116,920 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/02/22 13:56:06 | 02,240,512 | ---- | M] () -- C:\Program Files\Steganos Password Manager 2006\SPM2006.exe
PRC - [2006/02/17 07:45:23 | 00,554,496 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/02/17 07:45:23 | 00,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
PRC - [2006/02/17 07:45:23 | 00,169,472 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2006/02/17 07:36:12 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2006/02/17 07:28:56 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/02/09 15:34:54 | 00,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2005/09/29 13:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/09/19 06:42:06 | 01,159,168 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
PRC - [2005/09/15 08:47:22 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2005/08/05 12:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/08/04 03:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/06/17 06:56:14 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
PRC - [2005/06/17 06:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
PRC - [2005/06/10 09:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/03/22 23:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/02/23 15:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/12/02 17:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002/11/22 12:49:24 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
PRC - [2002/11/22 12:49:22 | 00,077,824 | ---- | M] (HP) -- C:\WINDOWS\System32\HPHipm11.exe
PRC - [2002/11/22 12:48:32 | 00,348,160 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\hphmon04.exe
PRC - [2002/04/17 10:49:16 | 00,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 10:42:56 | 00,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [1999/12/13 06:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/08/26 21:10:06 | 02,383,216 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2009/08/26 09:20:40 | 00,435,568 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc [Auto | Running])
SRV - [2009/08/07 12:43:04 | 00,045,816 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper [On_Demand | Stopped])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/04/01 19:58:20 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2009/02/26 19:33:55 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c99883d9271648 [Auto | Stopped])
SRV - [2009/01/02 17:10:34 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2006/08/10 12:04:22 | 00,303,104 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2006/08/10 12:02:44 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2006/08/10 11:59:26 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2006/08/10 04:11:14 | 00,057,344 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2006/08/10 04:10:50 | 00,294,912 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2006/07/20 19:25:04 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2006/02/17 07:28:56 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service [On_Demand | Running])
SRV - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2005/08/04 03:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2005/06/17 06:55:58 | 00,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2004/11/19 10:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/08/10 03:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2002/11/22 12:49:22 | 00,077,824 | ---- | M] (HP) -- C:\WINDOWS\System32\HPHipm11.exe -- (Pml Driver HPH11 [On_Demand | Running])
SRV - [1999/12/13 06:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell/en/side....amp;client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-399198172-3549769352-2811231043-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-21-399198172-3549769352-2811231043-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-399198172-3549769352-2811231043-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-399198172-3549769352-2811231043-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell/en/side....amp;client=dell
IE - HKU\S-1-5-21-399198172-3549769352-2811231043-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-399198172-3549769352-2811231043-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-399198172-3549769352-2811231043-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.surewest.net/
IE - HKU\S-1-5-21-399198172-3549769352-2811231043-1006\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL File not found
IE - HKU\S-1-5-21-399198172-3549769352-2811231043-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-399198172-3549769352-2811231043-1006\S-1-5-21-399198172-3549769352-2811231043-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-399198172-3549769352-2811231043-1006\S-1-5-21-399198172-3549769352-2811231043-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 21:31:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/13 11:15:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2009/09/03 18:38:27 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-399198172-3549769352-2811231043-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-399198172-3549769352-2811231043-1006\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [12756526] C:\DOCUME~1\ALLUSE~1\APPLIC~1\12756526\12756526.exe File not found
O4 - HKLM..\Run: [79251024] C:\Documents and Settings\All Users\Application Data\79251024\79251024.exe File not found
O4 - HKLM..\Run: [82951934] C:\Documents and Settings\All Users\Application Data\82951934\82951934.exe File not found
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [braviax] C:\WINDOWS\System32\braviax.exe File not found
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [jedanufas] C:\WINDOWS\System32\tipajile.DLL ()
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-399198172-3549769352-2811231043-1006..\Run: [braviax] C:\WINDOWS\System32\braviax.exe File not found
O4 - HKU\S-1-5-21-399198172-3549769352-2811231043-1006..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-399198172-3549769352-2811231043-1006..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-399198172-3549769352-2811231043-1006..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKU\S-1-5-21-399198172-3549769352-2811231043-1006..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDef.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-399198172-3549769352-2811231043-1006..\Run: [SPM2006] C:\Program Files\Steganos Password Manager 2006\SPM2006.exe ()
O4 - HKU\S-1-5-21-399198172-3549769352-2811231043-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-399198172-3549769352-2811231043-1006..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
O4 - HKU\S-1-5-21-399198172-3549769352-2811231043-1006..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe ()
O4 - HKU\S-1-5-21-399198172-3549769352-2811231043-1006..\Run: [Upromise Update] C:\Program Files\Upromise\dca-ua.exe (Compete Inc)
O4 - HKU\.DEFAULT..\RunOnce: [SPM2006] C:\Program Files\Steganos Password Manager 2006\SPM2006.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [SPM2006] C:\Program Files\Steganos Password Manager 2006\SPM2006.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [SPM2006] C:\Program Files\Steganos Password Manager 2006\SPM2006.exe ()
O4 - HKU\S-1-5-20..\RunOnce: [SPM2006] C:\Program Files\Steganos Password Manager 2006\SPM2006.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\Jeff Forester\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-399198172-3549769352-2811231043-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jeff Forester\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1220933954273 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\tidadegi.dll) - C:\WINDOWS\System32\tidadegi.dll File not found
O20 - AppInit_DLLs: (fodulivu.dll) - C:\WINDOWS\System32\fodulivu.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\tipajile.dll) - C:\WINDOWS\System32\tipajile.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O21 - SSODL: boledejot - {6c0126c8-2868-4b44-af73-81cd8131375d} - C:\WINDOWS\System32\dikasiwa.dll File not found
O21 - SSODL: busafojif - {c4e10f79-4153-4553-9b6f-ce4280a9c7c4} - C:\WINDOWS\System32\dikasiwa.dll File not found
O21 - SSODL: gotikorim - {4feac7ac-d180-4ae3-9d51-1c02ffe39ade} - C:\WINDOWS\System32\dikasiwa.dll File not found
O21 - SSODL: laveriroj - {8fe63a4e-4581-427d-8fb4-798a0ffa1644} - C:\WINDOWS\System32\tipajile.dll ()
O22 - SharedTaskScheduler: {4feac7ac-d180-4ae3-9d51-1c02ffe39ade} - jugezatag - C:\WINDOWS\System32\dikasiwa.dll File not found
O22 - SharedTaskScheduler: {6c0126c8-2868-4b44-af73-81cd8131375d} - jugezatag - C:\WINDOWS\System32\dikasiwa.dll File not found
O22 - SharedTaskScheduler: {8fe63a4e-4581-427d-8fb4-798a0ffa1644} - tokatiluy - C:\WINDOWS\System32\tipajile.dll ()
O22 - SharedTaskScheduler: {c4e10f79-4153-4553-9b6f-ce4280a9c7c4} - kupuhivus - C:\WINDOWS\System32\dikasiwa.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - File not found - -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 13:48:16 | 00,000,040 | ---- | M] () - K:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2438c497-31ea-11de-83d3-00123fc44fa5}\Shell - "" = AutoRun
O33 - MountPoints2\{2438c497-31ea-11de-83d3-00123fc44fa5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2438c497-31ea-11de-83d3-00123fc44fa5}\Shell\AutoRun\command - "" = N:\USBAutoRun.exe -- File not found
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/18 11:48:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/20 18:12:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Forester\Application Data\#ISW.FS#
[2009/10/21 17:38:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeff Forester\Application Data\Malwarebytes
[2009/10/17 08:36:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/19 10:03:58 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Police Pro
[2009/10/22 16:28:06 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff Forester\Desktop\OTL.exe
[2009/10/14 16:45:19 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2006/07/11 14:29:00 | 00,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 14 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Jeff Forester\My Documents\*.tmp files]
[2009/10/22 16:30:46 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\pazesaho
[2009/10/22 16:29:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/22 16:28:09 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff Forester\Desktop\OTL.exe
[2009/10/22 16:22:23 | 00,000,286 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Login.job
[2009/10/22 16:22:23 | 00,000,286 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2009/10/22 16:07:19 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/22 09:42:39 | 00,000,563 | ---- | M] () -- C:\hpfr5550.xml
[2009/10/22 09:13:01 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/10/22 08:54:38 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/22 08:54:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/22 08:53:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/22 08:53:41 | 32,192,71680 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/19 17:02:41 | 00,003,262 | ---- | M] () -- C:\Documents and Settings\Jeff Forester\My Documents\Steganos Passwords.sef
[2009/10/18 14:16:31 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/14 16:39:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/08 23:49:23 | 01,045,778 | -H-- | M] () -- C:\Documents and Settings\Jeff Forester\Local Settings\Application Data\IconCache.db

========== Files - No Company Name ==========
[2009/10/22 08:54:52 | 00,000,286 | ---- | C] () -- C:\WINDOWS\tasks\HP Usg Login.job
[2009/10/22 08:54:52 | 00,000,286 | ---- | C] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2009/10/21 17:23:27 | 32,192,71680 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/19 17:02:41 | 00,003,262 | ---- | C] () -- C:\Documents and Settings\Jeff Forester\My Documents\Steganos Passwords.sef
[2009/07/22 08:54:54 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\tipajile.dll
[2009/07/22 08:54:54 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\golorojo.dll
[2009/07/21 16:18:13 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\pamuyomi.dll
[2009/07/21 16:18:13 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\mofawulo.dll
[2009/07/21 16:18:13 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\fodulivu.dll
[2009/07/21 16:17:42 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\sipayado.dll
[2009/07/21 16:17:41 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\besenije.dll
[2009/07/21 16:17:41 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\jovijora.dll
[2009/07/20 20:18:07 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\natuvive.dll
[2009/07/20 20:18:07 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\biheseya.dll
[2009/07/20 08:18:47 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\hamohive.dll
[2009/07/19 10:03:56 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\lomuduje.dll
[2009/07/18 22:03:28 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\lewabenu.dll
[2009/07/18 10:04:08 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\kivihude.dll
[2009/07/17 19:42:07 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\berijaso.dll
[2009/07/17 07:41:48 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\ligijofe.dll
[2009/07/16 19:41:39 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\yuvamati.dll
[2009/07/16 07:42:15 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\lulakodu.dll
[2009/07/15 16:40:56 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\juzuyuva.dll
[2009/07/15 04:40:37 | 00,088,576 | -HS- | C] () -- C:\WINDOWS\System32\perapola.dll
[2009/07/15 04:40:37 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\neletoki.dll
[2009/07/14 16:40:48 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\rawijeku.dll
[2009/07/14 16:40:47 | 00,089,088 | -HS- | C] () -- C:\WINDOWS\System32\topupabe.dll
[2009/07/14 16:40:47 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\dowurumi.dll
[2009/07/08 21:25:54 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\fohiyute.dll
[2009/07/08 21:25:52 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\yudajusu.dll
[2009/05/01 20:14:24 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Jeff Forester\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2009/05/01 17:27:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhantomofVenice.INI
[2009/04/25 19:03:19 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Jeff Forester\Application Data\F5DB3B
[2009/04/25 19:03:18 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\Jeff Forester\Application Data\mcs.rma
[2009/01/10 21:47:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/09/26 17:28:03 | 00,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2008/09/26 12:12:16 | 00,004,216 | ---- | C] () -- C:\Documents and Settings\Jeff Forester\Local Settings\Application Data\rx_audio.Cache
[2008/08/17 15:12:23 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/08/10 18:18:35 | 16,370,864 | ---- | C] () -- C:\Documents and Settings\Jeff Forester\Local Settings\Application Data\rx_image.Cache
[2008/08/10 10:32:20 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/08/10 09:46:10 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/08/10 09:43:29 | 00,001,508 | ---- | C] () -- C:\Documents and Settings\Jeff Forester\Application Data\HPCOM_48BitScanUpdate.log
[2008/08/10 09:43:29 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/08/10 09:27:47 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2008/08/10 09:18:25 | 00,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2008/08/02 21:31:19 | 00,097,992 | ---- | C] () -- C:\Documents and Settings\Jeff Forester\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/08/02 19:04:32 | 00,050,688 | ---- | C] () -- C:\Documents and Settings\Jeff Forester\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/02 12:21:28 | 01,045,778 | -H-- | C] () -- C:\Documents and Settings\Jeff Forester\Local Settings\Application Data\IconCache.db
[2008/08/02 12:21:28 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Jeff Forester\Local Settings\Application Data\fusioncache.dat
[2008/08/02 12:21:28 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Jeff Forester\Application Data\desktop.ini
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/08/15 12:54:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/08/09 04:19:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/08/09 04:19:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/09 01:00:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2006/02/17 07:49:01 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/17 07:40:29 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/02/17 07:37:48 | 00,000,344 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/17 07:34:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/17 07:29:30 | 00,005,811 | R--- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/02/17 07:02:02 | 00,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
[2006/02/17 07:02:02 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/02/17 07:01:46 | 01,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/02/17 07:00:56 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 03:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/16 03:18:43 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 03:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 13:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/15 11:35:56 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 11:35:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 11:35:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2003/10/02 01:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 12:50:06 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll

========== LOP Check ==========

[2009/10/17 08:34:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2006/02/17 07:43:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Corel
[2009/10/14 16:48:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MailFrontier
[2009/10/21 17:42:48 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/28 23:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/01/02 16:29:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/09/26 09:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2005/08/16 19:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/08/10 09:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/09/03 19:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2008/08/02 12:58:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/08/10 10:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2008/08/10 09:09:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/09/26 09:14:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/10/18 12:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/08 12:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/08/09 15:19:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/05/27 16:51:00 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2006/02/17 07:43:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Corel
[2009/10/21 17:38:00 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Jeff Forester\Application Data
[2009/10/20 18:12:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\#ISW.FS#
[2008/09/11 19:52:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\Amazon
[2009/01/02 16:45:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\Autodesk
[2009/09/05 08:19:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\CheckPoint
[2008/08/09 17:18:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\Corel Photo Album
[2008/08/10 09:18:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\Intuit
[2009/01/20 08:46:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\Leadertech
[2009/07/02 17:01:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\MailFrontier
[2008/09/06 20:46:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\OfficeUpdate12
[2008/09/26 18:15:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\Roxio
[2008/08/10 09:29:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\Share-to-Web Upload Folder
[2009/10/18 14:29:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\Steganos
[2009/06/07 09:58:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\Uniblue
[2009/09/05 08:19:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\upromise
[2009/09/02 18:49:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Forester\Application Data\W Photo Studio Viewer
[2008/08/10 10:46:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2008/08/10 10:46:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2005/08/16 03:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2004/08/10 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/22 16:07:19 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/22 08:54:38 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/22 16:29:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/22 16:22:23 | 00,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\HP Usg Daily.job
[2009/10/22 16:22:23 | 00,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\HP Usg Login.job
[2009/10/22 08:54:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >

< %systemroot%\system32\drivers\*.sys >
[2001/08/17 12:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS
[2008/04/13 11:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys
[2004/08/10 04:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpiec.sys
[2001/08/17 13:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\adpu160m.sys
[2008/04/13 09:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2008/08/14 03:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2004/10/07 18:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 11:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2001/08/17 12:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aha154x.sys
[2001/08/17 13:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78u2.sys
[2001/08/17 13:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78xx.sys
[2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys
[2008/04/13 11:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008/04/13 11:31:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008/04/13 11:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys
[2001/08/17 12:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amsint.sys
[2008/04/13 11:51:25 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arp1394.sys
[2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys
[2001/08/17 12:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asc3350p.sys
[2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys
[2006/02/17 07:36:15 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys
[2008/04/13 11:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:29:30 | 00,056,623 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/03 22:29:30 | 00,011,615 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/03 22:29:30 | 00,012,047 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/03 22:29:32 | 00,030,671 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/03 22:29:32 | 00,063,663 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/03 22:29:32 | 00,026,367 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/03 22:29:32 | 00,021,343 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/03 22:29:32 | 00,036,463 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/03 22:29:32 | 00,029,455 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/03 22:29:32 | 00,034,735 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2004/08/03 22:29:28 | 00,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2005/08/04 03:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2005/03/04 23:06:50 | 00,135,296 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinavxx.sys
[2004/08/03 22:29:28 | 00,057,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/03 22:29:30 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/03 22:29:30 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/03 22:29:30 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/03 22:29:32 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/03 22:29:32 | 00,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/03 22:29:32 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/03 22:29:32 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/03 22:29:32 | 00,031,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/03 22:29:32 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008/04/13 11:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2004/08/10 04:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008/04/13 11:51:30 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmlane.sys
[2004/08/10 04:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmuni.sys
[2001/08/17 12:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys
[2008/04/13 11:46:21 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bdasup.sys
[2004/08/10 04:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys
[2008/04/13 11:53:23 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bridge.sys
[2008/04/13 11:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008/04/13 11:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008/04/13 11:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008/06/13 04:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys
[2008/04/13 11:46:31 | 00,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008/04/13 11:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys
[2001/08/17 12:52:08 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2008/04/13 11:46:23 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys
[2001/08/17 12:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cd20xrnt.sys
[2004/08/10 04:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008/04/13 12:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdfs.sys
[2006/08/28 21:48:26 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys
[2006/08/28 21:48:26 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys
[2008/04/13 11:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/10 04:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008/04/13 12:16:22 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\classpnp.sys
[2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys
[2001/08/17 12:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cpqarray.sys
[2004/08/10 04:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008/04/13 11:31:32 | 00,036,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crusoe.sys
[2005/01/10 23:15:00 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS
[2005/01/10 23:15:00 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS
[2005/05/25 21:34:00 | 00,158,464 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS
[2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys
[2001/08/17 12:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dac960nt.sys
[2008/04/13 11:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 11:40:44 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\diskdump.sys
[2006/08/01 20:06:20 | 00,012,952 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS
[2006/08/01 20:06:18 | 00,028,216 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS
[2008/04/13 11:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008/04/13 11:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys
[2004/08/10 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys
[2008/04/13 11:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dmusic.sys
[2001/08/17 13:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dpti2o.sys
[2008/04/13 11:45:14 | 00,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2008/04/13 11:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2006/08/04 08:37:28 | 00,099,208 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys
[2006/08/01 19:46:34 | 00,051,800 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS
[2004/08/10 04:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008/04/13 11:38:29 | 00,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxg.sys
[2004/08/10 04:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2004/10/14 20:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys
[2008/04/13 12:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fastfat.sys
[2008/04/13 11:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys
[2008/04/13 11:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fips.sys
[2008/04/13 11:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008/04/13 11:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2004/08/10 04:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys
[2004/08/10 04:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2001/08/17 12:52:50 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008/04/13 11:36:40 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2004/08/12 16:45:52 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys
[2008/04/13 11:46:30 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008/04/13 11:45:26 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008/04/13 11:45:26 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys
[2008/04/13 11:45:22 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidparse.sys
[2008/04/13 11:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys
[2002/11/22 12:49:22 | 00,050,896 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hphid411.sys
[2002/11/22 12:49:22 | 00,016,112 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hphipr11.sys
[2002/11/22 12:49:22 | 00,018,928 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hphius11.sys
[2002/11/22 12:49:22 | 00,050,276 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\drivers\hphs2k11.sys
[2001/08/17 13:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hpn.sys
[2004/08/03 22:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/03 22:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/03 22:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2008/04/13 11:53:53 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2008/04/13 11:41:22 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i2omgmt.sys
[2008/04/13 11:41:22 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i2omp.sys
[2008/04/13 12:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2005/06/17 11:33:40 | 00,872,064 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008/04/13 11:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys
[2001/08/17 12:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ini910u.sys
[2008/04/13 11:40:29 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelide.sys
[2008/04/13 11:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008/04/13 11:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2004/08/10 04:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008/04/13 11:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008/04/13 11:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008/04/13 12:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004/11/02 14:12:14 | 00,019,456 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys
[2008/04/13 11:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys
[2008/04/13 11:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys
[2008/04/13 11:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/13 11:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008/04/13 11:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys
[2009/07/21 17:20:38 | 00,303,248 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys
[2008/04/13 11:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008/04/13 12:16:36 | 00,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/24 04:18:41 | 00,092,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2007/07/23 09:23:44 | 00,012,416 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbbus.sys
[2007/07/23 09:23:46 | 00,019,840 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys
[2007/07/23 09:23:46 | 00,021,632 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys
[2004/08/10 04:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mcd.sys
[2004/08/03 22:41:56 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008/04/13 11:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys
[2004/08/10 02:45:04 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mhndrv.sys
[2004/08/10 04:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008/04/13 12:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\modem.sys
[2008/04/13 11:39:47 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys
[2001/08/17 11:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008/04/13 11:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008/04/13 11:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys
[2008/04/13 11:39:44 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys
[2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys
[2008/04/13 11:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2008/10/24 04:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2004/07/09 04:26:38 | 00,052,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys
[2008/04/13 11:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfs.sys
[2008/04/13 11:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008/04/13 11:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2008/04/13 11:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008/04/13 11:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008/04/13 11:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2008/04/13 11:39:50 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys
[2004/08/03 22:41:40 | 00,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/03 22:41:38 | 01,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/03 22:29:38 | 00,452,736 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2008/04/13 12:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys
[2008/04/13 11:43:55 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2008/04/13 11:46:25 | 00,085,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys
[2008/04/13 12:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys
[2008/04/13 11:46:22 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys
[2008/04/13 11:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008/04/13 11:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008/04/13 12:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2008/04/13 11:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008/04/13 11:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys
[2008/04/13 12:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 11:51:25 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nic1394.sys
[2004/08/10 04:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008/04/13 11:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008/04/13 11:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\npfs.sys
[2008/04/13 12:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 22:41:40 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2004/08/10 04:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\null.sys
[2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2004/08/10 04:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2004/08/10 04:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008/04/13 11:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2004/08/10 04:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2004/08/10 04:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008/04/13 11:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwrdr.sys
[2004/08/10 04:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008/04/13 11:31:31 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys
[2008/04/13 11:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys
[2008/04/13 11:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\partmgr.sys
[2004/08/10 04:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008/04/13 11:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys
[2001/08/17 12:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys
[2008/04/13 11:40:29 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008/04/13 11:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2001/08/17 13:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\perc2.sys
[2001/08/17 13:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\perc2hib.sys
[2004/12/23 00:58:00 | 00,008,704 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS
[2008/04/13 12:19:41 | 00,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2008/04/13 11:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys
[2008/04/13 11:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys
[2004/08/10 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
[2006/11/02 16:57:04 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys
[2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys
[2001/08/17 12:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ql10wnt.sys
[2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys
[2001/08/17 12:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ql1240.sys
[2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys
[2004/08/10 04:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008/04/13 12:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008/04/13 11:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008/04/13 12:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys
[2004/08/10 04:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys
[2004/08/10 04:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008/04/13 12:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2004/08/10 04:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008/04/13 11:32:51 | 00,196,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2008/04/13 17:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 22:41:40 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys
[2008/04/13 11:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 11:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2004/08/10 04:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2004/08/10 04:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008/05/08 07:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008/04/13 11:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008/04/13 11:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2004/08/10 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2006/08/09 04:30:42 | 00,050,688 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\RxFilter.sys
[2004/08/03 22:29:52 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2008/04/13 11:40:30 | 00,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008/04/13 11:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys
[2008/04/13 09:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2008/04/13 11:40:12 | 00,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys
[2008/04/13 12:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/13 11:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008/04/13 11:40:48 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008/04/13 11:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008/04/13 11:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2005/03/25 15:11:00 | 01,350,272 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sigfilt.sys
[2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys
[2008/04/13 11:46:23 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys
[2004/08/03 22:41:42 | 00,129,535 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/03 22:41:44 | 00,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/03 22:41:46 | 00,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/03 22:41:46 | 00,013,240 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008/04/13 11:36:34 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smbali.sys
[2004/08/10 04:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smclib.sys
[2008/04/13 11:46:07 | 00,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys
[2008/04/13 11:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2008/04/13 11:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys
[2008/12/11 03:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2005/06/06 20:40:48 | 00,180,736 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys
[2008/04/13 11:45:15 | 00,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\stream.sys
[2008/04/13 11:46:21 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys
[2008/04/13 11:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys
[2008/04/13 11:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys
[2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys
[2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys
[2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys
[2008/04/13 12:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008/04/13 11:40:50 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tape.sys
[2008/06/20 04:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 04:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008/04/13 12:00:05 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdi.sys
[2008/04/13 17:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008/04/13 17:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008/04/13 17:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys
[2004/08/10 04:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2001/08/17 12:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\toside.sys
[2004/08/10 04:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008/04/13 11:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008/04/13 11:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008/04/13 11:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\udfs.sys
[2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys
[2008/04/13 11:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2008/04/13 11:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008/04/13 11:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2008/04/13 11:45:40 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008/04/13 11:45:41 | 00,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008/04/13 11:45:39 | 00,032,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2004/08/10 04:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbd.sys
[2008/04/13 11:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008/04/13 11:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008/04/13 11:45:43 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008/04/13 11:45:36 | 00,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2008/04/13 12:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008/04/13 11:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 11:45:35 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2008/04/13 11:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2004/08/10 04:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008/04/13 11:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys
[2008/04/13 11:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008/04/13 11:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys
[2008/04/13 11:44:40 | 00,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008/04/13 11:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008/04/13 11:43:55 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wacompen.sys
[2004/08/03 22:29:40 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/03 22:29:40 | 00,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/03 22:29:42 | 00,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/03 22:29:42 | 00,011,935 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008/04/13 11:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys
[2004/08/03 22:29:46 | 00,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/03 22:29:46 | 00,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2008/04/13 12:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2004/08/10 04:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmilib.sys
[2006/10/18 20:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2004/08/10 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2008/04/13 11:46:24 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wpgldfsh.scr:SummaryInformation
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

Edited by Buckeye_Sam, 22 October 2009 - 07:03 PM.

-- Jeff Forester --

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:06 PM

Posted 22 October 2009 - 07:08 PM

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 JForester

JForester
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseville, CA
  • Local time:08:06 PM

Posted 22 October 2009 - 08:38 PM

When I try to run Combo-Fix I get multiple windows stating:

"Windows cannot open this file:
File: nircmd.cfxxe"

and then a choice of what to do:

"Use the web service to find the appropriate program?" or
"Select the program from a list?"

I'm also getting lots of warning from Zonealarm the PEV.CFXXe is trying to communicate with
\SystemRoot\System32\smss.exe

and several others regarding altering of .exe files and logging keystrokes, etc.

So I don't know how to get windows to open the file, and I don't know which warning from Zonealarm are because of Combo-fix and which one's may be a legitimate attack?

Please advise...

Jeff
-- Jeff Forester --

#10 JForester

JForester
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseville, CA
  • Local time:08:06 PM

Posted 22 October 2009 - 08:43 PM

Sam,

I also have a lot of new process that are running in Task Manager. Some of those I allowed when I started Combo-Fix because they directly mentioned Combo-Fix and so knew they were okay. That's when I started getting alert after alert and they started looking unknown and I then began denying.
-- Jeff Forester --

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:06 PM

Posted 23 October 2009 - 07:42 AM

What you need to do is disable Zone Alarm while Combofix is running. Otherwise it will interfere with Combofix and create these problems. Once Combofix runs and you have the log to post back here, re-enable Zone Alarm.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 JForester

JForester
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseville, CA
  • Local time:08:06 PM

Posted 23 October 2009 - 06:54 PM

Attached File  Combofix_Log.txt   18.06KB   1 downloads

Hurray! The Combo-Fix program ran. Only one small hitch and maybe it didn't do anything harmful...After the scanning and the reboot, while the error log was being prepared, Zonealarm started back up and before I could get it shut down, I got an alert which I ignored and then a window that stated that Rundll could not be found, or something like that? So, I got Zonealarm shutdown and after that the log file did generate.

Seemed liked lots of stuff on the PC got deleted too...that was exciting.

Anyway, here is the log file.

ComboFix 09-10-22.01 - Jeff Forester 10/23/2009 16:18.1.2 - NTFSx86
Running from: c:\documents and settings\Jeff Forester\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\JEFFFO~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\All Users\Application Data\99118331
c:\documents and settings\All Users\Application Data\99118331\99118331.bat
c:\documents and settings\All Users\Application Data\99118331\99118331.exe
c:\documents and settings\Jeff Forester\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\program files\MyWebSearch
c:\program files\Windows Police Pro
c:\windows\system32\berijaso.dll
c:\windows\system32\biheseya.dll
c:\windows\system32\dagamami.dll.tmp
c:\windows\system32\Data
c:\windows\system32\dowurumi.dll
c:\windows\system32\duyojaye.exe
c:\windows\system32\fajekego.dll.tmp
c:\windows\system32\farewoka.exe
c:\windows\system32\fodulivu.dll
c:\windows\system32\fohiyute.dll
c:\windows\system32\funokafe.dll
c:\windows\system32\golorojo.dll
c:\windows\system32\hamohive.dll
c:\windows\system32\heyivuja.dll
c:\windows\system32\jovijora.dll
c:\windows\system32\juzuyuva.dll
c:\windows\system32\ketosegi.dll
c:\windows\system32\kivihude.dll
c:\windows\system32\lewabenu.dll
c:\windows\system32\ligijofe.dll
c:\windows\system32\lomuduje.dll
c:\windows\system32\losesafa.dll.tmp
c:\windows\system32\lukuduni.dll.tmp
c:\windows\system32\lulakodu.dll
c:\windows\system32\mofawulo.dll
c:\windows\system32\munuropi.dll.tmp
c:\windows\system32\natuvive.dll
c:\windows\system32\neletoki.dll
c:\windows\system32\nokemafu.dll
c:\windows\system32\pamuyomi.dll
c:\windows\system32\perapola.dll
c:\windows\system32\pibujudo.exe
c:\windows\system32\rawijeku.dll
c:\windows\system32\sipayado.dll
c:\windows\system32\topupabe.dll
c:\windows\system32\wakosoli.dll.tmp
c:\windows\system32\weziroze.exe
c:\windows\system32\yudajusu.dll
c:\windows\system32\yuvamati.dll
c:\windows\system32\zofitemi.dll
c:\windows\system32\zowolage.dll
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.

2009-10-23 23:28 . 2009-10-23 23:28 -------- d-----w- c:\windows\LastGood
2009-10-23 05:20 . 2009-10-23 05:20 5892 --sh--w- c:\windows\system32\yohuhuvi.exe
2009-10-23 04:14 . 2009-10-23 04:14 5892 --sh--w- c:\windows\system32\gewugimo.exe
2009-10-22 00:38 . 2009-10-22 00:38 -------- d-----w- c:\documents and settings\Jeff Forester\Application Data\Malwarebytes
2009-10-21 01:12 . 2009-10-21 01:12 -------- d-----w- c:\documents and settings\Jeff Forester\Application Data\#ISW.FS#
2009-10-21 00:59 . 2009-10-21 00:59 -------- d-----w- c:\documents and settings\Jeff Forester\Downloads
2009-10-18 18:48 . 2009-10-18 19:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-17 15:36 . 2009-10-17 15:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-17 15:34 . 2009-10-17 15:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-16 01:11 . 2008-04-14 00:12 214528 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-10-16 01:11 . 2008-04-14 00:12 214528 ----a-w- c:\windows\system32\dllcache\wbemcomn.dll
2009-10-16 01:02 . 2008-04-14 00:11 185344 ----a-w- c:\windows\system32\wbem\framedyn.dll
2009-10-16 01:02 . 2008-04-14 00:11 185344 ----a-w- c:\windows\system32\dllcache\framedyn.dll
2009-10-14 23:48 . 2009-10-14 23:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\MailFrontier
2009-10-14 23:46 . 2009-10-14 23:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 13:55 . 2008-08-02 19:40 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-23 01:25 . 2009-02-27 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-20 02:04 . 2009-01-11 02:43 -------- d-----w- c:\program files\Nancy Drew
2009-10-18 21:29 . 2008-08-15 06:45 -------- d-----w- c:\documents and settings\Jeff Forester\Application Data\Steganos
2009-10-08 05:26 . 2008-08-05 19:36 -------- d-----w- c:\documents and settings\Jeff Forester\Application Data\AdobeUM
2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:01 . 2008-08-12 01:45 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-05 15:19 . 2009-09-05 15:19 -------- d-----w- c:\documents and settings\Jeff Forester\Application Data\upromise
2009-09-05 15:19 . 2009-09-05 15:19 -------- d-----w- c:\program files\Upromise
2009-09-05 15:19 . 2009-09-04 01:38 -------- d-----w- c:\documents and settings\Jeff Forester\Application Data\CheckPoint
2009-09-04 02:07 . 2009-09-04 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2009-09-04 01:38 . 2009-09-04 01:38 -------- d-----w- c:\program files\CheckPoint
2009-09-03 01:49 . 2009-09-03 01:44 -------- d-----w- c:\documents and settings\Jeff Forester\Application Data\W Photo Studio Viewer
2009-08-29 16:31 . 2009-08-29 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-29 16:31 . 2009-08-29 16:31 -------- d-----w- c:\program files\NOS
2009-08-27 04:09 . 2009-07-02 23:21 72584 ----a-w- c:\windows\zllsputility.exe
2009-08-27 04:08 . 2009-07-02 23:21 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-27 04:08 . 2009-07-02 23:21 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-27 04:08 . 2009-07-02 23:21 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-07 02:24 . 2005-08-16 10:40 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2005-08-16 10:40 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2007-07-31 00:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2005-08-16 10:40 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2005-08-16 10:40 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2005-08-16 10:18 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2005-08-16 10:40 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2008-09-09 20:04 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2008-07-19 05:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 02:23 . 2005-08-16 10:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 16:43 . 2005-08-16 10:37 4396544 ----a-w- c:\windows\system32\wpgldfsh.scr
2008-08-26 01:31 . 2008-08-17 22:12 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-22 15:54 . 2009-07-22 15:54 90112 --sha-w- c:\windows\system32\tipajile.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"SPM2006"="c:\program files\Steganos Password Manager 2006\SPM2006.exe" [2006-02-22 2240512]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 39408]
"Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2009-07-01 81920]
"Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2009-08-16 167936]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-02-17 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-17 169472]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 221184]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 1116920]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-08-27 1011080]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-08-26 722288]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2005-05-19 1345520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPM2006"="c:\program files\Steganos Password Manager 2006\SPM2006.exe" [2006-02-22 2240512]

c:\documents and settings\Jeff Forester\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-4-3 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD LT Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Sonic Shared\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Roxio\\Creator Classic 9\\Creator9.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktopDisplay.exe"=
"c:\\Program Files\\Roxio\\Media Experience\\DMXLauncher.exe"=
"c:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe"=
"c:\\WINDOWS\\system32\\hphipm11.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R2 gupdate1c99883d9271648;Google Update Service (gupdate1c99883d9271648);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 133104]
R3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-08-26 25208]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2009-08-26 435568]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-10-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-02 02:58]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 02:33]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 02:33]

2009-10-23 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 19:50]

2009-10-23 c:\windows\Tasks\HP Usg Login.job
- c:\program files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 19:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.surewest.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jeff Forester\Start Menu\Programs\IMVU\Run IMVU.lnk
.
- - - - ORPHANS REMOVED - - - -

BHO-{ac5940f8-6640-42c1-8c45-60c281283e5d} - mofawulo.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-12756526 - c:\docume~1\ALLUSE~1\APPLIC~1\12756526\12756526.exe
HKLM-Run-82951934 - c:\documents and settings\All Users\Application Data\82951934\82951934.exe
HKLM-Run-79251024 - c:\documents and settings\All Users\Application Data\79251024\79251024.exe
HKLM-Run-jedanufas - c:\windows\system32\zowolage.dll
HKLM-Run-pofirogiru - pamuyomi.dll
SharedTaskScheduler-{4feac7ac-d180-4ae3-9d51-1c02ffe39ade} - c:\windows\system32\dikasiwa.dll
SharedTaskScheduler-{c4e10f79-4153-4553-9b6f-ce4280a9c7c4} - c:\windows\system32\dikasiwa.dll
SharedTaskScheduler-{6c0126c8-2868-4b44-af73-81cd8131375d} - c:\windows\system32\dikasiwa.dll
SharedTaskScheduler-{addf836a-7b84-45cb-8adc-2969a7b4f30b} - c:\windows\system32\zowolage.dll
SSODL-gotikorim-{4feac7ac-d180-4ae3-9d51-1c02ffe39ade} - c:\windows\system32\dikasiwa.dll
SSODL-busafojif-{c4e10f79-4153-4553-9b6f-ce4280a9c7c4} - c:\windows\system32\dikasiwa.dll
SSODL-boledejot-{6c0126c8-2868-4b44-af73-81cd8131375d} - c:\windows\system32\dikasiwa.dll
SSODL-fejirekad-{addf836a-7b84-45cb-8adc-2969a7b4f30b} - c:\windows\system32\zowolage.dll



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(768)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(3188)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\combo-fix\CF3857.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\Rundll32.exe
c:\docume~1\JEFFFO~1\LOCALS~1\Temp\clclean.0001
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\iPod\bin\iPodService.exe
c:\combo-fix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 16:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 23:34

Pre-Run: 64,639,070,208 bytes free
Post-Run: 64,658,178,048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 3AB6DDE98DE50FCF7F79AEF63FB82095

Edited by Buckeye_Sam, 24 October 2009 - 10:25 AM.

-- Jeff Forester --

#13 JForester

JForester
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseville, CA
  • Local time:08:06 PM

Posted 23 October 2009 - 09:16 PM

Attached File  mbam_log_2009_10_23__17_45_10_.txt   894bytes   7 downloads
Attached File  mbam_log_2009_10_23__18_12_46_.txt   835bytes   3 downloads
Attached File  mbam_log_2009_10_23__18_56_38_.txt   1.69KB   3 downloads
Attached File  mbam_log_2009_10_23__18_57_12_.txt   1.86KB   3 downloads

I was also, now able to download, install, and run the Malwarebyte program, after having run the ComboFix.

I did a quickscan, and it found 1 additional infection, which I deleted.
I did another quickscan and it came back clean.
I then did a full scan because I remember finding a virus earlier on my K:\ drive (external backup HDD). The full scan found 8 additional problems, all on C:\ drive incidently. Perhaps just from a full scan.

I'll attach the log files for you to look at.

What next, how do we verify that I'm really clean with no "sleepers"?
-- Jeff Forester --

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:06 PM

Posted 24 October 2009 - 10:30 AM

We're not quite done yet, but Combofix did remove the main infection for us.
The Malwarebytes scans are showing quarantined files and system restore files, nothing active.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
c:\windows\system32\yohuhuvi.exe
c:\windows\system32\gewugimo.exe
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


========================


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 JForester

JForester
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseville, CA
  • Local time:08:06 PM

Posted 24 October 2009 - 10:48 AM

I'm doing the above now.
As soon as Combofix started it says there is a newer version available. Should I update or will that mess up the script that I dragged into the version I'm running now? Should I just say "No"?
-- Jeff Forester --




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users