Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • Please log in to reply
7 replies to this topic

#1 rcapper

rcapper

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Grove City, PA
  • Local time:06:26 PM

Posted 03 November 2009 - 01:34 PM

Okay, a little history on my problem. My Dad got the Windows security pro on his computer and rather than calling me to see if it was legit (there's a first for everything) he went ahead and paid for the program and ran with it for 30 days. when it asked him for another $50 to continue for another 90 days he finally called me. I got malware bytes on here and removed (I think) the security pro crap. I also replaced the host file with on that just has the 127.0.0.1 hoat line in it (the old one was really mucked up). Then when I was trying to get anti-virus installed it keeps failing on me. It's saying that the user doesn't have permission to install system services. I've tried to run a couple of utilities to restore permissions but I'm still having the same problem.
So here I am with a HJT log in tow. Thank you in advance for any help you can give because I'm stumped at this point.

Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:13 PM, on 11/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos1.walmart.com/WalmartActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://wpn.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - http://www2.verizon.net/micro/vol_toolbar/vzbb.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://web01.farvv.com/sn/ImageUploader4.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://wpn.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://wpn.mlxchange.com/3.0.09.83/Control/IRCSharc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - http://download.verizon.net/sfp/Cabs/max_u...pdate_1-0-0.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax2822.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1ca30b5d285767a) (gupdate1ca30b5d285767a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O24 - Desktop Component 0: (no name) - http://k2.secure-banking.com/1456a_files/images/topbar.gif

--
End of file - 8227 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:26 PM

Posted 04 November 2009 - 08:13 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemdrive%\*.exe
    %systemroot%\system32\drivers\*.sys


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============


The next log will show us any hidden files that are present.
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 rcapper

rcapper
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Grove City, PA
  • Local time:06:26 PM

Posted 04 November 2009 - 11:03 AM

Hi Sam and thanks for taking the time to try and help me with this.
Okay, I have the 2 logs from OTL but when I try to run rootrepeal it hangs at initializing (never starts). Then after a while I get a message that the system is out of virtual mem and it's set too low. The odd thing s that there is space on the HD and it's set to auto. I tried to reboot but still the same problem. Right now I just dumped some memory hogs out of active memory and am waiting to see if it starts. If it does I'll post that log. I figured that I should let you know the current situation incase you want me to go about it a little differently.

Here's the OTl.txt log:

OTL logfile created on: 11/4/2009 10:00:11 AM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\frank cody\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 708.47 Mb Available Physical Memory | 69.32% Memory free
1.28 Gb Paging File | 1.08 Gb Available in Paging File | 84.41% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.96 Gb Total Space | 59.20 Gb Free Space | 83.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.58 Gb Total Space | 5.42 Gb Free Space | 71.49% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D91NMK51
Current User Name: frank cody
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/04 10:05:10 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\frank cody\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/22 16:08:48 | 00,712,416 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\sdhelp.exe
PRC - [2005/02/15 15:09:49 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2004/02/10 11:51:30 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2003/09/24 09:00:34 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
PRC - [2002/08/29 05:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\CIDAEMON.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/04 10:05:10 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\frank cody\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll
MOD - [2002/08/29 05:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SERWVDRV.DLL
MOD - [2002/08/29 05:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\UMDMXFRM.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Iomega Activity Disk2)
SRV - [2009/09/08 13:54:35 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca30b5d285767a)
SRV - [2009/04/25 05:34:28 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/11/22 16:08:48 | 00,712,416 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\sdhelp.exe -- (SDhelper)
SRV - [2005/09/15 16:41:38 | 00,053,248 | ---- | M] (GE Security Supra) -- c:\Program Files\GE Security Supra\SyncService.exe -- (DkeySync)
SRV - [2004/03/04 10:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/09/24 09:00:34 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-689962432-1487803163-935856766-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-689962432-1487803163-935856766-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-689962432-1487803163-935856766-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-689962432-1487803163-935856766-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKU\S-1-5-21-689962432-1487803163-935856766-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2....r={searchTerms}
IE - HKU\S-1-5-21-689962432-1487803163-935856766-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-689962432-1487803163-935856766-1007\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-689962432-1487803163-935856766-1007\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-689962432-1487803163-935856766-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-689962432-1487803163-935856766-1007\S-1-5-21-689962432-1487803163-935856766-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/06 07:50:41 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (PCTools Browser Monitor) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (PC Tools)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-689962432-1487803163-935856766-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-689962432-1487803163-935856766-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\iBackup.exe (Iomega Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\.DEFAULT..\Run: [Spyware Doctor] C:\Program Files\Spyware Doctor\swdoctor.exe (PCTools)
O4 - HKU\S-1-5-18..\Run: [Spyware Doctor] C:\Program Files\Spyware Doctor\swdoctor.exe (PCTools)
O4 - HKU\S-1-5-21-689962432-1487803163-935856766-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-689962432-1487803163-935856766-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-689962432-1487803163-935856766-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 2
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-689962432-1487803163-935856766-1007\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-689962432-1487803163-935856766-1007\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-689962432-1487803163-935856766-1007\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O15 - HKU\S-1-5-21-689962432-1487803163-935856766-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-689962432-1487803163-935856766-1007\..Trusted Domains: Interealty.com ([]* is out of zone range - 6)
O15 - HKU\S-1-5-21-689962432-1487803163-935856766-1007\..Trusted Domains: MLXchange.com ([]* is out of zone range - 6)
O15 - HKU\S-1-5-21-689962432-1487803163-935856766-1007\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos1.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} http://wpn.mlxchange.com/Control/MultiSelectComboBox.cab (Interealty MultiSelect)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} http://www2.verizon.net/micro/vol_toolbar/vzbb.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} https://web01.farvv.com/sn/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} http://wpn.mlxchange.com/Control/MLXClientUtils.cab (MLXchange Client Utils)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://wpn.mlxchange.com/3.0.09.83/Control/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab (MSN Games - Installer)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} http://download.verizon.net/sfp/Cabs/max_u...pdate_1-0-0.cab (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://entimg.msn.com/client/msnmusax2822.cab (Reg Error: Key error.)
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} http://216.249.24.62/code/iPIX-ImageWell-ipix.cab (iPIX Media Send Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.154.1.67 24.154.1.9
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 () - http://k2.secure-banking.com/1456a_files/images/topbar.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O27 - HKLM IFEO\d.exeF: Debugger - svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: ('autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*') - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/08/21 21:25:36 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/04 09:59:23 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\frank cody\Desktop\OTL.exe
[2009/11/04 09:59:23 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\frank cody\Desktop\RootRepeal.exe
[2009/11/03 09:31:19 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/02 08:00:54 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2009/10/31 10:21:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\$regcmp$
[2009/10/31 10:21:54 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Clean Expert
[2009/10/31 10:03:22 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/29 22:41:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\frank cody\My Documents\a-squared Free
[2009/10/29 22:36:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/29 22:36:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/29 22:36:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/28 10:44:32 | 00,000,000 | ---D | C] -- C:\Program Files\vsiclo
[2009/10/28 10:22:45 | 00,000,000 | ---D | C] -- C:\Program Files\VideoCodecs
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/04 10:07:22 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\frank cody\Desktop\RootRepeal.exe
[2009/11/04 10:05:10 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\frank cody\Desktop\OTL.exe
[2009/11/04 09:05:05 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/03 15:05:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/03 09:54:06 | 05,242,880 | ---- | M] () -- C:\Documents and Settings\frank cody\ntuser.dat
[2009/11/03 09:53:06 | 00,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/03 09:45:19 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/11/03 09:31:19 | 00,001,770 | ---- | M] () -- C:\Documents and Settings\frank cody\Desktop\HijackThis.lnk
[2009/11/02 07:59:59 | 00,000,320 | -HS- | M] () -- C:\WINDOWS\tasks\Jxlsgcgina.job
[2009/11/02 07:59:04 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/11/02 07:58:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/02 07:58:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/11/02 07:58:45 | 10,717,14304 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/01 12:18:10 | 00,000,613 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/11/01 12:18:10 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/11/01 12:18:10 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/11/01 03:31:50 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\frank cody\NTUSER.INI
[2009/11/01 02:09:09 | 00,472,050 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/11/01 02:09:09 | 00,082,402 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/11/01 02:09:08 | 00,565,890 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/31 10:21:54 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\frank cody\Desktop\Free Registry Defrag.lnk
[2009/10/31 10:03:22 | 00,001,584 | ---- | M] () -- C:\Documents and Settings\frank cody\Desktop\CCleaner.lnk
[2009/10/30 15:51:00 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Minesweeper.job
[2009/10/29 16:04:44 | 05,562,976 | -H-- | M] () -- C:\Documents and Settings\frank cody\Local Settings\Application Data\IconCache.db
[2009/10/28 10:46:39 | 00,178,432 | ---- | M] () -- C:\WINDOWS\System32\lsp.dll
[2009/10/28 10:21:46 | 00,041,984 | RHS- | M] () -- C:\WINDOWS\System32\ntrqf.dll
[2009/10/28 10:13:42 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/28 10:13:42 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/03 09:31:19 | 00,001,770 | ---- | C] () -- C:\Documents and Settings\frank cody\Desktop\HijackThis.lnk
[2009/11/02 07:58:45 | 10,717,14304 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/31 10:21:54 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\frank cody\Desktop\Free Registry Defrag.lnk
[2009/10/31 10:03:22 | 00,001,584 | ---- | C] () -- C:\Documents and Settings\frank cody\Desktop\CCleaner.lnk
[2009/10/29 22:37:00 | 00,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/28 10:46:39 | 00,178,432 | ---- | C] () -- C:\WINDOWS\System32\lsp.dll
[2009/10/28 10:21:46 | 00,041,984 | RHS- | C] () -- C:\WINDOWS\System32\ntrqf.dll
[2009/10/28 10:21:46 | 00,000,320 | -HS- | C] () -- C:\WINDOWS\tasks\Jxlsgcgina.job
[2009/09/10 05:58:01 | 05,562,976 | -H-- | C] () -- C:\Documents and Settings\frank cody\Local Settings\Application Data\IconCache.db
[2008/12/30 09:30:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/04 06:37:23 | 00,000,670 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/04/22 10:26:19 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\frank cody\Application Data\mpauth.dat
[2007/02/19 06:59:21 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/02/16 08:42:50 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2006/12/01 08:40:46 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/02 08:12:52 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\missouri.dll
[2006/07/07 12:59:01 | 00,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/29 23:34:04 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/04/13 22:18:24 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006/04/13 22:18:24 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006/04/13 22:18:24 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2005/10/07 15:29:24 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\TlxDlgUtil.dll
[2005/09/26 12:51:06 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/05/30 10:03:16 | 00,000,144 | ---- | C] () -- C:\WINDOWS\XWORDS2.INI
[2005/04/14 10:51:01 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\frank cody\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/29 00:58:20 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/03/29 00:58:10 | 00,847,872 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/03/14 12:31:09 | 00,001,052 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/26 12:56:38 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\BackupFileSet.dll
[2005/01/22 13:55:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\slingo5c.INI
[2004/12/22 15:40:17 | 00,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/12/03 16:48:29 | 00,000,181 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/12/03 16:48:29 | 00,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/10/01 11:02:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Hammerhead.INI
[2004/09/20 07:50:50 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/09 16:03:03 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\frank cody\Application Data\PFP120JPR.{PB
[2004/09/09 16:03:03 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\frank cody\Application Data\PFP120JCM.{PB
[2004/09/07 11:38:59 | 00,000,518 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/09/07 11:38:34 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2004/09/07 11:38:31 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2004/08/25 14:51:33 | 00,000,135 | ---- | C] () -- C:\Documents and Settings\frank cody\Local Settings\Application Data\fusioncache.dat
[2004/08/25 13:04:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\frank cody\Application Data\DESKTOP.INI
[2004/08/25 13:04:17 | 00,092,160 | ---- | C] () -- C:\Documents and Settings\frank cody\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/08/21 22:09:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/21 21:56:30 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/21 21:44:07 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/21 21:29:12 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/11 10:02:24 | 00,000,902 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/26 16:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/27 14:28:44 | 00,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 08:59:58 | 00,000,613 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 08:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/09/03 08:50:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[1999/09/20 09:05:32 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys

========== LOP Check ==========

[2009/09/10 06:01:38 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\0f2613b
[2009/01/04 04:01:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1954048782
[2004/08/21 22:00:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2007/03/18 22:14:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/27 08:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\frank cody\Application Data\acccore
[2007/01/27 08:28:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\frank cody\Application Data\AIM
[2007/01/27 08:29:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\frank cody\Application Data\AIMPro
[2005/12/03 13:21:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\frank cody\Application Data\Corel
[2008/12/25 08:26:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\frank cody\Application Data\InterTrust
[2005/08/24 11:49:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\frank cody\Application Data\Iomega Automatic Backup
[2004/08/26 12:03:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\frank cody\Application Data\Leadertech
[2006/07/07 14:35:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\frank cody\Application Data\MSNInstaller
[2008/12/26 10:56:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\frank cody\Application Data\RegistryDoctor2008
[2009/07/19 15:07:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\frank cody\Application Data\Snapfish
[2007/03/18 22:15:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\frank cody\Application Data\Viewpoint
[2009/01/02 12:02:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\frank cody\Application Data\Windows Desktop Search
[2009/01/03 20:39:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\frank cody\Application Data\Windows Search
[2002/08/29 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/01/01 16:54:00 | 00,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2009/11/02 07:59:59 | 00,000,320 | -HS- | M] () -- C:\WINDOWS\Tasks\Jxlsgcgina.job
[2009/10/30 15:51:00 | 00,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\Minesweeper.job
[2009/11/02 07:58:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >

< %systemroot%\system32\drivers\*.sys >
[2001/08/17 13:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ABP480N5.SYS
[2008/04/13 13:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\acpi.sys
[2002/08/29 05:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ACPIEC.SYS
[2001/08/17 14:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ADPU160M.SYS
[2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys
[2008/04/13 11:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\aec.sys
[2008/08/14 05:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2008/04/13 13:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\agpcpq.sys
[2001/08/17 13:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AHA154X.SYS
[2001/08/17 14:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78U2.SYS
[2001/08/17 14:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78XX.SYS
[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS
[2008/04/13 13:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\alim1541.sys
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys
[2008/04/13 13:31:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdk6.sys
[2008/04/13 13:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdk7.sys
[2001/08/17 13:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AMSINT.SYS
[2008/04/13 13:51:25 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\arp1394.sys
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS
[2001/08/17 13:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3350P.SYS
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS
[2008/04/13 13:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\asyncmac.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:29:29 | 00,056,623 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati1btxx.sys
[2004/08/04 00:29:29 | 00,011,615 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati1mdxx.sys
[2004/08/04 00:29:29 | 00,012,047 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati1pdxx.sys
[2004/08/04 00:29:30 | 00,030,671 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati1raxx.sys
[2004/08/04 00:29:30 | 00,063,663 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati1rvxx.sys
[2004/08/04 00:29:31 | 00,026,367 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati1snxx.sys
[2004/08/04 00:29:31 | 00,021,343 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati1ttxx.sys
[2004/08/04 00:29:31 | 00,036,463 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati1tuxx.sys
[2004/08/04 00:29:31 | 00,029,455 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati1xbxx.sys
[2004/08/04 00:29:31 | 00,034,735 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati1xsxx.sys
[2004/08/04 00:29:26 | 00,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtaa.sys
[2004/08/04 00:29:26 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
[2004/08/04 00:29:27 | 00,057,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\atinbtxx.sys
[2004/08/04 00:29:28 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\atinmdxx.sys
[2004/08/04 00:29:29 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\atinpdxx.sys
[2004/08/04 00:29:29 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\atinraxx.sys
[2004/08/04 00:29:30 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\atinrvxx.sys
[2004/08/04 00:29:30 | 00,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\atinsnxx.sys
[2004/08/04 00:29:30 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\atinttxx.sys
[2004/08/04 00:29:31 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\atintuxx.sys
[2004/08/04 00:29:31 | 00,031,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\atinxbxx.sys
[2004/08/04 00:29:31 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\atinxsxx.sys
[2008/04/13 13:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atmarpc.sys
[2002/08/29 05:00:00 | 00,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ATMEPVC.SYS
[2008/04/13 13:51:30 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atmlane.sys
[2002/08/29 05:00:00 | 00,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ATMUNI.SYS
[2001/08/17 13:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
[2003/04/24 16:21:50 | 00,006,025 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BASFND.sys
[2003/05/23 12:58:30 | 00,043,136 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys
[2008/04/13 13:46:21 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bdasup.sys
[2002/08/29 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS
[2008/04/13 13:53:23 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bridge.sys
[2008/04/13 13:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bthenum.sys
[2008/04/13 13:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bthmodem.sys
[2008/04/13 13:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bthpan.sys
[2008/06/13 06:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bthport.sys
[2008/04/13 13:46:31 | 00,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bthprint.sys
[2008/04/13 13:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bthusb.sys
[2003/08/28 18:58:40 | 00,004,272 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys
[2001/08/17 13:52:08 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CBIDF2K.SYS
[2008/04/13 13:46:23 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ccdecode.sys
[2001/08/17 13:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CD20XRNT.SYS
[2002/08/29 05:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAUDIO.SYS
[2008/04/13 14:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdfs.sys
[2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys
[2002/08/29 05:00:00 | 00,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CINEMST2.SYS
[2002/07/19 07:10:20 | 00,006,656 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\cinemsup.sys
[2008/04/13 14:16:22 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\classpnp.sys
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS
[2001/08/17 13:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CPQARRAY.SYS
[2002/08/29 05:00:00 | 00,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CPQDAP01.SYS
[2008/04/13 13:31:32 | 00,036,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\crusoe.sys
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS
[2001/08/17 13:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC960NT.SYS
[2008/04/13 13:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys
[2008/04/13 13:40:44 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\diskdump.sys
[2008/04/13 13:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\dmboot.sys
[2008/04/13 13:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\dmio.sys
[2002/08/29 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
[2008/04/13 13:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
[2001/08/17 14:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DPTI2O.SYS
[2008/04/13 13:45:14 | 00,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\drmk.sys
[2008/04/13 13:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys
[2004/02/13 03:21:00 | 00,086,160 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys
[2004/02/27 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys
[2002/08/29 05:00:00 | 00,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DXAPI.SYS
[2008/04/13 13:38:29 | 00,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\dxg.sys
[2002/08/29 05:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DXGTHK.SYS
[2001/08/17 12:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS
[2003/01/30 12:52:48 | 00,012,073 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\FAD.sys
[2003/01/30 12:52:50 | 00,011,904 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\FADXP32.sys
[2008/04/13 14:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\fastfat.sys
[2008/04/13 13:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\fdc.sys
[2008/04/13 13:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\fips.sys
[2008/04/13 13:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\flpydisk.sys
[2008/04/13 13:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys
[2002/08/29 05:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
[2002/08/29 05:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS
[2001/08/17 13:52:50 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
[2008/04/13 13:36:40 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\gagp30kx.sys
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\SYSTEM32\DRIVERS\hdaudbus.sys
[2008/04/13 13:46:30 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\hidbth.sys
[2008/04/13 13:45:26 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\hidclass.sys
[2008/04/13 13:45:26 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\hidir.sys
[2008/04/13 13:45:22 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\hidparse.sys
[2008/04/13 13:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
[2001/08/17 14:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPN.SYS
[2004/08/04 00:41:46 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\hsfbs2s2.sys
[2004/08/04 00:41:48 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\hsfcxts2.sys
[2004/08/04 00:41:54 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\hsfdpsp2.sys
[2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys
[2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys
[2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys
[2008/04/13 13:53:53 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\http.sys
[2008/04/13 13:41:22 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i2omgmt.sys
[2008/04/13 13:41:22 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i2omp.sys
[2008/04/13 14:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i8042prt.sys
[2004/08/04 00:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys
[2004/02/10 12:17:06 | 00,681,469 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys
[2008/04/13 13:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\imapi.sys
[2001/08/17 13:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\INI910U.SYS
[2008/04/13 13:40:29 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\intelide.sys
[2008/04/13 13:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys
[2003/09/24 09:00:34 | 00,032,658 | ---- | M] (Iomega Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IomDisk.sys
[2008/04/13 13:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys
[2002/08/29 05:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
[2008/04/13 13:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ipinip.sys
[2008/04/13 13:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ipnat.sys
[2008/04/13 14:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys
[2008/04/13 13:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys
[2008/04/13 13:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\isapnp.sys
[2008/04/13 13:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\kbdclass.sys
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
[2008/04/13 13:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\kmixer.sys
[2008/04/13 14:16:36 | 00,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ks.sys
[2009/06/24 06:18:41 | 00,092,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ksecdd.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
[2002/08/29 05:00:00 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MCD.SYS
[2003/04/09 13:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys
[2008/04/13 13:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mf.sys
[2002/08/29 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MNMDD.SYS
[2008/04/13 14:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\modem.sys
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys
[2007/06/18 19:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys
[2008/04/13 13:39:47 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mouclass.sys
[2001/08/17 13:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
[2008/04/13 13:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mountmgr.sys
[2008/04/13 13:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mpe.sys
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS
[2008/04/13 13:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxdav.sys
[2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys
[2008/04/13 13:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys
[2008/04/13 13:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\msfs.sys
[2008/04/13 13:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\msgpc.sys
[2008/04/13 13:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mskssrv.sys
[2008/04/13 13:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mspclock.sys
[2008/04/13 13:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mspqm.sys
[2008/04/13 13:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mssmbios.sys
[2008/04/13 13:39:50 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mstee.sys
[2004/08/04 00:41:38 | 00,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\SYSTEM32\DRIVERS\mtlmnt5.sys
[2004/08/04 00:41:37 | 01,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\SYSTEM32\DRIVERS\mtlstrm.sys
[2004/08/04 00:29:36 | 00,452,736 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mtxparhm.sys
[2008/04/13 14:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mup.sys
[2008/04/13 13:43:55 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mutohpen.sys
[2004/08/21 22:06:22 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys
[2008/04/13 13:46:25 | 00,085,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nabtsfec.sys
[2008/04/13 14:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys
[2008/04/13 13:46:22 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ndisip.sys
[2008/04/13 13:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ndistapi.sys
[2008/04/13 13:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ndisuio.sys
[2008/04/13 14:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ndiswan.sys
[2008/04/13 13:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ndproxy.sys
[2008/04/13 13:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\netbios.sys
[2008/04/13 14:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys
[2004/02/09 11:06:22 | 00,015,360 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys
[2008/04/13 13:51:25 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nic1394.sys
[2002/08/29 05:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\SYSTEM32\DRIVERS\NIKEDRV.SYS
[2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys
[2008/04/13 13:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\npfs.sys
[2008/04/13 14:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ntfs.sys
[2004/08/04 00:41:39 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\SYSTEM32\DRIVERS\ntmtlfax.sys
[2002/08/29 05:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS
[2004/08/04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys
[2002/08/29 05:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
[2002/08/29 05:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
[2008/04/13 13:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys
[2002/08/29 05:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS
[2002/08/29 05:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS
[2002/11/08 13:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys
[2002/08/29 05:00:00 | 00,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\OPRGHDLR.SYS
[2008/04/13 13:31:31 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\p3.sys
[2008/04/13 13:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\parport.sys
[2008/04/13 13:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\partmgr.sys
[2002/08/29 05:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PARVDM.SYS
[2008/04/13 13:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\pci.sys
[2001/08/17 13:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
[2008/04/13 13:40:29 | 00,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\pciidex.sys
[2008/04/13 13:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\pcmcia.sys
[2001/08/17 14:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2.SYS
[2001/08/17 14:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2HIB.SYS
[2008/04/13 14:19:41 | 00,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\portcls.sys
[2008/04/13 13:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys
[2008/04/13 13:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\psched.sys
[2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
[2004/03/03 02:02:00 | 00,020,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS
[2001/08/17 13:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL10WNT.SYS
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS
[2001/08/17 13:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1240.SYS
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS
[2002/08/29 05:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
[2008/04/13 14:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\rasl2tp.sys
[2008/04/13 13:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\raspppoe.sys
[2008/04/13 14:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\raspptp.sys
[2002/08/29 05:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
[2002/08/29 05:00:00 | 00,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\RAWWAN.SYS
[2008/04/13 14:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\rdbss.sys
[2002/08/29 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
[2008/04/13 13:32:51 | 00,196,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\rdpdr.sys
[2008/04/13 19:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\rdpwd.sys
[2004/08/04 00:41:39 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\SYSTEM32\DRIVERS\recagent.sys
[2008/04/13 13:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
[2008/04/13 13:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\rfcomm.sys
[2002/08/29 05:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\SYSTEM32\DRIVERS\RIO8DRV.SYS
[2002/08/29 05:00:00 | 00,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\SYSTEM32\DRIVERS\RIODRV.SYS
[2008/05/08 09:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\rmcast.sys
[2008/04/13 13:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\rndismp.sys
[2008/04/13 13:56:49 | 00,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\rndismpx.sys
[2002/08/29 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS
[2004/08/04 00:29:51 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\s3gnbm.sys
[2008/04/13 13:40:30 | 00,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\scsiport.sys
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sdbus.sys
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys
[2008/04/13 13:40:12 | 00,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\serenum.sys
[2008/04/13 14:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys
[2008/04/13 13:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sffdisk.sys
[2008/04/13 13:40:48 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
[2008/04/13 13:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sffp_sd.sys
[2008/04/13 13:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfloppy.sys
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys
[2005/08/08 14:37:12 | 00,055,312 | ---- | M] (MCCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\slabbus.sys
[2005/08/08 14:37:12 | 00,006,144 | ---- | M] (MCCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\slabcm.sys
[2005/08/08 14:37:12 | 00,006,144 | ---- | M] (MCCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\slabcmnt.sys
[2005/08/08 14:37:12 | 00,089,808 | ---- | M] (MCCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\slabser.sys
[2005/08/08 14:37:12 | 00,005,776 | ---- | M] (MCCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\slabwh.sys
[2005/08/08 14:37:12 | 00,005,776 | ---- | M] (MCCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\slabwhnt.sys
[2008/04/13 13:46:23 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\slip.sys
[2004/08/04 00:41:40 | 00,129,535 | ---- | M] (Smart Link) -- C:\WINDOWS\SYSTEM32\DRIVERS\slnt7554.sys
[2004/08/04 00:41:42 | 00,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\SYSTEM32\DRIVERS\slntamr.sys
[2004/08/04 00:41:44 | 00,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\SYSTEM32\DRIVERS\slnthal.sys
[2004/08/04 00:41:45 | 00,013,240 | ---- | M] (Smart Link) -- C:\WINDOWS\SYSTEM32\DRIVERS\slwdmsup.sys
[2008/04/13 13:36:34 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\smbali.sys
[2002/08/29 05:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SMCLIB.SYS
[2003/04/08 10:30:48 | 00,003,744 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smsens.sys
[2003/11/18 11:38:32 | 00,591,808 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys
[2008/04/13 13:46:07 | 00,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sonydcam.sys
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS
[2008/04/13 13:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
[2008/04/13 13:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sr.sys
[2008/12/11 05:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys
[2004/01/14 19:18:16 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys
[2004/01/14 19:18:04 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys
[2008/04/13 13:45:15 | 00,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\stream.sys
[2008/04/13 13:46:21 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\streamip.sys
[2008/04/13 13:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\swenum.sys
[2008/04/13 13:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\swmidi.sys
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS
[2008/04/13 14:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sysaudio.sys
[2008/04/13 13:40:50 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\tape.sys
[2008/06/20 06:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
[2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys
[2008/04/13 14:00:05 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\tdi.sys
[2008/04/13 19:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\tdpipe.sys
[2008/04/13 19:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\tdtcp.sys
[2008/04/13 19:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
[2002/08/29 05:00:00 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\TOSDVD.SYS
[2001/08/17 13:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\TOSIDE.SYS
[2002/08/29 05:00:00 | 00,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\TSBVCAP.SYS
[2008/04/13 13:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\tunmp.sys
[2008/04/13 13:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\uagp35.sys
[2008/04/13 13:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\udfs.sys
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS
[2008/04/13 13:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\update.sys
[2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys
[2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023x.sys
[2008/04/13 13:45:40 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbcamd.sys
[2008/04/13 13:45:41 | 00,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbcamd2.sys
[2002/08/29 05:00:00 | 00,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\USBD.SYS
[2008/04/13 13:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys
[2008/04/13 13:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbhub.sys
[2008/04/13 13:45:43 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbintel.sys
[2008/04/13 13:45:36 | 00,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbport.sys
[2008/04/13 13:47:37 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
[2008/04/13 13:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
[2008/04/13 13:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys
[2008/04/13 13:45:35 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbuhci.sys
[2008/04/13 13:46:20 | 00,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbvideo.sys
[2002/08/29 05:00:00 | 00,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\VDMINDVD.SYS
[2008/04/13 13:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\vga.sys
[2008/04/13 13:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys
[2008/04/13 13:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaide.sys
[2008/04/13 13:44:40 | 00,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\videoprt.sys
[2008/04/13 13:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\volsnap.sys
[2008/04/13 13:43:55 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wacompen.sys
[2004/08/04 00:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys
[2004/08/04 00:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys
[2004/08/04 00:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys
[2004/08/04 00:29:38 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv07nt.sys
[2004/08/04 00:29:39 | 00,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv08nt.sys
[2004/08/04 00:29:40 | 00,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv09nt.sys
[2004/08/04 00:29:40 | 00,011,935 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv11nt.sys
[2008/04/13 13:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanarp.sys
[2003/01/10 17:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys
[2004/08/04 00:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys
[2004/08/04 00:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys
[2004/08/04 00:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys
[2004/08/04 00:29:44 | 00,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv06nt.sys
[2004/08/04 00:29:45 | 00,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv10nt.sys
[2004/08/04 00:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wdf01000.sys
[2006/11/02 06:22:52 | 00,032,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wdfldr.sys
[2008/04/13 14:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wdmaud.sys
[2002/08/29 05:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WMILIB.SYS
[2006/10/18 20:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wpdusb.sys
[2002/08/29 05:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS
[2004/08/04 00:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys
[2008/04/13 13:46:24 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wstcodec.sys
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WudfPf.sys
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WudfRd.sys
[2004/08/04 00:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys
< End of report >


And here's the Extras.txt log:

OTL Extras logfile created on: 11/4/2009 10:00:11 AM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\frank cody\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 708.47 Mb Available Physical Memory | 69.32% Memory free
1.28 Gb Paging File | 1.08 Gb Available in Paging File | 84.41% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.96 Gb Total Space | 59.20 Gb Free Space | 83.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.58 Gb Total Space | 5.42 Gb Free Space | 71.49% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D91NMK51
Current User Name: frank cody
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = aolfile_HTM] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-689962432-1487803163-935856766-1007\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\0f2613b\WI0f26.exe" = C:\Documents and Settings\All Users\Application Data\0f2613b\WI0f26.exe:*:Enabled:Windows Security Suite -- File not found
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE" = C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE -- (Lexmark International, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{42ABF3F2-2C5E-43FA-BBFF-58E4295F23CA}" = Iomega Automatic Backup
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4F144274-355F-4BD3-9F39-639801EEF4DA}" = Web Photo Manager
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo Printer 720" = Dell Photo Printer 720
"DisplayKEY Sync_is1" = DisplayKEY USB Cradle version 0.7.2
"DUCCOMM&1560&0003" = CP210x USB to UART Bridge Controller
"Free Registry Defrag_is1" = Free Registry Defrag
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{42ABF3F2-2C5E-43FA-BBFF-58E4295F23CA}" = Iomega Automatic Backup
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenSSL_is1" = OpenSSL 0.9.7f
"PokerStars" = PokerStars
"QuickTime" = QuickTime
"Shockwave" = Shockwave
"Spyware Doctor_is1" = Spyware Doctor 3.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-689962432-1487803163-935856766-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodecsVideo" = VideoCodecs

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2009 4:57:36 PM | Computer Name = D91NMK51 | Source = MsiInstaller | ID = 11706
Description = Product: Jasc Paint Shop Pro 8 Dell Edition -- Error 1706.No valid
source could be found for product Jasc Paint Shop Pro 8 Dell Edition. The Windows
Installer cannot continue.

Error - 7/28/2009 3:02:18 PM | Computer Name = D91NMK51 | Source = Application Hang | ID = 1002
Description = Hanging application WI0f26.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2009 2:20:09 PM | Computer Name = D91NMK51 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2009 9:27:02 AM | Computer Name = D91NMK51 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2009 9:27:05 AM | Computer Name = D91NMK51 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16876, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2009 10:23:11 AM | Computer Name = D91NMK51 | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)


Error - 9/28/2009 10:23:11 AM | Computer Name = D91NMK51 | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 9/28/2009 10:23:11 AM | Computer Name = D91NMK51 | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 9/28/2009 10:23:11 AM | Computer Name = D91NMK51 | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 9/29/2009 4:07:54 PM | Computer Name = D91NMK51 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Windows Application,
SystemIndex Catalog

[ System Events ]
Error - 11/2/2009 10:01:19 AM | Computer Name = D91NMK51 | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 8 time(s).

Error - 11/2/2009 10:01:25 AM | Computer Name = D91NMK51 | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 9 time(s).

Error - 11/2/2009 10:29:16 AM | Computer Name = D91NMK51 | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 10 time(s).

Error - 11/2/2009 10:29:21 AM | Computer Name = D91NMK51 | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 11 time(s).

Error - 11/2/2009 10:29:27 AM | Computer Name = D91NMK51 | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 12 time(s).

Error - 11/2/2009 10:29:32 AM | Computer Name = D91NMK51 | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 13 time(s).

Error - 11/2/2009 10:29:38 AM | Computer Name = D91NMK51 | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 14 time(s).

Error - 11/2/2009 10:29:43 AM | Computer Name = D91NMK51 | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 15 time(s).

Error - 11/2/2009 10:29:49 AM | Computer Name = D91NMK51 | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 16 time(s).

Error - 11/4/2009 8:59:44 AM | Computer Name = D91NMK51 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

Thanks again.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:26 PM

Posted 04 November 2009 - 07:47 PM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 rcapper

rcapper
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Grove City, PA
  • Local time:06:26 PM

Posted 05 November 2009 - 09:55 AM

Here is the combofix log as requested.

ComboFix 09-11-01.04 - frank cody 11/05/2009 9:06.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.714 [GMT -5:00]
Running from: c:\documents and settings\frank cody\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\frank cody\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\frank cody\Application Data\RegistryDoctor2008
c:\documents and settings\frank cody\Application Data\RegistryDoctor2008\Logs\scns.log
c:\documents and settings\frank cody\err.log
c:\documents and settings\frank cody\ResErrors.log
c:\program files\Common Files\System\Uninstall
c:\windows\system32\drivers\fad.sys
c:\windows\system32\lsp.dll
c:\windows\system32\winsrc.dll.tmp

.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-03 14:31 . 2009-11-03 14:31 -------- d-----w- c:\program files\Trend Micro
2009-11-02 13:00 . 2009-11-02 13:00 -------- d-----w- c:\program files\Windows Resource Kits
2009-11-01 08:34 . 2009-11-01 17:01 92160 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-31 15:21 . 2009-10-31 16:08 -------- d-----w- c:\windows\$regcmp$
2009-10-31 15:21 . 2009-10-31 15:21 -------- d-----w- c:\program files\Registry Clean Expert
2009-10-31 15:03 . 2009-10-31 15:03 -------- d-----w- c:\program files\CCleaner
2009-10-30 03:36 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 03:36 . 2009-11-03 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-30 03:36 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 15:44 . 2009-10-30 03:57 -------- d-----w- c:\program files\vsiclo
2009-10-28 15:22 . 2009-10-28 15:22 -------- d-----w- c:\program files\VideoCodecs
2009-10-28 15:21 . 2009-10-28 15:21 41984 --sha-r- c:\windows\system32\ntrqf.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 14:49 . 2004-08-22 03:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-02 16:02 . 2004-08-22 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-01 17:04 . 2009-01-02 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-28 18:27 . 2008-03-07 18:56 -------- d-----w- c:\program files\PokerStars
2009-10-18 14:49 . 2009-09-28 13:20 -------- d-----w- c:\program files\xrjpto
2009-09-29 23:19 . 2009-09-10 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-29 23:13 . 2004-08-22 02:57 -------- d-----w- c:\program files\Common Files\Real
2009-09-11 14:18 . 2004-09-20 12:50 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 11:01 . 2009-07-28 19:00 -------- d-sh--w- c:\documents and settings\All Users\Application Data\0f2613b
2009-09-10 10:59 . 2002-08-29 10:00 12699 --sha-r- c:\windows\system32\drivers\hosts
2009-09-08 18:56 . 2003-08-05 17:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-08 18:55 . 2003-08-05 17:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-08 18:55 . 2005-11-15 20:11 -------- d-----w- c:\program files\Google
2009-09-04 21:03 . 2004-09-20 12:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-06-23 15:33 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2007-08-03 14:15 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-09-20 12:51 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-09-20 12:50 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-12 18:01 . 2004-08-25 18:04 92160 ----a-w- c:\documents and settings\frank cody\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-10-02 14:25 . 2004-12-22 20:40 952 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-15 98304]
"Iomega Automatic Backup 1.0.1"="c:\program files\Iomega\Iomega Automatic Backup\ibackup.exe" [2003-06-12 3014656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2005-11-24 1947872]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=

S2 gupdate1ca30b5d285767a;Google Update Service (gupdate1ca30b5d285767a);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2009 1:54 PM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2004-09-20 00:12]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-08 18:54]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-08 18:54]

2009-10-30 c:\windows\Tasks\Minesweeper.job
- c:\windows\SYSTEM32\winmine.exe [2002-08-29 10:00]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm304YYUS&fl=0&ptb=WcuiuCFCyQC_Zjq40fQQGA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://wpn.mlxchange.com/Control/MultiSelectComboBox.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://wpn.mlxchange.com/Control/MLXClientUtils.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://wpn.mlxchange.com/3.0.09.83/Control/IRCSharc.cab
DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - hxxp://download.verizon.net/sfp/Cabs/max_update/cVOLUpdate_1-0-0.cab
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 09:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2672)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\ge security supra\syncservice.exe
c:\program files\GE Security Supra\ProxyDaemon.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Spyware Doctor\sdhelp.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2009-11-05 9:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-05 14:41

Pre-Run: 63,488,352,256 bytes free
Post-Run: 63,544,340,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 5EA6AC55287B82BEB8A1944E5A56062C

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:26 PM

Posted 05 November 2009 - 06:46 PM

How is your computer behaving now?
What issues are you still having?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 rcapper

rcapper
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Grove City, PA
  • Local time:06:26 PM

Posted 05 November 2009 - 07:22 PM

Well, I was able to install my anti-virus and I just put super anti-spyware on as well. Everything else seems to be running good also. I've got a scan running now and think I can cover it from here if anything does pop up. Thank you very much for all of your time.
One last quick question before you close this thread. What would you recommend as a resource to learn how to correct problems like this both for myself and to be able to help others? I'm an IT professional but I mostly work on servers and networking. I've been googleing for days now and am not sure where to start. Thanks for any input you may have.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:26 PM

Posted 06 November 2009 - 07:43 AM

Check out this link.
http://www.bleepingcomputer.com/forums/t/86678/malware-removal-training-program/

There are other similar programs offered at other sites if the waiting list is long here at BC.
http://www.uniteagainstmalware.com/schools.php



We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users